Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

all search engines crash [Closed]

Started by SueTD , Oct 25 2011 03:04 PM

This topic is locked

#16
SueTD

Posted 27 October 2011 - 03:28 PM

Member

Topic Starter
Member
114 posts

This is the the log from Step 2.
I do have to leave for an appt at 6pm. I will be back around 9pm. If you respond tonight, I will work on it when I get back. If not, I will work on it whenever you do respond.
Thanks for sticking with me and my computer!
SueTD

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-27 17:22:21
-----------------------------
17:22:21.953 OS Version: Windows 5.1.2600 Service Pack 3
17:22:21.953 Number of processors: 2 586 0x401
17:22:21.953 ComputerName: ARTROOM UserName: Susan
17:22:21.953 Initialze error 5 Access is denied.
17:22:22.046 write error "ashBase.dll". The system cannot find the path specified.
17:23:40.781 The log file has been saved successfully to "C:\Documents and Settings\All Users\Documents\aswMBR.txt"

#17
maliprog

Posted 27 October 2011 - 11:22 PM

Trusted Helper

Malware Removal
6,172 posts

Hi SueTD,

Please run TDSSKiller one more time. TDSSKiller will report C:\WINDOWS\system32\DRIVERS\atapi.sys as suspicious file.

This time as "action" choose Cure
Click Continue button
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

#18
SueTD

Posted 28 October 2011 - 08:23 AM

Member

Topic Starter
Member
114 posts

The TDSSKiller only said: >forged file Service: Tcpip Suspicious object, medium risk
Then my choices were Skip, copy to quarantine and delete. I just left it on Skip.
This is the log.
SueTD

