Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Potential spyware which installs an antivirus and then affects program


  • This topic is locked This topic is locked

#1
whimsyandspark218

whimsyandspark218

    New Member

  • Member
  • Pip
  • 8 posts
Hi there! So I'm not 100% sure if this is Malware, Spyware or what. Unfortunately, I'm also unclear as to how I got this problem as I wasn't doing anything out of the ordinary or even downloading anything at the time I got it. It started by closing firefox and then running an antivirus program that I didn't conciously open. I can't recall the name of the antivirus. I closed the window and tried to run superspyware and it just refused to let it open. I restarted my computer in safe mode but it still wouldn't let me run any of my antivirus programs. I downloaded Spybot because I wasn't able to get Panda Active Scan and after running and removing a bunch of infections, I restarted my computer.

Once I restarted it in safe mode with networking, my icons were back but they were faded looking. Then I downloaded and ran Malwarebytes Anti Malware and after restarting my computer again, my icons were all suddenly gone with the exception of Malwarebytes and the My Computer icon. Even in the start menu, there was only those three options. At one point when I would restart my computer in normal mode, a bunch of window would open and close with command prompts and system 32 messages, although that hasn't happened the last couple of times. I visited geeks to go while in SM with networking and downloaded and ran SuperAntiSpyware quick scan and it got rid of a bunch of adtracking cookies. Then I ran regular SuperAntiSpyware from my computer and it only deleted 1 adtracking cookie, but changed nothing else. Whenever I try to run anything while in regular mode, my computer moves super slowly and doesn't usually open what i was trying to run. That's about it.

ETA: Ok I lied. In the time it took me to run the Oldtimer log and type this up, my icons reappeared. All except the newly added ones (malwarebytes, otl, etc) are faded looking, but seemingly functional.

ETA 2: In the time it took me to add the original ETA, all my icons disappeared again. WHAT IS HAPPENING!?!


Here's the Oldtimer log

OTL logfile created on: 9/13/2011 9:29:32 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Deeana\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 652.30 Mb Available Physical Memory | 68.06% Memory free
2.26 Gb Paging File | 2.09 Gb Available in Paging File | 92.34% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.80 Gb Total Space | 2.11 Gb Free Space | 3.03% Space Free | Partition Type: NTFS

Computer Name: JACK | User Name: Deeana | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 21:28:15 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deeana\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2004/08/10 05:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/08/03 00:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/14 18:47:38 | 000,103,336 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2008/12/01 12:01:02 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2006/09/04 20:54:44 | 000,880,722 | ---- | M] (Trend Micro Incorporated.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe -- (PcCtlCom)
SRV - [2005/08/30 09:47:46 | 000,585,792 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe -- (TmPfw)
SRV - [2005/08/30 09:47:46 | 000,290,889 | ---- | M] (Trend Micro Incorporated.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe -- (Tmntsrv)
SRV - [2005/08/30 09:47:46 | 000,262,215 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe -- (tmproxy)
SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/15 14:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (Tmfilter)
DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (Tmpreflt)
DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\VsapiNT.sys -- (Vsapint)
DRV - [2008/09/03 15:07:16 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/09/03 15:07:14 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/09/03 15:07:12 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/05/23 17:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/08/15 03:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 06:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/05 07:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/06/18 21:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/30 09:47:52 | 000,038,528 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi)
DRV - [2005/08/30 09:47:50 | 001,884,585 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\tm_cfw.sys -- (tm_cfw)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dee-bloom218....not communities
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://dee-bloom218....ot communities"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.93
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Deeana\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 08:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/04 16:51:18 | 000,000,000 | ---D | M]