10:17:36.0828 4076 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
10:17:37.0390 4076 ============================================================
10:17:37.0390 4076 Current date / time: 2011/10/28 10:17:37.0390
10:17:37.0390 4076 SystemInfo:
10:17:37.0390 4076
10:17:37.0390 4076 OS Version: 5.1.2600 ServicePack: 3.0
10:17:37.0390 4076 Product type: Workstation
10:17:37.0390 4076 ComputerName: ARTROOM
10:17:37.0390 4076 UserName: Susan
10:17:37.0390 4076 Windows directory: C:\WINDOWS
10:17:37.0390 4076 System windows directory: C:\WINDOWS
10:17:37.0390 4076 Processor architecture: Intel x86
10:17:37.0390 4076 Number of processors: 2
10:17:37.0390 4076 Page size: 0x1000
10:17:37.0390 4076 Boot type: Normal boot
10:17:37.0390 4076 ============================================================
10:17:39.0109 4076 Initialize success
10:17:47.0375 1956 ============================================================
10:17:47.0375 1956 Scan started
10:17:47.0375 1956 Mode: Manual;
10:17:47.0375 1956 ============================================================
10:17:50.0406 1956 Abiosdsk - ok
10:17:50.0453 1956 abp480n5 - ok
10:17:50.0515 1956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:17:50.0531 1956 ACPI - ok
10:17:50.0593 1956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:17:50.0593 1956 ACPIEC - ok
10:17:50.0625 1956 adpu160m - ok
10:17:50.0703 1956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:17:50.0703 1956 aec - ok
10:17:50.0781 1956 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:17:50.0781 1956 AFD - ok
10:17:50.0859 1956 Aha154x - ok
10:17:50.0937 1956 aic78u2 - ok
10:17:51.0015 1956 aic78xx - ok
10:17:51.0093 1956 AliIde - ok
10:17:51.0140 1956 amsint - ok
10:17:51.0203 1956 asc - ok
10:17:51.0234 1956 asc3350p - ok
10:17:51.0281 1956 asc3550 - ok
10:17:51.0359 1956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:17:51.0359 1956 AsyncMac - ok
10:17:51.0421 1956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:17:51.0421 1956 atapi - ok
10:17:51.0468 1956 Atdisk - ok
10:17:51.0546 1956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:17:51.0546 1956 Atmarpc - ok
10:17:51.0609 1956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:17:51.0609 1956 audstub - ok
10:17:51.0656 1956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:17:51.0671 1956 Beep - ok
10:17:51.0750 1956 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
10:17:51.0750 1956 bvrp_pci - ok
10:17:51.0812 1956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:17:51.0812 1956 cbidf2k - ok
10:17:51.0875 1956 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:17:51.0875 1956 CCDECODE - ok
10:17:51.0921 1956 cd20xrnt - ok
10:17:52.0015 1956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:17:52.0015 1956 Cdaudio - ok
10:17:52.0078 1956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:17:52.0078 1956 Cdfs - ok
10:17:52.0125 1956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:17:52.0125 1956 Cdrom - ok
10:17:52.0203 1956 Changer - ok
10:17:52.0250 1956 CmdIde - ok
10:17:52.0312 1956 Cpqarray - ok
10:17:52.0359 1956 dac2w2k - ok
10:17:52.0406 1956 dac960nt - ok
10:17:52.0453 1956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:17:52.0468 1956 Disk - ok
10:17:52.0562 1956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:17:52.0609 1956 dmboot - ok
10:17:52.0671 1956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:17:52.0671 1956 dmio - ok
10:17:52.0734 1956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:17:52.0734 1956 dmload - ok
10:17:52.0796 1956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:17:52.0796 1956 DMusic - ok
10:17:52.0843 1956 dpti2o - ok
10:17:52.0953 1956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:17:52.0953 1956 drmkaud - ok
10:17:53.0015 1956 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:17:53.0015 1956 drvmcdb - ok
10:17:53.0062 1956 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
10:17:53.0062 1956 drvnddm - ok
10:17:53.0140 1956 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:17:53.0140 1956 E100B - ok
10:17:53.0203 1956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:17:53.0203 1956 Fastfat - ok
10:17:53.0265 1956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:17:53.0265 1956 Fdc - ok
10:17:53.0312 1956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:17:53.0328 1956 Fips - ok
10:17:53.0390 1956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:17:53.0390 1956 Flpydisk - ok
10:17:53.0453 1956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:17:53.0453 1956 FltMgr - ok
10:17:53.0500 1956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:17:53.0500 1956 Fs_Rec - ok
10:17:53.0546 1956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:17:53.0546 1956 Ftdisk - ok
10:17:53.0593 1956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:17:53.0593 1956 GEARAspiWDM - ok
10:17:53.0656 1956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:17:53.0656 1956 Gpc - ok
10:17:53.0718 1956 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
10:17:53.0718 1956 grmnusb - ok
10:17:53.0781 1956 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:17:53.0781 1956 hidusb - ok
10:17:53.0828 1956 hpn - ok
10:17:53.0937 1956 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:17:53.0937 1956 HPZid412 - ok
10:17:54.0031 1956 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:17:54.0031 1956 HPZipr12 - ok
10:17:54.0109 1956 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:17:54.0109 1956 HPZius12 - ok
10:17:54.0187 1956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:17:54.0187 1956 HTTP - ok
10:17:54.0234 1956 i2omgmt - ok
10:17:54.0281 1956 i2omp - ok
10:17:54.0328 1956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:17:54.0328 1956 i8042prt - ok
10:17:54.0437 1956 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:17:54.0484 1956 ialm - ok
10:17:54.0531 1956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:17:54.0531 1956 Imapi - ok
10:17:54.0593 1956 incdrm (195a22bc8674090ccce5c3e2b7d96aca) C:\WINDOWS\system32\drivers\incdrm.sys
10:17:54.0593 1956 incdrm - ok
10:17:54.0640 1956 ini910u - ok
10:17:54.0765 1956 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
10:17:54.0781 1956 IntelC51 - ok
10:17:54.0843 1956 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
10:17:54.0906 1956 IntelC52 - ok
10:17:54.0953 1956 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
10:17:54.0953 1956 IntelC53 - ok
10:17:55.0000 1956 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:17:55.0000 1956 IntelIde - ok
10:17:55.0062 1956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:17:55.0062 1956 intelppm - ok
10:17:55.0140 1956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:17:55.0140 1956 Ip6Fw - ok
10:17:55.0234 1956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:17:55.0234 1956 IpFilterDriver - ok
10:17:55.0296 1956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:17:55.0296 1956 IpInIp - ok
10:17:55.0359 1956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:17:55.0375 1956 IpNat - ok
10:17:55.0421 1956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:17:55.0421 1956 IPSec - ok
10:17:55.0500 1956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:17:55.0500 1956 IRENUM - ok
10:17:55.0546 1956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:17:55.0546 1956 isapnp - ok
10:17:55.0609 1956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:17:55.0609 1956 Kbdclass - ok
10:17:55.0656 1956 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:17:55.0656 1956 kbdhid - ok
10:17:55.0703 1956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:17:55.0718 1956 kmixer - ok
10:17:55.0781 1956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:17:55.0781 1956 KSecDD - ok
10:17:55.0875 1956 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
10:17:55.0875 1956 Lavasoft Kernexplorer - ok
10:17:55.0921 1956 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
10:17:55.0921 1956 Lbd - ok
10:17:55.0968 1956 lbrtfdc - ok
10:17:56.0078 1956 LxrJD31d (3f6f7993ae46aded2db2886ed3080c80) C:\WINDOWS\system32\Drivers\LxrJD31d.sys
10:17:56.0078 1956 LxrJD31d - ok
10:17:56.0140 1956 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
10:17:56.0140 1956 MCSTRM - ok
10:17:56.0218 1956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:17:56.0218 1956 mnmdd - ok
10:17:56.0281 1956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:17:56.0281 1956 Modem - ok
10:17:56.0343 1956 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:17:56.0343 1956 MODEMCSA - ok
10:17:56.0421 1956 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
10:17:56.0421 1956 mohfilt - ok
10:17:56.0468 1956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:17:56.0468 1956 Mouclass - ok
10:17:56.0531 1956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:17:56.0546 1956 mouhid - ok
10:17:56.0578 1956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:17:56.0578 1956 MountMgr - ok
10:17:56.0656 1956 mraid35x - ok
10:17:56.0750 1956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:17:56.0750 1956 MRxDAV - ok
10:17:56.0828 1956 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:17:56.0843 1956 MRxSmb - ok
10:17:56.0937 1956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:17:56.0937 1956 Msfs - ok
10:17:57.0015 1956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:17:57.0015 1956 MSKSSRV - ok
10:17:57.0093 1956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:17:57.0093 1956 MSPCLOCK - ok
10:17:57.0156 1956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:17:57.0156 1956 MSPQM - ok
10:17:57.0234 1956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:17:57.0234 1956 mssmbios - ok
10:17:57.0296 1956 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:17:57.0296 1956 MSTEE - ok
10:17:57.0375 1956 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:17:57.0375 1956 Mup - ok
10:17:57.0437 1956 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:17:57.0437 1956 NABTSFEC - ok
10:17:57.0515 1956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:17:57.0515 1956 NDIS - ok