[2009/02/17 20:21:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Deeana\Application Data\Mozilla\Extensions
[2011/09/08 08:58:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Deeana\Application Data\Mozilla\Firefox\Profiles\9g563bcs.default\extensions
[2010/08/29 21:10:05 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Deeana\Application Data\Mozilla\Firefox\Profiles\9g563bcs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/23 22:57:43 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Deeana\Application Data\Mozilla\Firefox\Profiles\9g563bcs.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/08/08 23:57:34 | 000,000,000 | -H-D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Deeana\Application Data\Mozilla\Firefox\Profiles\9g563bcs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/23 22:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 22:09:07 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/27 22:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 11:36:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/15 15:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/08 21:13:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DEEANA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9G563BCS.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2010/11/27 22:58:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/08 08:58:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/04 16:50:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/12 08:11:16 | 000,436,608 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15043 more lines...
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Dynex Live! Central 2] C:\Program Files\Dynex\Live! Cam\Live! Central\DnLVCentral2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe (Trend Micro Incorporated.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Deeana\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Deeana\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D34AD15-E4D7-4222-8414-731768865A65}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - http://www.livejourn...52845402/588610
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Deeana\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Deeana\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/25 15:11:22 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 21:28:13 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deeana\Desktop\OTL.exe
[2011/09/12 22:59:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Deeana\Recent
[2011/09/12 02:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/12 02:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/12 02:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/12 02:05:50 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/09/12 01:48:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Deeana\Start Menu\Programs\System Recovery
[2011/08/23 22:08:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2 C:\Documents and Settings\Deeana\My Documents\*.tmp files -> C:\Documents and Settings\Deeana\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/13 21:28:15 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deeana\Desktop\OTL.exe
[2011/09/13 21:09:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/13 21:09:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/13 19:58:17 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/13 19:43:05 | 017,106,432 | ---- | M] () -- C:\Documents and Settings\Deeana\Desktop\SAS_542B7378.COM
[2011/09/12 23:38:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/12 22:40:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/12 08:10:20 | 000,004,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/09/12 02:20:04 | 000,000,933 | -H-- | M] () -- C:\Documents and Settings\Deeana\Desktop\Spybot - Search & Destroy.lnk
[2011/09/12 01:48:41 | 000,000,841 | -H-- | M] () -- C:\Documents and Settings\Deeana\Desktop\System Recovery.lnk
[2011/09/08 21:26:26 | 000,102,912 | -H-- | M] () -- C:\Documents and Settings\Deeana\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/06 11:05:48 | 000,070,765 | -H-- | M] () -- C:\Documents and Settings\Deeana\My Documents\Fort_Greene_Rental_Application.pdf
[2011/09/05 19:12:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 10:35:58 | 000,004,430 | -H-- | M] () -- C:\Documents and Settings\Deeana\Desktop\randoms.rtf
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/27 13:32:00 | 000,003,422 | -H-- | M] () -- C:\Documents and Settings\Deeana\Desktop\hulu queue.rtf
[2011/08/25 03:00:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\Documents and Settings\Deeana\My Documents\*.tmp files -> C:\Documents and Settings\Deeana\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/13 19:43:05 | 017,106,432 | ---- | C] () -- C:\Documents and Settings\Deeana\Desktop\SAS_542B7378.COM
[2011/09/12 23:37:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/12 02:20:04 | 000,000,933 | -H-- | C] () -- C:\Documents and Settings\Deeana\Desktop\Spybot - Search & Destroy.lnk
[2011/09/12 01:48:41 | 000,000,841 | -H-- | C] () -- C:\Documents and Settings\Deeana\Desktop\System Recovery.lnk
[2011/09/06 11:05:48 | 000,070,765 | -H-- | C] () -- C:\Documents and Settings\Deeana\My Documents\Fort_Greene_Rental_Application.pdf
[2011/08/27 22:39:00 | 000,004,430 | -H-- | C] () -- C:\Documents and Settings\Deeana\Desktop\randoms.rtf
[2011/01/17 00:58:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/07 23:54:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/03 11:32:03 | 000,064,632 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/04 02:49:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/01 21:15:04 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2008/12/01 21:07:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Work - Home
[2008/12/01 21:07:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\deskjet
[2008/03/01 19:29:29 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/03/01 18:51:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2008/03/01 18:51:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Deeana\Application Data\docInfo
[2008/01/09 15:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/04/09 10:31:48 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/03/07 00:03:27 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/11/01 03:04:25 | 000,007,380 | -H-- | C] () -- C:\Documents and Settings\Deeana\Application Data\wklnhst.dat
[2006/10/28 02:11:08 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/10/28 01:39:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/26 03:20:27 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/26 03:20:27 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\971348812A.sys
[2006/10/26 00:31:50 | 000,102,912 | -H-- | C] () -- C:\Documents and Settings\Deeana\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/25 02:35:30 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\Deeana\Local Settings\Application Data\fusioncache.dat
[2006/10/21 15:42:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/21 15:36:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/21 15:31:47 | 000,004,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/21 15:28:54 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/10/21 15:26:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/21 15:03:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2006/10/21 15:02:52 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/21 15:02:51 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/21 15:02:51 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/21 15:02:51 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/21 15:02:50 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/21 15:02:50 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/21 15:02:50 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/21 15:02:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/21 15:02:49 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/21 15:02:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/21 15:02:49 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/21 15:01:46 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,446,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/10/14 01:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/03/01 19:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/07/29 03:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/07/11 23:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/01/06 03:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/01 19:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/08/16 21:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/16 02:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/03 01:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 23:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/07/08 02:33:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\3M
[2010/10/14 01:33:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\acccore
[2006/10/28 01:04:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Aim
[2011/01/17 01:34:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Dynex
[2010/06/22 23:47:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Facebook
[2007/07/08 02:34:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\GetRightToGo
[2009/03/25 23:36:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\IsolatedStorage
[2006/10/28 01:41:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Leadertech
[2007/02/16 17:27:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\LimeWire
[2008/11/07 15:02:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\LinkedIn
[2009/07/11 23:01:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\NCH Swift Sound
[2008/03/01 18:52:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Nikon
[2007/03/07 23:37:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Opera
[2011/04/13 00:43:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\QuickScan
[2011/08/08 23:59:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\StumbleUpon
[2006/11/01 03:04:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Template
[2008/03/01 20:09:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Wal-Mart Digital Photo Viewer
[2007/07/31 19:03:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Deeana\Application Data\Walgreens

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello whimsyandspark218 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/09/12 01:48:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Deeana\Start Menu\Programs\System Recovery
    [2011/09/12 01:48:41 | 000,000,841 | -H-- | C] () -- C:\Documents and Settings\Deeana\Desktop\System Recovery.lnk
    [2006/10/26 03:20:27 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/10/26 03:20:27 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\971348812A.sys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles


Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
whimsyandspark218

whimsyandspark218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
========== OTL ==========
C:\Documents and Settings\Deeana\Start Menu\Programs\System Recovery folder moved successfully.
C:\Documents and Settings\Deeana\Desktop\System Recovery.lnk moved successfully.
C:\WINDOWS\system32\KGyGaAvL.sys moved successfully.
C:\WINDOWS\system32\971348812A.sys moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Deeana\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Deeana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.28.0 log created on 09192011_222326
  • 0

#4
whimsyandspark218

whimsyandspark218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
2011/09/19 22:42:13.0146 2236 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/19 22:42:13.0755 2236 ================================================================================
2011/09/19 22:42:13.0755 2236 SystemInfo:
2011/09/19 22:42:13.0755 2236
2011/09/19 22:42:13.0755 2236 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/19 22:42:13.0755 2236 Product type: Workstation
2011/09/19 22:42:13.0755 2236 ComputerName: JACK
2011/09/19 22:42:13.0755 2236 UserName: Deeana
2011/09/19 22:42:13.0755 2236 Windows directory: C:\WINDOWS
2011/09/19 22:42:13.0755 2236 System windows directory: C:\WINDOWS
2011/09/19 22:42:13.0755 2236 Processor architecture: Intel x86
2011/09/19 22:42:13.0755 2236 Number of processors: 1
2011/09/19 22:42:13.0755 2236 Page size: 0x1000
2011/09/19 22:42:13.0755 2236 Boot type: Normal boot
2011/09/19 22:42:13.0755 2236 ================================================================================
2011/09/19 22:42:15.0333 2236 Initialize success
2011/09/19 22:42:27.0427 3032 ================================================================================
2011/09/19 22:42:27.0427 3032 Scan started
2011/09/19 22:42:27.0427 3032 Mode: Manual;
2011/09/19 22:42:27.0427 3032 ================================================================================
2011/09/19 22:42:28.0318 3032 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/19 22:42:28.0380 3032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/19 22:42:28.0443 3032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/19 22:42:28.0521 3032 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/19 22:42:28.0568 3032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/19 22:42:28.0646 3032 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/19 22:42:28.0724 3032 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/19 22:42:28.0771 3032 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/19 22:42:28.0833 3032 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/19 22:42:28.0896 3032 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/19 22:42:28.0943 3032 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/19 22:42:29.0005 3032 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/19 22:42:29.0068 3032 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/19 22:42:29.0115 3032 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/19 22:42:29.0162 3032 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/09/19 22:42:29.0224 3032 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/19 22:42:29.0287 3032 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/19 22:42:29.0333 3032 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/19 22:42:29.0380 3032 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/19 22:42:29.0474 3032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/19 22:42:29.0521 3032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/19 22:42:29.0599 3032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/19 22:42:29.0662 3032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/19 22:42:29.0693 3032 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/09/19 22:42:29.0724 3032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/19 22:42:29.0818 3032 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/09/19 22:42:29.0958 3032 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/19 22:42:29.0990 3032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/19 22:42:30.0052 3032 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/19 22:42:30.0099 3032 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/19 22:42:30.0162 3032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/19 22:42:30.0208 3032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/19 22:42:30.0271 3032 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/19 22:42:30.0380 3032 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/19 22:42:30.0474 3032 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/19 22:42:30.0537 3032 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
2011/09/19 22:42:30.0599 3032 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/19 22:42:30.0630 3032 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/19 22:42:30.0677 3032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/19 22:42:30.0740 3032 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/09/19 22:42:30.0755 3032 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/09/19 22:42:30.0787 3032 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/09/19 22:42:30.0818 3032 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/09/19 22:42:30.0849 3032 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/09/19 22:42:30.0896 3032 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/09/19 22:42:30.0912 3032 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/09/19 22:42:30.0943 3032 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/09/19 22:42:30.0974 3032 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/09/19 22:42:31.0052 3032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/19 22:42:31.0115 3032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/19 22:42:31.0146 3032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/19 22:42:31.0193 