10:17:57.0578 1956 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:17:57.0578 1956 NdisIP - ok
10:17:57.0640 1956 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:17:57.0640 1956 NdisTapi - ok
10:17:57.0703 1956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:17:57.0703 1956 Ndisuio - ok
10:17:57.0765 1956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:17:57.0765 1956 NdisWan - ok
10:17:57.0843 1956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:17:57.0843 1956 NDProxy - ok
10:17:57.0906 1956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:17:57.0906 1956 NetBIOS - ok
10:17:57.0984 1956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:17:57.0984 1956 NetBT - ok
10:17:58.0062 1956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:17:58.0078 1956 Npfs - ok
10:17:58.0156 1956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:17:58.0187 1956 Ntfs - ok
10:17:58.0265 1956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:17:58.0265 1956 Null - ok
10:17:58.0328 1956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:17:58.0343 1956 NwlnkFlt - ok
10:17:58.0406 1956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:17:58.0406 1956 NwlnkFwd - ok
10:17:58.0500 1956 P0630VID (74446252eeae950240972108bbac2fbd) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
10:17:58.0500 1956 P0630VID - ok
10:17:58.0593 1956 P1171VID (25069801c85d6deef75e8c221f37dcb2) C:\WINDOWS\system32\DRIVERS\P1171Vid.sys
10:17:58.0593 1956 P1171VID - ok
10:17:58.0671 1956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:17:58.0671 1956 Parport - ok
10:17:58.0718 1956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:17:58.0718 1956 PartMgr - ok
10:17:58.0796 1956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:17:58.0812 1956 ParVdm - ok
10:17:58.0859 1956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:17:58.0859 1956 PCI - ok
10:17:58.0921 1956 PCIDump - ok
10:17:58.0984 1956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
10:17:58.0984 1956 PCIIde - ok
10:17:59.0078 1956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:17:59.0078 1956 Pcmcia - ok
10:17:59.0156 1956 PDCOMP - ok
10:17:59.0203 1956 PDFRAME - ok
10:17:59.0265 1956 PDRELI - ok
10:17:59.0328 1956 PDRFRAME - ok
10:17:59.0375 1956 perc2 - ok
10:17:59.0437 1956 perc2hib - ok
10:17:59.0531 1956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:17:59.0546 1956 PptpMiniport - ok
10:17:59.0578 1956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:17:59.0593 1956 PSched - ok
10:17:59.0656 1956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:17:59.0656 1956 Ptilink - ok
10:17:59.0703 1956 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:17:59.0703 1956 PxHelp20 - ok
10:17:59.0750 1956 ql1080 - ok
10:17:59.0843 1956 Ql10wnt - ok
10:17:59.0906 1956 ql12160 - ok
10:17:59.0968 1956 ql1240 - ok
10:18:00.0015 1956 ql1280 - ok
10:18:00.0093 1956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:18:00.0093 1956 RasAcd - ok
10:18:00.0140 1956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:18:00.0140 1956 Rasl2tp - ok
10:18:00.0187 1956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:18:00.0187 1956 RasPppoe - ok
10:18:00.0265 1956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:18:00.0265 1956 Raspti - ok
10:18:00.0312 1956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:18:00.0312 1956 Rdbss - ok
10:18:00.0375 1956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:18:00.0390 1956 RDPCDD - ok
10:18:00.0453 1956 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:18:00.0468 1956 RDPWD - ok
10:18:00.0562 1956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:18:00.0562 1956 redbook - ok
10:18:00.0656 1956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:18:00.0656 1956 Secdrv - ok
10:18:00.0765 1956 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
10:18:00.0781 1956 senfilt - ok
10:18:00.0859 1956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:18:00.0859 1956 serenum - ok
10:18:00.0906 1956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:18:00.0906 1956 Serial - ok
10:18:01.0000 1956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:18:01.0000 1956 Sfloppy - ok
10:18:01.0062 1956 Simbad - ok
10:18:01.0140 1956 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:18:01.0140 1956 SLIP - ok
10:18:01.0218 1956 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
10:18:01.0218 1956 smwdm - ok
10:18:01.0296 1956 SNDP106 (7bb39e404f5ee8cacb15b2b4696d0d62) C:\WINDOWS\system32\DRIVERS\sndp106.sys
10:18:01.0296 1956 SNDP106 - ok
10:18:01.0359 1956 Sparrow - ok
10:18:01.0437 1956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:18:01.0453 1956 splitter - ok
10:18:01.0515 1956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:18:01.0515 1956 sr - ok
10:18:01.0578 1956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:18:01.0578 1956 Srv - ok
10:18:01.0625 1956 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
10:18:01.0640 1956 sscdbhk5 - ok
10:18:01.0687 1956 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
10:18:01.0687 1956 ssrtln - ok
10:18:01.0781 1956 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
10:18:01.0781 1956 StillCam - ok
10:18:01.0843 1956 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:18:01.0843 1956 streamip - ok
10:18:01.0906 1956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:18:01.0906 1956 swenum - ok
10:18:01.0968 1956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:18:01.0968 1956 swmidi - ok
10:18:02.0015 1956 symc810 - ok
10:18:02.0078 1956 symc8xx - ok
10:18:02.0125 1956 sym_hi - ok
10:18:02.0187 1956 sym_u3 - ok
10:18:02.0265 1956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:18:02.0265 1956 sysaudio - ok
10:18:02.0375 1956 Tcpip (b3758ee0d918d90aaa71ab17fee9957b) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:18:02.0406 1956 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: b3758ee0d918d90aaa71ab17fee9957b, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d
10:18:02.0406 1956 Tcpip ( ForgedFile.Multi.Generic ) - warning
10:18:02.0406 1956 Tcpip - detected ForgedFile.Multi.Generic (1)
10:18:02.0468 1956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:18:02.0468 1956 TDPIPE - ok
10:18:02.0562 1956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:18:02.0562 1956 TDTCP - ok
10:18:02.0625 1956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:18:02.0625 1956 TermDD - ok
10:18:02.0703 1956 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
10:18:02.0703 1956 tfsnboio - ok
10:18:02.0750 1956 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
10:18:02.0750 1956 tfsncofs - ok
10:18:02.0796 1956 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
10:18:02.0796 1956 tfsndrct - ok
10:18:02.0875 1956 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
10:18:02.0875 1956 tfsndres - ok
10:18:02.0921 1956 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
10:18:02.0921 1956 tfsnifs - ok
10:18:02.0984 1956 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
10:18:02.0984 1956 tfsnopio - ok
10:18:03.0015 1956 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
10:18:03.0031 1956 tfsnpool - ok
10:18:03.0078 1956 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
10:18:03.0078 1956 tfsnudf - ok
10:18:03.0140 1956 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
10:18:03.0140 1956 tfsnudfa - ok
10:18:03.0203 1956 TosIde - ok
10:18:03.0296 1956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:18:03.0296 1956 Udfs - ok
10:18:03.0343 1956 ultra - ok
10:18:03.0453 1956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:18:03.0484 1956 Update - ok
10:18:03.0546 1956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:18:03.0546 1956 usbccgp - ok
10:18:03.0609 1956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:18:03.0609 1956 usbehci - ok
10:18:03.0671 1956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:18:03.0671 1956 usbhub - ok
10:18:03.0734 1956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:18:03.0734 1956 usbprint - ok
10:18:03.0796 1956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:18:03.0796 1956 usbscan - ok
10:18:03.0828 1956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:18:03.0828 1956 USBSTOR - ok
10:18:03.0921 1956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:18:03.0921 1956 usbuhci - ok
10:18:03.0984 1956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:18:03.0984 1956 VgaSave - ok
10:18:04.0031 1956 ViaIde - ok
10:18:04.0109 1956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:18:04.0109 1956 VolSnap - ok
10:18:04.0171 1956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:18:04.0171 1956 Wanarp - ok
10:18:04.0250 1956 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
10:18:04.0265 1956 wanatw - ok
10:18:04.0312 1956 WDICA - ok
10:18:04.0375 1956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:18:04.0375 1956 wdmaud - ok
10:18:04.0500 1956 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:18:04.0500 1956 WS2IFSL - ok
10:18:04.0593 1956 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:18:04.0593 1956 WSTCODEC - ok
10:18:04.0687 1956 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:18:04.0687 1956 WudfPf - ok
10:18:04.0765 1956 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:18:04.0765 1956 WudfRd - ok
10:18:04.0812 1956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:18:04.0953 1956 \Device\Harddisk0\DR0 - ok
10:18:04.0968 1956 Boot (0x1200) (16f0ea3acfcdee0cc04dd0e7136067cd) \Device\Harddisk0\DR0\Partition0
10:18:04.0968 1956 \Device\Harddisk0\DR0\Partition0 - ok
10:18:04.0968 1956 ============================================================
10:18:04.0968 1956 Scan finished
10:18:04.0968 1956 ============================================================
10:18:04.0984 2096 Detected object count: 1
10:18:04.0984 2096 Actual detected object count: 1
10:20:26.0625 2096 Tcpip ( ForgedFile.Multi.Generic ) - skipped by user
10:20:26.0625 2096 Tcpip ( ForgedFile.Multi.Generic ) - User select action: Skip
10:20:42.0921 2964 Deinitialize success