3032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/19 22:42:31.0240 3032 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/19 22:42:31.0255 3032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/19 22:42:31.0287 3032 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/09/19 22:42:31.0302 3032 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/09/19 22:42:31.0427 3032 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/09/19 22:42:31.0474 3032 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/19 22:42:31.0521 3032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/19 22:42:31.0552 3032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/19 22:42:31.0615 3032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/19 22:42:31.0646 3032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/19 22:42:31.0677 3032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/19 22:42:31.0708 3032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/19 22:42:31.0740 3032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/19 22:42:31.0787 3032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/19 22:42:31.0818 3032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/19 22:42:31.0865 3032 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/19 22:42:31.0896 3032 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/19 22:42:31.0943 3032 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/19 22:42:32.0005 3032 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/19 22:42:32.0037 3032 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/19 22:42:32.0099 3032 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/19 22:42:32.0130 3032 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/09/19 22:42:32.0177 3032 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/19 22:42:32.0521 3032 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/19 22:42:32.0599 3032 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/19 22:42:32.0615 3032 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/19 22:42:32.0646 3032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/19 22:42:32.0677 3032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/19 22:42:32.0724 3032 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/19 22:42:32.0771 3032 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/19 22:42:32.0818 3032 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/19 22:42:32.0865 3032 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/19 22:42:32.0896 3032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/19 22:42:32.0927 3032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/19 22:42:32.0974 3032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/19 22:42:33.0005 3032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/19 22:42:33.0052 3032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/19 22:42:33.0083 3032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/19 22:42:33.0115 3032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/19 22:42:33.0130 3032 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/19 22:42:33.0146 3032 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/19 22:42:33.0193 3032 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/19 22:42:33.0287 3032 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/19 22:42:33.0318 3032 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/19 22:42:33.0349 3032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/19 22:42:33.0380 3032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/19 22:42:33.0396 3032 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/19 22:42:33.0427 3032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/19 22:42:33.0458 3032 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/19 22:42:33.0505 3032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/19 22:42:33.0537 3032 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/19 22:42:33.0568 3032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/19 22:42:33.0630 3032 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/19 22:42:33.0677 3032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/19 22:42:33.0724 3032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/19 22:42:33.0740 3032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/19 22:42:33.0771 3032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/19 22:42:33.0787 3032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/19 22:42:33.0833 3032 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/19 22:42:33.0896 3032 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/19 22:42:33.0943 3032 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/19 22:42:34.0005 3032 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/19 22:42:34.0037 3032 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/19 22:42:34.0083 3032 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/19 22:42:34.0115 3032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/19 22:42:34.0130 3032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/19 22:42:34.0177 3032 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/19 22:42:34.0193 3032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/19 22:42:34.0224 3032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/19 22:42:34.0271 3032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/19 22:42:34.0318 3032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/19 22:42:34.0349 3032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/19 22:42:34.0490 3032 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/19 22:42:34.0583 3032 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
2011/09/19 22:42:34.0630 3032 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