#19
maliprog

Posted 28 October 2011 - 12:48 PM

Trusted Helper

Malware Removal
6,172 posts

OK. Let's try this instead

Run OTL

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

/md5start
tcpip.sys
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

#20
SueTD

Posted 28 October 2011 - 03:12 PM

Member

Topic Starter
Member
114 posts

This is the file created after running the OTL quick scan with the codes as instructed.
SueTD

OTL logfile created on: 10/28/2011 4:53:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 233.03 Mb Available Physical Memory | 46.41% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.82% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 14.29 Gb Free Space | 19.92% Space Free | Partition Type: NTFS

Computer Name: ARTROOM | User Name: Susan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 16:34:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
PRC - [2011/10/21 10:33:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/08 13:08:46 | 001,407,848 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 20:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1134504319\EE\aolsoftware.exe
PRC - [2006/03/09 22:24:04 | 000,071,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrJD31s.exe
PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2006/01/10 16:56:58 | 001,896,448 | ---- | M] (BellSouth) -- C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/11/19 13:54:58 | 000,037,464 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0a\waol.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/14 03:10:19 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1faca3f09472860e010689b67c68a327\System.Xml.Linq.ni.dll
MOD - [2011/10/14 03:10:17 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4185130eda1d7a5e0e0474e72343570b\System.Xaml.ni.dll
MOD - [2011/10/14 03:07:43 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
MOD - [2011/10/14 03:07:27 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
MOD - [2011/10/14 03:07:08 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63d537bacaab5416d09a2a3cdf6a3667\PresentationFramework.ni.dll
MOD - [2011/10/14 03:06:41 | 000,284,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63f98ea6df6a734c122348fa32296df0\PresentationFramework.Classic.ni.dll
MOD - [2011/10/14 03:06:39 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\75f3656725581b2c90785755775bdf48\PresentationCore.ni.dll
MOD - [2011/10/14 03:06:21 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6e1c62ce679c8157560c7593c066cd85\WindowsBase.ni.dll
MOD - [2011/10/14 03:06:09 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
MOD - [2011/10/14 03:05:57 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
MOD - [2011/10/14 03:05:40 | 009,085,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
MOD - [2011/10/14 03:05:28 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/10/14 03:02:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_47a7f639\mscorlib.dll
MOD - [2011/10/14 03:02:02 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d691d26d\system.drawing.dll
MOD - [2011/10/14 03:01:46 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1d021263\system.xml.dll
MOD - [2011/10/14 03:01:39 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_fc93b16d\system.windows.forms.dll
MOD - [2011/10/14 03:01:30 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_17bf5714\system.dll
MOD - [2011/10/14 03:01:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/08/31 14:09:29 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/05 13:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM7\nssckbi.dll
MOD - [2007/01/18 17:05:41 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/01/18 17:05:36 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2007/01/18 17:05:36 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2007/01/18 17:05:34 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2007/01/18 17:05:33 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/01/18 17:05:33 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2007/01/18 17:05:32 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/01/18 17:05:32 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/01/18 17:05:32 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/01/18 17:05:32 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2007/01/18 17:05:32 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2007/01/18 17:05:32 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/01/18 17:05:32 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/01/18 17:05:32 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/01/18 17:05:31 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2007/01/18 17:05:31 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/01/18 17:05:31 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/01/18 17:05:31 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/01/18 17:05:31 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/01/18 17:05:31 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/01/18 17:05:31 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2007/01/18 17:05:31 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/01/18 17:05:31 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/01/18 17:05:30 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/01/18 17:05:30 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/01/18 17:05:30 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2007/01/18 17:05:30 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/01/18 17:05:30 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/01/18 17:05:30 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/01/18 17:05:29 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2007/01/18 17:05:29 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2006/06/23 18:38:51 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/06/23 18:38:50 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/06/23 18:38:49 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2006/03/09 22:24:04 | 000,071,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrJD31s.exe
MOD - [2005/12/12 21:03:20 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2004/11/19 13:54:59 | 000,081,920 | ---- | M] () -- C:\Program Files\America Online 9.0a\xmltok.dll
MOD - [2004/11/19 13:54:59 | 000,053,248 | ---- | M] () -- C:\Program Files\America Online 9.0a\xmlparse.dll
MOD - [2004/11/19 13:54:59 | 000,045,056 | ---- | M] () -- C:\Program Files\America Online 9.0a\zlib.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0058351272057688mcinstcleanup) McAfee Application Installer Cleanup (0058351272057688)
SRV - [2011/10/21 10:33:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/03/09 22:24:04 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2011/07/21 14:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/21 14:59:08 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2006/11/16 11:04:20 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/03/09 22:24:04 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LxrJD31d.sys -- (LxrJD31d)
DRV - [2005/06/05 21:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys -- (P0630VID)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/03/24 11:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/18 21:00:00 | 000,091,392 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P1171Vid.sys -- (P1171VID)
DRV - [2003/12/30 07:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/11/20 18:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 18:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 18:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 18:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/17 15:06:56 | 000,227,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sndp106.sys -- (SNDP106) Dual Mode Camera (8001 CIF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yah.../att/ie/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.100005
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {9E848C9E-9755-438C-AB53-561E65467C16}:1.0
FF - prefs.js..extensions.enabledItems: {0406AFF6-FADD-44B4-8C6F-7C87FC2E5F48}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SceneCaster.com/SceneCaster: C:\Program Files\SceneCaster\Version 3.11.16\NPSceneCaster.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9E848C9E-9755-438C-AB53-561E65467C16}: C:\Documents and Settings\Susan\Local Settings\Application Data\{9E848C9E-9755-438C-AB53-561E65467C16} [2009/04/08 07:21:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0406AFF6-FADD-44B4-8C6F-7C87FC2E5F48}: C:\Documents and Settings\Torie Marissa\Local Settings\Application Data\{0406AFF6-FADD-44B4-8C6F-7C87FC2E5F48} [2009/04/05 14:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/12 17:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 18:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/25 00:50:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/12 17:19:48 | 000,000,000 | ---D | M]

[2009/07/14 11:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Susan\Application Data\Mozilla\Extensions
[2011/08/26 11:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\1jieaaud.default\extensions
[2011/08/26 11:14:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\1jieaaud.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/10/06 08:25:38 | 000,000,000 | ---D | M] ("Foxit PDF Creator Toolbar") -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\1jieaaud.default\extensions\[email protected]
[2011/05/31 07:47:26 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\1jieaaud.default\searchplugins\askcom.xml
[2011/06/12 09:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/28 14:38:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/16 15:04:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/12 08:05:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 15:18:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/12 15:25:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/23 12:25:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/12 09:48:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/04/04 14:59:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/08 18:37:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/17 09:30:25 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2011/06/17 09:30:25 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2011/06/17 09:31:06 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/06/17 09:30:23 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/03 12:45:40 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_Yulia = C:\Documents and Settings\Susan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onomgjhiigbnmhkghhpgdojopdlhddbe\2_0\

O1 HOSTS File: ([2009/07/21 17:42:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe (BellSouth)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134504319\EE\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [PD0630 STISvc] C:\WINDOWS\System32\P0630Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Susan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Susan\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1247153334437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hallmark.web...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D6CCFE2-8EBC-4280-B90E-A26D61B90FA2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Susan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Susan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SsiEfr.e)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 10:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Desktop\tdsskiller updated
[2011/10/27 17:20:10 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Susan\Desktop\aswMBR.exe
[2011/10/27 17:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Desktop\tdsskiller
[2011/10/27 15:50:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/27 15:50:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/27 15:50:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/27 15:50:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/27 15:50:11 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/27 15:50:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/27 15:49:30 | 004,266,378 | R--- | C] (Swearware) -- C:\Documents and Settings\Susan\Desktop\ComboFix.exe
[2011/10/27 13:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\WINDOWS
[2011/10/27 08:44:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/25 16:34:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2011/10/21 10:27:26 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/08/31 18:21:11 | 015,441,768 | ---- | C] (GARMIN Corp.) -- C:\Program Files\npGarmin.dll
[2011/08/31 17:29:31 | 011,272,288 | ---- | C] (Garmin International) -- C:\Program Files\GarminLifetimeUpdaterInstaller.exe