2011/09/19 22:42:34.0662 3032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/19 22:42:34.0693 3032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/19 22:42:34.0724 3032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/19 22:42:34.0771 3032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/19 22:42:34.0802 3032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/19 22:42:34.0849 3032 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/09/19 22:42:34.0880 3032 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/19 22:42:34.0912 3032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/19 22:42:34.0958 3032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/19 22:42:35.0052 3032 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/19 22:42:35.0099 3032 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/19 22:42:35.0162 3032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/19 22:42:35.0193 3032 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/19 22:42:35.0224 3032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/19 22:42:35.0255 3032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/19 22:42:35.0271 3032 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/19 22:42:35.0302 3032 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/19 22:42:35.0333 3032 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/19 22:42:35.0349 3032 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/19 22:42:35.0380 3032 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/19 22:42:35.0412 3032 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/19 22:42:35.0427 3032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/19 22:42:35.0443 3032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/19 22:42:35.0490 3032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/19 22:42:35.0505 3032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/19 22:42:35.0537 3032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/19 22:42:35.0552 3032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/19 22:42:35.0583 3032 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/19 22:42:35.0646 3032 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/19 22:42:35.0677 3032 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/19 22:42:35.0787 3032 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/19 22:42:35.0818 3032 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/09/19 22:42:35.0818 3032 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/09/19 22:42:35.0896 3032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/19 22:42:35.0927 3032 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/19 22:42:35.0958 3032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/19 22:42:36.0005 3032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/19 22:42:36.0068 3032 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/19 22:42:36.0115 3032 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/19 22:42:36.0162 3032 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/19 22:42:36.0193 3032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/19 22:42:36.0255 3032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/19 22:42:36.0302 3032 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/19 22:42:36.0412 3032 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/19 22:42:36.0458 3032 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/19 22:42:36.0521 3032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/19 22:42:36.0568 3032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/19 22:42:36.0615 3032 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/19 22:42:36.0630 3032 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/19 22:42:36.0662 3032 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/19 22:42:36.0677 3032 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/19 22:42:36.0708 3032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/19 22:42:36.0787 3032 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/19 22:42:36.0865 3032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/19 22:42:36.0880 3032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/19 22:42:36.0912 3032 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/19 22:42:36.0974 3032 Tmfilter (3d473e97ff805dab903aa66f08286c90) C:\WINDOWS\system32\drivers\TmXPFlt.sys
2011/09/19 22:42:37.0021 3032 Tmpreflt (0c89809f1df614bd42093a446b222a32) C:\WINDOWS\system32\drivers\Tmpreflt.sys
2011/09/19 22:42:37.0052 3032 tmtdi (309f8d84fcb94fda6629228aa3c893e5) C:\WINDOWS\System32\Drivers\tmtdi.sys
2011/09/19 22:42:37.0130 3032 tm_cfw (6b34c260fe86e9171f8c897b552625aa) C:\WINDOWS\System32\Drivers\tm_cfw.sys
2011/09/19 22:42:37.0177 3032 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/19 22:42:37.0224 3032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/19 22:42:37.0271 3032 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/19 22:42:37.0318 3032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/19 22:42:37.0380 3032 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/19 22:42:37.0412 3032 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/19 22:42:37.0458 3032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/19 22:42:37.0490 3032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/19 22:42:37.0521 3032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/19 22:42:37.0537 3032 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/19 22:42:37.0583 3032 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/19 22:42:37.0615 3032 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/19 22:42:37.0662 3032 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/19 22:42:37.0708 3032 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/19 22:42:37.0740 3032 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/19 22:42:37.0755 3032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/19 22:42:37.0802 3032 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/19 22:42:37.0833 3032 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/19 22:42:37.0865 3032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/19 22:42:37.0943 3032 Vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\WINDOWS\system32\drivers\Vsapint.sys
2011/09/19 22:42:38.0005 3032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/19 22:42:38.0068 3032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/19 22:42:38.0115 3032 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/19 22:42:38.0208 3032 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/19 22:42:38.0271 3032 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/19 22:42:38.0333 3032 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/19 22:42:38.0380 3032 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/19 22:42:38.0443 3032 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/19 22:42:38.0599 3032 Boot (0x1200) (08087d931922aec382a3d2745261a618) \Device\Harddisk0\DR0\Partition0
2011/09/19 22:42:38.0599 3032 ================================================================================
2011/09/19 22:42:38.0599 3032 Scan finished
2011/09/19 22:42:38.0599 3032 ================================================================================
2011/09/19 22:42:38.0615 3044 Detected object count: 0
2011/09/19 22:42:38.0615 3044 Actual detected object count: 0
  • 0