========== Files - Modified Within 30 Days ==========

[2011/10/28 16:28:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-2139871995-725345543-1004UA.job
[2011/10/28 16:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 16:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/28 10:16:51 | 001,545,436 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\tdsskiller updated.zip
[2011/10/28 10:00:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/28 09:28:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-2139871995-725345543-1004Core.job
[2011/10/27 21:39:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/27 17:20:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Susan\Desktop\aswMBR.exe
[2011/10/27 17:07:01 | 001,545,338 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\tdsskiller.zip
[2011/10/27 16:06:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/27 15:49:43 | 004,266,378 | R--- | M] (Swearware) -- C:\Documents and Settings\Susan\Desktop\ComboFix.exe
[2011/10/27 13:20:47 | 000,000,179 | ---- | M] () -- C:\handle.dat
[2011/10/27 13:20:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/27 08:13:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/27 08:13:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/10/25 16:34:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan\Desktop\OTL.exe
[2011/10/25 10:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/24 13:59:08 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/21 10:27:40 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/10/21 10:14:53 | 010,268,672 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\Ad-Aware95Install.msi
[2011/10/20 08:13:34 | 000,000,135 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/14 03:35:58 | 000,578,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 03:12:16 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/14 03:03:11 | 000,422,068 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 03:03:11 | 000,061,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/07 17:58:11 | 000,057,103 | ---- | M] () -- C:\Documents and Settings\Susan\My Documents\293956_1897123842502_1673790052_1525530_438630_n.jpg
[2011/10/05 21:24:57 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 21:24:56 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Susan\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/10/28 10:16:36 | 001,545,436 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\tdsskiller updated.zip
[2011/10/27 17:06:47 | 001,545,338 | ---- | C] () -- C:\Documents and Settings\Susan\Desktop\tdsskiller.zip
[2011/10/27 15:50:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/27 15:50:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/27 15:50:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/27 15:50:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/27 15:50:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/27 13:20:47 | 000,000,179 | ---- | C] () -- C:\handle.dat
[2011/10/21 10:14:00 | 010,268,672 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\Ad-Aware95Install.msi
[2011/10/07 17:57:36 | 000,057,103 | ---- | C] () -- C:\Documents and Settings\Susan\My Documents\293956_1897123842502_1673790052_1525530_438630_n.jpg
[2011/09/23 23:51:33 | 000,496,436 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-2139871995-725345543-1004-0.dat
[2011/09/07 03:20:47 | 000,391,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/07 08:11:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/07 08:11:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/09 13:40:36 | 000,142,352 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/29 12:24:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/03/24 18:37:12 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p24].bmp
[2011/03/24 18:37:11 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p23].bmp
[2011/03/24 18:37:10 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p22].bmp
[2011/03/24 18:37:09 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p21].bmp
[2011/03/24 18:37:08 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p20].bmp
[2011/03/24 18:37:06 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p19].bmp
[2011/03/24 18:37:05 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p18].bmp
[2011/03/24 18:37:04 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p17].bmp
[2011/03/24 18:37:02 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p16].bmp
[2011/03/24 18:37:01 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p15].bmp
[2011/03/24 18:37:00 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p14].bmp
[2011/03/24 18:36:59 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p13].bmp
[2011/03/24 18:36:58 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p12].bmp
[2011/03/24 18:36:56 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p11].bmp
[2011/03/24 18:36:55 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p10].bmp
[2011/03/24 18:36:54 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p09].bmp
[2011/03/24 18:36:53 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p08].bmp
[2011/03/24 18:36:52 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p07].bmp
[2011/03/24 18:36:50 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p06].bmp
[2011/03/24 18:36:49 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p05].bmp
[2011/03/24 18:36:48 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p04].bmp
[2011/03/24 18:36:47 | 000,661,302 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\[j0007]-[p03].bmp
[2010/12/12 17:04:08 | 000,207,226 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2010/12/12 17:04:08 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2010/11/28 14:40:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/25 23:59:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/27 23:50:27 | 000,000,100 | --S- | C] () -- C:\WINDOWS\System32\3234329854.dat
[2008/04/24 13:55:36 | 000,117,094 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2008/04/24 13:55:35 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2008/03/16 09:47:03 | 000,000,053 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2008/01/28 19:28:40 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/06/22 17:28:15 | 000,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/20 20:33:23 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/17 19:56:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/17 19:56:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/04 16:17:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/01/18 17:24:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\fusioncache.dat
[2007/01/18 16:46:17 | 000,116,490 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/09/10 09:42:46 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/09/10 09:42:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/08/02 00:02:56 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\sndp106.dll
[2006/08/02 00:02:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\dsndp106.dll
[2006/08/02 00:02:56 | 000,015,474 | ---- | C] () -- C:\WINDOWS\sndp106.ini
[2006/08/02 00:02:55 | 000,227,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndp106.sys
[2006/08/02 00:02:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\vsndp106.dll
[2006/08/02 00:02:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\dsndp106.exe
[2006/07/06 17:59:35 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2006/05/30 21:03:17 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/05/29 19:11:35 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/05/29 19:11:35 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/12 09:28:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\unq32.dat
[2006/05/12 07:59:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/05/11 16:29:52 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\w00d3612.ini
[2006/05/11 15:50:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\jptc.dat
[2006/05/05 19:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/12/27 10:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/12/24 18:55:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/12/23 12:33:15 | 000,001,913 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/16 14:47:16 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/14 16:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2005/12/14 16:02:25 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2005/12/14 16:02:25 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31c.exe
[2005/12/14 16:02:25 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31s.exe
[2005/12/14 16:02:25 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2005/12/14 16:02:25 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2005/12/13 17:53:54 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/12/13 17:53:43 | 000,029,521 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/12/13 17:53:43 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/12/13 17:53:43 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/12/13 17:53:43 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/13 17:48:56 | 000,000,235 | ---- | C] () -- C:\WINDOWS\EPSON CX6600 Installer.ini
[2005/12/13 16:08:23 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/12/13 16:04:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/12 22:37:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/12/12 21:17:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/12 20:58:41 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Susan\Application Data\PFP120JPR.{PB
[2005/12/12 20:58:41 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Susan\Application Data\PFP120JCM.{PB
[2005/12/12 20:35:19 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/12 20:30:10 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/12/12 20:29:41 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/12/12 20:19:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/12 20:12:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/12 15:02:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/12 15:00:57 | 000,578,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/08 17:56:52 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/12/24 14:14:07 | 000,120,871 | ---- | C] () -- C:\WINDOWS\usndp106.exe
[2004/09/22 14:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 10:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 10:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 10:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 10:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 10:03:20 | 000,422,068 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 10:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 10:03:19 | 000,061,770 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 10:02:43 | 006,566,656 | ---- | C] () -- C:\WINDOWS\System32\qojfwtii.dat
[2004/08/12 10:02:43 | 000,218,368 | ---- | C] () -- C:\WINDOWS\System32\yfjwkzrg.dat
[2004/08/12 10:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 09:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 09:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 09:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 09:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/12/02 09:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/14 08:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2005/12/27 11:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2005/12/12 21:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2005/12/21 16:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2005/12/12 21:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/10/21 10:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/11 21:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/10/26 10:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/08/30 17:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/04 18:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2007/10/09 22:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\acccore
[2006/12/17 23:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Aim
[2006/09/10 10:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\BellSouth
[2008/09/20 17:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/03 12:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Foxit
[2011/01/28 12:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Foxit Software
[2011/08/31 17:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\GARMIN
[2005/12/13 17:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Leadertech
[2006/12/12 22:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\MP3Rocket
[2009/03/16 09:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\MyPublisher
[2011/03/13 20:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\ooVoo Details
[2007/06/18 22:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Snapfish
[2006/02/02 13:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Ulead Systems
[2006/12/12 20:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\WeatherBug
[2011/10/27 13:20:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/10/28 16:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >
[2006/04/20 07:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\tcpip.sys
[2006/01/13 13:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006/01/12 22:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2005/05/25 15:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007/10/30 12:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2005/05/25 15:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2007/10/30 13:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
[2004/08/04 07:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\I386\TCPIP.SYS
[2004/08/12 10:07:09 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Susan\My Documents\epson11375.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Susan\Desktop\ATF-Cleaner.exe:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

#21
maliprog

Posted 30 October 2011 - 11:36 AM

Trusted Helper

Malware Removal
6,172 posts

Hi SueTD,

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Files
C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys|C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys /replace

:Commands
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please run TDSSKiller one more time and post log here for me. Choose Skip if it ask you again about tcpip.sys.

Step 3

Please try to run Combofix like you did before and post log here for me.

Step 4

Please don't forget to include these items in your reply:

OTL fix log
TDSSKiller log
Combofix log

It would be helpful if you could post each log in separate post

#22
SueTD

Posted 30 October 2011 - 03:07 PM

Member

Topic Starter
Member
114 posts

When I pasted the commands in the OTL custom fix box, I got a message that said "Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Home Edition Service Pack 3 CD now."

Two things:
1. I only have a CD that says Service Pack 2
and
2. I didn't know if you wanted me to do that because you didn't mention it.

So, I did not reboot but don't know if anything was done since I did run the OTL before getting the message.