#5
whimsyandspark218

whimsyandspark218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-19 22:50:18
-----------------------------
22:50:18.880 OS Version: Windows 5.1.2600 Service Pack 3
22:50:18.880 Number of processors: 1 586 0x4F02
22:50:18.880 ComputerName: JACK UserName:
22:50:19.162 Initialize success
22:52:19.005 AVAST engine defs: 11091901
22:52:41.802 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:52:41.802 Disk 0 Vendor: SAMSUNG_HD080HJ/P ZH100-34 Size: 76293MB BusType: 3
22:52:43.833 Disk 0 MBR read successfully
22:52:43.833 Disk 0 MBR scan
22:52:43.865 Disk 0 Windows XP default MBR code
22:52:43.880 Disk 0 scanning sectors +156232125
22:52:43.958 Disk 0 scanning C:\WINDOWS\system32\drivers
22:52:57.193 Service scanning
22:52:58.458 Modules scanning
22:53:04.271 Disk 0 trace - called modules:
22:53:04.287 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:53:04.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f91ab8]
22:53:04.287 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\00000065[0x85fd5f18]
22:53:04.802 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85fa0940]
22:53:05.177 AVAST engine scan C:\WINDOWS
22:53:26.193 AVAST engine scan C:\WINDOWS\system32
22:55:22.615 AVAST engine scan C:\WINDOWS\system32\drivers
22:55:39.037 AVAST engine scan C:\Documents and Settings\Deeana
22:56:52.224 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Deeana\Desktop\MBR.dat"
22:56:52.224 The log file has been saved successfully to "C:\Documents and Settings\Deeana\Desktop\aswMBR.txt"
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
After these steps test your system and tell me what problems you have now.