Do you want me to put in the CD I have or reboot without doing that? I don't know why it says Service Pack 3 CD, unless there was something I downloaded at some point.

SueTD
***I just came back on to edit this reply; When I tried to print something, the computer tells me I have no printer installed. I actually have two printers installed and it shows them on the control panel.

Edited by SueTD, 30 October 2011 - 03:36 PM.

#23
SueTD

Posted 30 October 2011 - 05:21 PM

Member

Topic Starter
Member
114 posts

The computer crashed again with a blue screen so I guess that counts as rebooting. This is what the log says that was run when I followed the first instruction but didn't use the Windows service pack CD as I mentioned in the previous post. I guess I'll go on to the next steps since the computer was rebooted.
SueTD

========== OTL ==========
========== FILES ==========
File C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys successfully replaced with C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 10302011_165122

#24
SueTD

Posted 30 October 2011 - 07:18 PM

Member

Topic Starter
Member
114 posts

The TDSSKiller ran for more than an hour, said scan was still processing and then my computer froze. I had to turn it off and back on. I check the folder and it looks like there was a log so I copied and pasted it here. I am going on to the last part now.
SueTD

19:23:19.0984 3016 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
19:23:26.0468 3016 ============================================================
19:23:26.0468 3016 Current date / time: 2011/10/30 19:23:26.0468
19:23:26.0468 3016 SystemInfo:
19:23:26.0468 3016
19:23:26.0468 3016 OS Version: 5.1.2600 ServicePack: 3.0
19:23:26.0468 3016 Product type: Workstation
19:23:26.0468 3016 ComputerName: ARTROOM
19:23:26.0468 3016 UserName: Susan
19:23:26.0468 3016 Windows directory: C:\WINDOWS
19:23:26.0468 3016 System windows directory: C:\WINDOWS
19:23:26.0468 3016 Processor architecture: Intel x86
19:23:26.0468 3016 Number of processors: 2
19:23:26.0468 3016 Page size: 0x1000
19:23:26.0468 3016 Boot type: Normal boot
19:23:26.0468 3016 ============================================================
19:23:29.0343 3016 Initialize success
19:23:35.0656 3740 ============================================================
19:23:35.0656 3740 Scan started
19:23:35.0656 3740 Mode: Manual;
19:23:35.0656 3740 ============================================================

#25
SueTD

Posted 30 October 2011 - 07:41 PM

Member

Topic Starter
Member
114 posts

The Combofix icon on my desktop doesn't work. I looked back at your original post. When I click on Link 1, it is a blank page and Link 2 is the one I had downloaded eventhough it is in Spanish. I looked at the sample of the Combofix disclaimer included in your post and it mentions a bleepingcomputer website. I looked on that site and it offers two links to click on where I can download Combofix. Is it okay to click on one of those links to see if that will download properly?
SueTD

#26
maliprog

Posted 31 October 2011 - 12:38 AM

Trusted Helper

Malware Removal
6,172 posts

TDSSKiller didn't finish his job but one hour is too long. Can you please try to run TDSSKiller scan in Safe mode.

#27
SueTD

Posted 31 October 2011 - 07:27 AM

Member

Topic Starter
Member
114 posts

This is the TDSSKiller log run in SafeMode.
I'll check back later for further instructions.
SueTD

09:13:56.0640 1264 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
09:13:56.0718 1264 ============================================================
09:13:56.0718 1264 Current date / time: 2011/10/31 09:13:56.0718
09:13:56.0718 1264 SystemInfo:
09:13:56.0718 1264
09:13:56.0718 1264 OS Version: 5.1.2600 ServicePack: 3.0
09:13:56.0718 1264 Product type: Workstation
09:13:56.0718 1264 ComputerName: ARTROOM
09:13:56.0718 1264 UserName: Susan
09:13:56.0718 1264 Windows directory: C:\WINDOWS
09:13:56.0718 1264 System windows directory: C:\WINDOWS
09:13:56.0718 1264 Processor architecture: Intel x86
09:13:56.0718 1264 Number of processors: 2
09:13:56.0718 1264 Page size: 0x1000
09:13:56.0718 1264 Boot type: Safe boot
09:13:56.0718 1264 ============================================================
09:13:59.0890 1264 Initialize success
09:14:04.0828 1280 ============================================================
09:14:04.0828 1280 Scan started
09:14:04.0828 1280 Mode: Manual;
09:14:04.0828 1280 ============================================================
09:14:06.0843 1280 23473737 - ok
09:14:07.0171 1280 Abiosdsk - ok
09:14:07.0515 1280 abp480n5 - ok
09:14:08.0078 1280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:14:08.0187 1280 ACPI - ok
09:14:08.0703 1280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:14:08.0765 1280 ACPIEC - ok
09:14:09.0171 1280 adpu160m - ok
09:14:09.0625 1280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:14:09.0734 1280 aec - ok
09:14:10.0281 1280 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:14:10.0328 1280 AFD - ok
09:14:10.0781 1280 Aha154X - ok
09:14:11.0093 1280 aic78u2 - ok
09:14:11.0453 1280 aic78xx - ok
09:14:11.0781 1280 AliIde - ok
09:14:12.0093 1280 amsint - ok
09:14:12.0578 1280 asc - ok
09:14:12.0937 1280 asc3350p - ok
09:14:13.0296 1280 asc3550 - ok
09:14:13.0703 1280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:14:13.0703 1280 AsyncMac - ok
09:14:14.0031 1280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:14:14.0031 1280 atapi - ok
09:14:14.0312 1280 Atdisk - ok
09:14:14.0656 1280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:14:14.0671 1280 Atmarpc - ok
09:14:14.0984 1280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:14:15.0000 1280 audstub - ok
09:14:15.0343 1280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:14:15.0343 1280 Beep - ok
09:14:15.0703 1280 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
09:14:15.0703 1280 bvrp_pci - ok
09:14:16.0000 1280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:14:16.0015 1280 cbidf2k - ok
09:14:16.0359 1280 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:14:16.0359 1280 CCDECODE - ok
09:14:16.0656 1280 cd20xrnt - ok
09:14:16.0953 1280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:14:16.0968 1280 Cdaudio - ok
09:14:17.0312 1280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:14:17.0406 1280 Cdfs - ok
09:14:17.0734 1280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:14:17.0765 1280 Cdrom - ok
09:14:18.0046 1280 Changer - ok
09:14:18.0375 1280 CmdIde - ok
09:14:18.0703 1280 Cpqarray - ok
09:14:19.0015 1280 dac2w2k - ok
09:14:19.0328 1280 dac960nt - ok
09:14:19.0671 1280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:14:19.0687 1280 Disk - ok
09:14:20.0281 1280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:14:20.0546 1280 dmboot - ok
09:14:20.0937 1280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:14:20.0984 1280 dmio - ok
09:14:21.0562 1280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:14:21.0609 1280 dmload - ok
09:14:22.0250 1280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:14:22.0484 1280 DMusic - ok
09:14:22.0968 1280 dpti2o - ok
09:14:23.0437 1280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:14:23.0437 1280 drmkaud - ok
09:14:23.0859 1280 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:14:23.0953 1280 drvmcdb - ok
09:14:24.0500 1280 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
09:14:24.0531 1280 drvnddm - ok
09:14:25.0031 1280 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:14:25.0109 1280 E100B - ok
09:14:25.0609 1280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:14:25.0734 1280 Fastfat - ok
09:14:26.0250 1280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:14:26.0281 1280 Fdc - ok
09:14:26.0781 1280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:14:26.0875 1280 Fips - ok
09:14:27.0250 1280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:14:27.0265 1280 Flpydisk - ok
09:14:27.0687 1280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:14:27.0718 1280 FltMgr - ok
09:14:28.0171 1280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:14:28.0203 1280 Fs_Rec - ok
09:14:28.0781 1280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:14:28.0859 1280 Ftdisk - ok
09:14:29.0343 1280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:14:29.0375 1280 GEARAspiWDM - ok
09:14:29.0843 1280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:14:29.0859 1280 Gpc - ok
09:14:30.0187 1280 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
09:14:30.0187 1280 grmnusb - ok
09:14:30.0562 1280 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:14:30.0562 1280 hidusb - ok
09:14:30.0890 1280 hpn - ok
09:14:31.0312 1280 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:14:31.0343 1280 HPZid412 - ok
09:14:31.0656 1280 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:14:31.0671 1280 HPZipr12 - ok
09:14:32.0015 1280 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:14:32.0031 1280 HPZius12 - ok
09:14:32.0437 1280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:14:32.0531 1280 HTTP - ok
09:14:32.0875 1280 i2omgmt - ok
09:14:33.0187 1280 i2omp - ok
09:14:33.0656 1280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:14:33.0687 1280 i8042prt - ok
09:14:34.0546 1280 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:14:35.0140 1280 ialm - ok
09:14:35.0671 1280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:14:35.0703 1280 Imapi - ok
09:14:36.0328 1280 incdrm (195a22bc8674090ccce5c3e2b7d96aca) C:\WINDOWS\system32\drivers\incdrm.sys
09:14:36.0359 1280 incdrm - ok
09:14:36.0859 1280 ini910u - ok
09:14:37.0968 1280 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
09:14:38.0859 1280 IntelC51 - ok
09:14:39.0734 1280 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
09:14:40.0062 1280 IntelC52 - ok
09:14:40.0609 1280 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
09:14:40.0640 1280 IntelC53 - ok
09:14:41.0218 1280 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:14:41.0265 1280 IntelIde - ok
09:14:41.0812 1280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:14:41.0859 1280 intelppm - ok
09:14:42.0406 1280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:14:42.0453 1280 Ip6Fw - ok
09:14:43.0046 1280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:14:43.0109 1280 IpFilterDriver - ok
09:14:43.0687 1280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:14:43.0718 1280 IpInIp - ok
09:14:44.0296 1280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:14:44.0421 1280 IpNat - ok
09:14:45.0015 1280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:14:45.0062 1280 IPSec - ok
09:14:45.0609 1280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:14:45.0750 1280 IRENUM - ok
09:14:46.0265 1280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:14:46.0328 1280 isapnp - ok
09:14:46.0828 1280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:14:46.0890 1280 Kbdclass - ok
09:14:47.0421 1280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:14:47.0468 1280 kbdhid - ok
09:14:48.0093 1280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:14:48.0187 1280 kmixer - ok
09:14:48.0875 1280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:14:48.0968 1280 KSecDD - ok
09:14:49.0531 1280 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
09:14:49.0640 1280 Lbd - ok
09:14:50.0109 1280 lbrtfdc - ok
09:14:50.0781 1280 LxrJD31d (3f6f7993ae46aded2db2886ed3080c80) C:\WINDOWS\system32\Drivers\LxrJD31d.sys
09:14:50.0859 1280 LxrJD31d - ok
09:14:51.0390 1280 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
09:14:51.0437 1280 MCSTRM - ok
09:14:52.0062 1280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:14:52.0125 1280 mnmdd - ok
09:14:52.0593 1280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:14:52.0625 1280 Modem - ok
09:14:53.0000 1280 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:14:53.0046 1280 MODEMCSA - ok
09:14:53.0484 1280 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
09:14:53.0500 1280 mohfilt - ok
09:14:53.0921 1280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:14:53.0953 1280 Mouclass - ok
09:14:54.0328 1280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:14:54.0343 1280 mouhid - ok
09:14:54.0843 1280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:14:54.0890 1280 MountMgr - ok
09:14:55.0250 1280 mraid35x - ok
09:14:55.0812 1280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:14:56.0000 1280 MRxDAV - ok
09:14:56.0593 1280 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:14:56.0859 1280 MRxSmb - ok
09:14:57.0312 1280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:14:57.0312 1280 Msfs - ok
09:14:57.0718 1280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:14:57.0718 1280 MSKSSRV - ok
09:14:58.0046 1280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:14:58.0046 1280 MSPCLOCK - ok
09:14:58.0500 1280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:14:58.0531 1280 MSPQM - ok
09:14:59.0062 1280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:14:59.0125 1280 mssmbios - ok
09:14:59.0640 1280 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:14:59.0718 1280 MSTEE - ok
09:15:00.0234 1280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:15:00.0296 1280 Mup - ok
09:15:00.0843 1280 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:15:00.0906 1280 NABTSFEC - ok
09:15:01.0531 1280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:15:01.0625 1280 NDIS - ok
09:15:02.0031 1280 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:15:02.0093 1280 NdisIP - ok
09:15:02.0531 1280 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:15:02.0531 1280 NdisTapi - ok
09:15:02.0937 1280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:15:02.0937 1280 Ndisuio - ok
09:15:03.0421 1280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:15:03.0453 1280 NdisWan - ok
09:15:03.0859 1280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:15:03.0890 1280 NDProxy - ok
09:15:04.0296 1280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:15:04.0312 1280 NetBIOS - ok
09:15:04.0828 1280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:15:04.0890 1280 NetBT - ok
09:15:05.0312 1280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:15:05.0328 1280 Npfs - ok
09:15:05.0875 1280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:15:06.0125 1280 Ntfs - ok
09:15:06.0687 1280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:15:06.0734 1280 Null - ok
09:15:07.0187 1280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:15:07.0234 1280 NwlnkFlt - ok
09:15:07.0593 1280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:15:07.0593 1280 NwlnkFwd - ok
09:15:07.0937 1280 P0630VID (74446252eeae950240972108bbac2fbd) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
09:15:07.0968 1280 P0630VID - ok
09:15:08.0343 1280 P1171VID (25069801c85d6deef75e8c221f37dcb2) C:\WINDOWS\system32\DRIVERS\P1171Vid.sys
09:15:08.0375 1280 P1171VID - ok
09:15:08.0703 1280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:15:08.0734 1280 Parport - ok
09:15:09.0031 1280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:15:09.0046 1280 PartMgr - ok
09:15:09.0359 1280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:15:09.0375 1280 ParVdm - ok
09:15:09.0703 1280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:15:09.0734 1280 PCI - ok
09:15:10.0015 1280 PCIDump - ok
09:15:10.0343 1280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
09:15:10.0359 1280 PCIIde - ok
09:15:10.0703 1280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:15:10.0734 1280 Pcmcia - ok
09:15:11.0031 1280 PDCOMP - ok
09:15:11.0359 1280 PDFRAME - ok
09:15:11.0640 1280 PDRELI - ok
09:15:11.0921 1280 PDRFRAME - ok
09:15:12.0203 1280 perc2 - ok
09:15:12.0500 1280 perc2hib - ok
09:15:12.0906 1280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:15:12.0921 1280 PptpMiniport - ok
09:15:13.0250 1280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:15:13.0265 1280 PSched - ok
09:15:13.0578 1280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:15:13.0578 1280 Ptilink - ok
09:15:13.0890 1280 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:15:13.0906 1280 PxHelp20 - ok
09:15:14.0187 1280 ql1080 - ok
09:15:14.0468 1280 Ql10wnt - ok
09:15:14.0765 1280 ql12160 - ok
09:15:15.0046 1280 ql1240 - ok
09:15:15.0375 1280 ql1280 - ok
09:15:15.0671 1280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:15:15.0671 1280 RasAcd - ok
09:15:16.0000 1280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:15:16.0015 1280 Rasl2tp - ok
09:15:16.0359 1280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:15:16.0375 1280 RasPppoe - ok
09:15:16.0671 1280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:15:16.0671 1280 Raspti - ok
09:15:17.0031 1280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:15:17.0078 1280 Rdbss - ok
09:15:17.0375 1280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:15:17.0375 1280 RDPCDD - ok
09:15:17.0750 1280 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:15:17.0796 1280 RDPWD - ok
09:15:18.0125 1280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:15:18.0140 1280 redbook - ok
09:15:18.0578 1280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:15:18.0578 1280 Secdrv - ok
09:15:19.0140 1280 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:15:19.0406 1280 senfilt - ok
09:15:19.0718 1280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:15:19.0718 1280 serenum - ok
09:15:20.0031 1280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:15:20.0062 1280 Serial - ok
09:15:20.0390 1280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:15:20.0390 1280 Sfloppy - ok
09:15:20.0703 1280 Simbad - ok
09:15:21.0015 1280 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:15:21.0031 1280 SLIP - ok
09:15:21.0437 1280 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
09:15:21.0515 1280 smwdm - ok
09:15:21.0906 1280 SNDP106 (7bb39e404f5ee8cacb15b2b4696d0d62) C:\WINDOWS\system32\DRIVERS\sndp106.sys
09:15:21.0984 1280 SNDP106 - ok
09:15:22.0250 1280 Sparrow - ok
09:15:22.0578 1280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:15:22.0578 1280 splitter - ok
09:15:22.0906 1280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:15:22.0937 1280 sr - ok
09:15:23.0359 1280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:15:23.0484 1280 Srv - ok
09:15:23.0781 1280 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:15:23.0796 1280 sscdbhk5 - ok
09:15:24.0093 1280 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
09:15:24.0109 1280 ssrtln - ok
09:15:24.0421 1280 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:15:24.0421 1280 StillCam - ok
09:15:24.0765 1280 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:15:24.0765 1280 streamip - ok
09:15:25.0062 1280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:15:25.0062 1280 swenum - ok
09:15:25.0500 1280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:15:25.0515 1280 swmidi - ok
09:15:25.0812 1280 symc810 - ok
09:15:26.0109 1280 symc8xx - ok
09:15:26.0390 1280 sym_hi - ok
09:15:26.0687 1280 sym_u3 - ok
09:15:27.0000 1280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:15:27.0015 1280 sysaudio - ok
09:15:27.0500 1280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:15:27.0625 1280 Tcpip - ok
09:15:27.0937 1280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:15:27.0937 1280 TDPIPE - ok
09:15:28.0265 1280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:15:28.0265 1280 TDTCP - ok
09:15:28.0625 1280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:15:28.0640 1280 TermDD - ok
09:15:28.0968 1280 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
09:15:28.0984 1280 tfsnboio - ok
09:15:29.0265 1280 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
09:15:29.0296 1280 tfsncofs - ok
09:15:29.0609 1280 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
09:15:29.0609 1280 tfsndrct - ok
09:15:29.0890 1280 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
09:15:29.0890 1280 tfsndres - ok
09:15:30.0203 1280 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
09:15:30.0234 1280 tfsnifs - ok
09:15:30.0546 1280 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
09:15:30.0546 1280 tfsnopio - ok
09:15:30.0828 1280 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
09:15:30.0828 1280 tfsnpool - ok
09:15:31.0125 1280 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
09:15:31.0156 1280 tfsnudf - ok
09:15:31.0453 1280 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:15:31.0484 1280 tfsnudfa - ok
09:15:31.0796 1280 TosIde - ok
09:15:32.0156 1280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:15:32.0187 1280 Udfs - ok
09:15:32.0468 1280 ultra - ok
09:15:32.0906 1280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:15:33.0031 1280 Update - ok
09:15:33.0390 1280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:15:33.0406 1280 usbccgp - ok
09:15:33.0750 1280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:15:33.0765 1280 usbehci - ok
09:15:34.0062 1280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:15:34.0078 1280 usbhub - ok
09:15:34.0390 1280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:15:34.0390 1280 usbprint - ok
09:15:34.0687 1280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:15:34.0687 1280 usbscan - ok
09:15:34.0984 1280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:15:34.0984 1280 USBSTOR - ok
09:15:35.0312 1280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:15:35.0312 1280 usbuhci - ok
09:15:35.0609 1280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:15:35.0609 1280 VgaSave - ok
09:15:35.0890 1280 ViaIde - ok
09:15:36.0203 1280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:15:36.0218 1280 VolSnap - ok
09:15:36.0562 1280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:15:36.0562 1280 Wanarp - ok
09:15:36.0890 1280 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
09:15:36.0906 1280 wanatw - ok
09:15:37.0187 1280 WDICA - ok
09:15:37.0515 1280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:15:37.0546 1280 wdmaud - ok
09:15:38.0015 1280 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:15:38.0031 1280 WS2IFSL - ok
09:15:38.0328 1280 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:15:38.0343 1280 WSTCODEC - ok
09:15:38.0687 1280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:15:38.0718 1280 WudfPf - ok
09:15:39.0046 1280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:15:39.0078 1280 WudfRd - ok
09:15:39.0171 1280 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:15:39.0375 1280 \Device\Harddisk0\DR0 - ok
09:15:39.0406 1280 Boot (0x1200) (16f0ea3acfcdee0cc04dd0e7136067cd) \Device\Harddisk0\DR0\Partition0
09:15:39.0406 1280 \Device\Harddisk0\DR0\Partition0 - ok
09:15:39.0406 1280 ============================================================
09:15:39.0406 1280 Scan finished
09:15:39.0406 1280 ============================================================
09:15:39.0437 1272 Detected object count: 0
09:15:39.0437 1272 Actual detected object count: 0
09:16:08.0640 1260 Deinitialize success

#28
maliprog

Posted 01 November 2011 - 12:49 AM

Trusted Helper

Malware Removal
6,172 posts

Looks like we manage to replace corrupted system driver but we didn't solved the problem. I think that there is something wrong with your system drivers or some files.

Please try to download Combofix from This location and run it.

#29
SueTD

Posted 01 November 2011 - 07:00 AM

Member

Topic Starter
Member
114 posts

I downloaded Combofix from the link you provided. It downloaded, I saved it to my desktop and then ran it. It looked like it was going well and then said there was an updated version. In a previous post that I had printed out, you said to allow to update if it asks, so I said yes. Then I got a message that it did not finish or install correctly. I could not find a log from the part that looked like it ran before I got the message to update. Should I try again but not allow it to update or do something else?

You mentioned something possibly wrong with a driver or file. Is it important that one of my programs (I think Adobe Photoshop) always says some sort of .dll file is missing but then it loads the program anyway. Also, Internet Explorer says it is running with add-ons disabled but when I looked at the list to manage add-ons, there is only one thing that is disabled. At the time this happened, a friend told me to just leave it that way. Do any of these things help determine what my computer problem might be?

SueTD

#30
maliprog

Posted 02 November 2011 - 12:12 AM

Trusted Helper

Malware Removal
6,172 posts

It would be nice to have your Windows Home edition Service pack 3 instalation disk with you but let's try this step.

We are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:

My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.

Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.