Step 1

Download Unhide.exe from here to your desktop and run ti. It should unhide all your files.

Step 2

Update your Malwarebytes and do Quick Scan. Post log after the scan.

Step 3

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • Update on how is your system now
It would be helpful if you could post each log in separate post
  • 0

#7
whimsyandspark218

whimsyandspark218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7751

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/20/2011 2:15:47 AM
mbam-log-2011-09-20 (02-15-47).txt

Scan type: Quick scan
Objects scanned: 182820
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
whimsyandspark218

whimsyandspark218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
After trying a few different programs and going through some stuff, my computer seems to be working mostly fine. The only thing I'm noticing that's wrong is that one of the word docs on my desktop and a few of the ones in my 'my documents' folder aren't working. The name has been changed from something like "cover letter.doc" to "~$ver letter.doc". Whenever I try to open one of these documents, Word opens up with a dailog box that says "Word cannot start the converter mswrd632.wpc" and a little button that says show help. If I try to just close the dialog box, it won't do anything until I click it twice and then the dialog changes to "Microsoft Office Word needs a converter to display this file correctly. This feature is not currently installed. Would you like to instal it now?" and yes or no buttons. I haven't clicked anything else cause I don't wanna mess anything up.

Also, in my 'my docs'and my "my pics' folders, there are faded icons for things like 'desktop.ini' or "thumbs.db" which I don't recall seeing previously. Their modification dates aren't from the exact dates when my computer started acting up, but the details say its configuration settings or a data base file and the attributes are 'hidden, system'. If I try to delete one of these, it says "The file desktop.ini is a system file. If you remove it, your computer or one of your programs may no longer work correctly. Are you sure you want to move it to the recycle bin?" I dunno if that's normal and I never noticed it, but I figured I'd ask about it.

Thanks for all your help!
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi whimsyandspark218,

You did good thing by waiting for my reply.


First...
Microsoft word files like "~$ver letter.doc" are temporary beckup files for microsoft word. When you edit your document office is saving all changes to these files so you can undo changes while writing or editing your document. Sometimes when Word crashes it leaves these files behind. That is why you are seeing them. Try to open your original file "cover letter.doc", save it and close it. That should remove this file for you. If this fails you can delete it manually. Just make sure you can open your original .doc file.

Second...
'desktop.ini' and "thumbs.db" are system files. You couldn't see them before because they where hidden and this infection mess with hidden files. To change this we need to:

  • Open My Computer and click on Tools then Folder Options...
  • Click on View tab and make sure you check these two options:

    Do not show hidden files and folders
    Hide protected operating system files (Recommended)

  • Click Apply then OK

That should solve it.
  • 0

#10
whimsyandspark218

whimsyandspark218

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK I did everything you asked and it seems to be fine now. The one other thing I didn't notice before was that there's also something in my docs that says '~WRL0154.tmp' and another that's '~WRL3308.tmp'. Is it possible that this is a temp file like the Word ones execpt for pdf files? Cause when I hover over it it says my friends name as the title and there were a few pdf's that she sent me around the date it lists. Is it fine to delete these?

Also, can I delete all the programs you had me download (tdss killer, otl, etc) and the logs they produced, or should I keep them around?


Thanks again for all your help, I really appreciate it!
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi whimsyandspark218,

You can remove those files. There are temp files related to PDF reader but I can't tell you for sure what are they for.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP