Jump to content

SarahP

Honorary Members
  • Posts

    29
  • Joined

  • Last visited

Everything posted by SarahP

  1. I can't get the report to open so I can post it. The first time it ran (when it went for 22 hours before I canceled it), it found two infected things and 8 suspicious things. They were all incurable and moved. This time, it took about 28 hours to run completely (which was faster than before), and it found three infected things and three suspicious ones. I am going to back up my data and have someone check the hard drive, as you suggested.
  2. Okay, I'll let CureIt go all the way. Yes, I have heard some unusual clicking occasionally.
  3. Here's the latest update: I ran the express scan for Dr. Web CureIt, and it came up clean. I started the Complete Scan, and that's where the problems began. After 22 hours, it was barely a third of the way complete. It did, however, find 6 suspicious and 2 infected things during that time. What should I do next? Should I let the Complete Scan run until it's finished, even though it's incredibly slow?
  4. I've tried it twice. The first time, it took forever to run and then it froze before it finished. Not only did the program stall, but everything stalled. No mouse-clicking, nothing. I had to reboot. The second time, it took forever to run. I assume it's stalled because there is nothing in the window past the warning that scan time may double and the cursor below it, which was blinking for hours, has now stopped blinking.
  5. 2011/06/26 15:14:24.0436 2964 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/26 15:14:25.0437 2964 ================================================================================ 2011/06/26 15:14:25.0437 2964 SystemInfo: 2011/06/26 15:14:25.0437 2964 2011/06/26 15:14:25.0437 2964 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/26 15:14:25.0437 2964 Product type: Workstation 2011/06/26 15:14:25.0437 2964 ComputerName: SARAHLAPTOP 2011/06/26 15:14:25.0437 2964 UserName: user 2011/06/26 15:14:25.0437 2964 Windows directory: C:\WINDOWS 2011/06/26 15:14:25.0437 2964 System windows directory: C:\WINDOWS 2011/06/26 15:14:25.0437 2964 Processor architecture: Intel x86 2011/06/26 15:14:25.0437 2964 Number of processors: 1 2011/06/26 15:14:25.0437 2964 Page size: 0x1000 2011/06/26 15:14:25.0437 2964 Boot type: Normal boot 2011/06/26 15:14:25.0437 2964 ================================================================================ 2011/06/26 15:14:45.0837 2964 Initialize success 2011/06/26 15:15:00.0758 3440 ================================================================================ 2011/06/26 15:15:00.0758 3440 Scan started 2011/06/26 15:15:00.0758 3440 Mode: Manual; 2011/06/26 15:15:00.0758 3440 ================================================================================ 2011/06/26 15:15:03.0843 3440 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 2011/06/26 15:15:05.0415 3440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/26 15:15:06.0046 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/26 15:15:07.0418 3440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/26 15:15:07.0999 3440 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/26 15:15:08.0820 3440 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/06/26 15:15:13.0436 3440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/26 15:15:14.0428 3440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/26 15:15:16.0050 3440 ati2mtag (6361d85faf2442bbee2c25ada6cb8512) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/06/26 15:15:17.0132 3440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/26 15:15:18.0083 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/26 15:15:18.0834 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/26 15:15:19.0665 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/26 15:15:21.0157 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/26 15:15:22.0019 3440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/26 15:15:22.0920 3440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/26 15:15:24.0242 3440 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/06/26 15:15:25.0904 3440 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/06/26 15:15:27.0356 3440 cs429x (53e6f4b94eb64438164348df7dcf35c5) C:\WINDOWS\system32\drivers\cwawdm.sys 2011/06/26 15:15:29.0249 3440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/26 15:15:30.0621 3440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/26 15:15:32.0253 3440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/26 15:15:33.0165 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/26 15:15:34.0126 3440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/26 15:15:35.0568 3440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/26 15:15:36.0309 3440 EL90XBC (8b33194d1290595fee065889374ee5f9) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 2011/06/26 15:15:37.0201 3440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/26 15:15:38.0092 3440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/06/26 15:15:38.0893 3440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/26 15:15:39.0554 3440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/26 15:15:40.0415 3440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/26 15:15:41.0427 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/26 15:15:42.0168 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/26 15:15:42.0919 3440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/06/26 15:15:43.0990 3440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/26 15:15:44.0922 3440 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/26 15:15:46.0514 3440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/26 15:15:48.0657 3440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/26 15:15:49.0899 3440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/26 15:15:51.0431 3440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/26 15:15:52.0372 3440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/26 15:15:53.0284 3440 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/26 15:15:54.0926 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/26 15:15:55.0877 3440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/26 15:15:57.0800 3440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/26 15:15:58.0782 3440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/26 15:15:59.0573 3440 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2011/06/26 15:16:00.0654 3440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/26 15:16:01.0646 3440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/26 15:16:02.0257 3440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/26 15:16:03.0138 3440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/26 15:16:04.0099 3440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/26 15:16:06.0062 3440 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys 2011/06/26 15:16:06.0843 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/26 15:16:07.0744 3440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/26 15:16:08.0516 3440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/26 15:16:09.0217 3440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/26 15:16:09.0948 3440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/26 15:16:11.0670 3440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/26 15:16:12.0682 3440 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/26 15:16:13.0763 3440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/26 15:16:14.0604 3440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/26 15:16:15.0736 3440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/26 15:16:16.0667 3440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/26 15:16:17.0599 3440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/26 15:16:18.0480 3440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/26 15:16:19.0311 3440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/26 15:16:19.0952 3440 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/26 15:16:20.0673 3440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/26 15:16:21.0204 3440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/26 15:16:21.0975 3440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/26 15:16:22.0676 3440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/26 15:16:23.0527 3440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/26 15:16:24.0288 3440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/26 15:16:25.0800 3440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/26 15:16:26.0882 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/26 15:16:27.0453 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/26 15:16:28.0124 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/26 15:16:28.0765 3440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/26 15:16:29.0396 3440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/26 15:16:30.0107 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/26 15:16:30.0717 3440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/26 15:16:32.0861 3440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/06/26 15:16:33.0542 3440 PCX500 (592b9d0fb93647c35b6f6883c988d225) C:\WINDOWS\system32\DRIVERS\pcx500.sys 2011/06/26 15:16:34.0333 3440 PCX504 (8a89a9aa0a6b9c3b3ad6d98fe211b560) C:\WINDOWS\system32\DRIVERS\PCX504.sys 2011/06/26 15:16:38.0078 3440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/26 15:16:38.0779 3440 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/06/26 15:16:39.0490 3440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/26 15:16:40.0291 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/26 15:16:41.0042 3440 Ptserial (546dca98beffb92f887e10d7f299d308) C:\WINDOWS\system32\DRIVERS\ptserial.sys 2011/06/26 15:16:44.0127 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/26 15:16:44.0728 3440 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2011/06/26 15:16:45.0399 3440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/26 15:16:46.0090 3440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/26 15:16:46.0831 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/26 15:16:47.0472 3440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/26 15:16:48.0042 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/26 15:16:48.0864 3440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/26 15:16:49.0975 3440 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/26 15:16:51.0087 3440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/26 15:16:52.0399 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/26 15:16:53.0230 3440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/26 15:16:53.0931 3440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/26 15:16:54.0882 3440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/26 15:16:56.0184 3440 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys 2011/06/26 15:16:57.0075 3440 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/06/26 15:16:58.0828 3440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/26 15:16:59.0849 3440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/26 15:17:01.0101 3440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/26 15:17:02.0053 3440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/26 15:17:03.0304 3440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/26 15:17:07.0320 3440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/26 15:17:08.0392 3440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/26 15:17:10.0004 3440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/26 15:17:11.0136 3440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/26 15:17:11.0987 3440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/26 15:17:13.0599 3440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/26 15:17:15.0392 3440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/26 15:17:16.0383 3440 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/06/26 15:17:17.0264 3440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/26 15:17:17.0995 3440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/26 15:17:18.0837 3440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/26 15:17:19.0778 3440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/26 15:17:20.0789 3440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/26 15:17:21.0751 3440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/26 15:17:22.0953 3440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/26 15:17:25.0446 3440 Vmodem (308532ac80be7f676ec58b423c6c5c84) C:\WINDOWS\system32\DRIVERS\vmodem.sys 2011/06/26 15:17:26.0588 3440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/26 15:17:27.0940 3440 Vpctcom (cc040a11bb7bcec2e90f1425b46dc38d) C:\WINDOWS\system32\DRIVERS\vpctcom.sys 2011/06/26 15:17:29.0292 3440 Vvoice (5065d56c6829c4546b007384e9fc8812) C:\WINDOWS\system32\DRIVERS\vvoice.sys 2011/06/26 15:17:30.0473 3440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/26 15:17:31.0895 3440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/26 15:17:33.0187 3440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/26 15:17:33.0958 3440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/26 15:17:34.0229 3440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/06/26 15:17:37.0894 3440 ================================================================================ 2011/06/26 15:17:37.0894 3440 Scan finished 2011/06/26 15:17:37.0894 3440 ================================================================================ 2011/06/26 15:17:37.0944 1608 Detected object count: 0 2011/06/26 15:17:37.0944 1608 Actual detected object count: 0
  6. When I ran it this time, only the OTL.txt log popped up, not the Extras one. Here it is: OTL logfile created on: 6/25/2011 9:36:12 AM - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\user\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.43 Mb Total Physical Memory | 682.18 Mb Available Physical Memory | 66.66% Memory free 2.40 Gb Paging File | 2.22 Gb Available in Paging File | 92.19% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 27.95 Gb Total Space | 1.29 Gb Free Space | 4.63% Space Free | Partition Type: NTFS Computer Name: SARAHLAPTOP | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/06/24 14:13:15 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2011/06/24 14:12:41 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTH.scr ========== Modules (SafeList) ========== MOD - [2011/06/24 14:13:15 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (nlsX86cc) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (astcc) SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2003/02/14 16:16:32 | 000,096,256 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504) DRV - [2003/01/20 20:44:36 | 000,569,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2002/11/22 13:56:10 | 000,476,955 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom) DRV - [2002/11/06 16:23:34 | 000,135,260 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial) DRV - [2002/11/06 16:23:16 | 000,066,111 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice) DRV - [2002/11/06 16:22:50 | 000,689,821 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem) DRV - [2002/08/28 22:59:16 | 000,169,984 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx500.sys -- (PCX500) DRV - [2002/08/08 14:10:46 | 000,089,088 | ---- | M] (Cirrus Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cwawdm.sys -- (cs429x) DRV - [2002/04/05 16:00:54 | 000,073,827 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC) DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/23 21:12:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 15:30:02 | 000,000,000 | ---D | M] [2010/03/25 15:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2011/05/02 12:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1vneazop.default\extensions [2011/05/02 12:07:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1vneazop.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/05/02 12:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/04/17 17:14:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/03 08:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/17 17:53:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/06 12:55:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009/09/14 18:51:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOVE NETWORKS [2008/12/18 14:13:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avast] File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software) O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Multiply AutoUploader.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204904798917 (WUWebControl Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206376579692 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/02 19:26:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{812a2c00-4b1f-11df-8dfe-00028aef1c4a}\Shell\AutoRun\command - "" = E:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/06/24 14:13:09 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2011/06/24 14:12:35 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTH.scr [2011/06/24 11:37:01 | 000,000,000 | ---D | C] -- C:\rsit [2011/06/23 18:02:45 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr [2011/06/23 01:19:45 | 000,000,000 | --SD | C] -- C:\ComboFix [2011/06/22 22:44:42 | 004,134,409 | R--- | C] (Swearware) -- C:\Documents and Settings\user\My Documents\ComboFix.exe [2011/06/22 19:34:07 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/06/22 19:29:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/06/22 19:29:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/06/22 19:29:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/06/22 19:29:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/06/22 19:28:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/06/22 19:28:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/21 20:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/21 20:00:00 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/06/21 19:57:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/06/21 16:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus [2011/06/21 11:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011/06/21 11:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/06/21 10:21:10 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/06/20 15:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes [2011/06/20 15:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/06/20 15:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/06/16 09:28:00 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2011/06/10 14:38:31 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/25 08:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/06/25 01:57:30 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/06/24 14:13:15 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2011/06/24 14:12:41 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTH.scr [2011/06/24 11:35:30 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\user\Desktop\RSIT.exe [2011/06/24 10:56:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/06/24 10:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/06/23 19:28:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/06/23 18:04:27 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr [2011/06/23 17:36:56 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\user\Desktop\exeHelper.scr [2011/06/23 12:15:51 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Win32kDiag.exe [2011/06/23 11:12:37 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.msi [2011/06/23 01:11:45 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Defogger.exe [2011/06/22 22:48:38 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to ComboFix.exe.lnk [2011/06/22 19:34:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/06/22 19:21:06 | 004,134,409 | R--- | M] (Swearware) -- C:\Documents and Settings\user\My Documents\ComboFix.exe [2011/06/22 12:49:18 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to jrlfpqds.exe.lnk [2011/06/22 12:16:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\defogger_reenable [2011/06/22 12:15:48 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to Defogger.exe.lnk [2011/06/21 20:00:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/21 11:48:51 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/06/21 11:27:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/06/16 19:38:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/06/16 15:30:06 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/10 10:29:43 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/06/07 16:37:29 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk [2011/05/30 16:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/05/27 18:00:32 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Word 2007 (2).lnk [2011/05/26 15:35:19 | 000,071,723 | ---- | M] () -- C:\Documents and Settings\user\My Documents\heart-shaped egg yolk.jpg [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/24 11:34:58 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\user\Desktop\RSIT.exe [2011/06/23 17:35:25 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\user\Desktop\exeHelper.scr [2011/06/23 12:15:50 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Win32kDiag.exe [2011/06/23 11:12:03 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.msi [2011/06/23 01:11:43 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Defogger.exe [2011/06/22 22:48:38 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to ComboFix.exe.lnk [2011/06/22 19:34:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/06/22 19:34:13 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/06/22 19:29:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/06/22 19:29:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/06/22 19:29:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/06/22 19:29:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/06/22 19:29:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/06/22 12:49:18 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to jrlfpqds.exe.lnk [2011/06/22 12:16:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\defogger_reenable [2011/06/22 12:15:48 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to Defogger.exe.lnk [2011/06/21 20:00:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/26 15:36:20 | 000,071,723 | ---- | C] () -- C:\Documents and Settings\user\My Documents\heart-shaped egg yolk.jpg [2010/04/16 08:23:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache [2010/04/08 16:34:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2010/04/08 16:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2010/03/25 15:27:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/10/01 15:50:45 | 000,065,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009/08/01 14:23:38 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Musician.INI [2008/10/02 19:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2008/06/28 20:06:32 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/24 11:04:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/03/19 10:24:22 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2008/02/21 15:23:30 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\user\Application Data\wklnhst.dat [2006/12/02 19:52:28 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat [2006/12/02 19:52:17 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\pctspk.exe [2006/12/02 19:52:17 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll [2006/12/02 19:52:17 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat [2006/12/02 19:46:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [2006/12/02 19:29:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/12/02 19:21:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/12/02 12:09:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/12/02 12:08:14 | 000,310,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/11/07 23:03:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\REWCACHE.DAT [2002/12/10 01:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL [2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL [2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [2002/11/15 11:13:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll [2002/08/29 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/08/29 06:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/08/29 06:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/08/29 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/04/11 12:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll ========== Custom Scans ========== < Scan.txt > ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0 < End of report >
  7. I was so excited that this one actually worked right that I forgot to copy the logs when they opened. OTL did run properly, and the logs popped up. But when I clicked on the Internet Explorer button, they disappeared. I'm so sorry. How can I access them? (Thank you so much for being patient with me. I really, really appreciate all your help.)
  8. When I try to run RSIT, I get this error message: Line 3903 (File ""C:\Documents and Settings\user\Desktop\RSIT.exe"): Error: Variable used without being declared.
  9. I got all the way up to running DDS, and then I had to leave for a two-hour meeting. When I click on the DDS icon on my desktop, a black window pops up briefly (with nothing in it but a blinking cursor) and then it disappears. That's all that happens. I've tried it twice, and the second time I just let it go while I went to my meeting, but nothing happened.
  10. Step #1 done. Here's the Win32kDiag.txt: Running from: C:\Documents and Settings\user\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\user\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!
  11. That's what I meant by previous instructions. It took a while to get the internet to open, but here's the Win32kDiag.txt: Running from: C:\Documents and Settings\user\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\user\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!
  12. It finally finished! Back to following previous instructions . . .
  13. It's been twenty minutes. Still no change. No "press any key to finish." There's nothing new after "Searching 'C:\WINDOWS' . . ."
  14. It doesn't say "Press any key to exit." Should I still hit enter?
  15. It took around 30 min. to completely boot up with Last Known Configuration and run Win32kDiag.exe. Right now, I have the black C:\ window, and this is what it says: Starting up . . . Running from: C:\Documents and Settings\user\Desktop\Win32kDiag.exe Log file at: C:\Documents and Settings\user\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS' . . . Then there is a cursor blinking at the left a couple of lines down. It's been like that for about 10 minutes (I'm using another computer to post this). I do see the Win32kDiag.txt on my desktop.
  16. I'm completely unable to boot up the computer in normal mode. It takes a long time, and then I get a blue screen that says Fatal System Error and some other stuff, and then it shuts itself down immediately. Should I try it in safe mode with networking?
  17. When I double-click on the HijackThis icon on my desktop, I get a Windows Installer error message that says, "The system administrator has set policies to prevent this installation."
  18. Thanks for all your help today. It's 2 a.m. my time, and I need to get some sleep. But I'll be back here later to see what I need to do next.
  19. Defogger did not ask me to reboot. I had to do it myself. Then I couldn't get it to restart in normal mode. I'd get a blue screen that said Fatal System Error, among other things I didn't catch. I had to restart it in safe mode with networking. So I did that, and then I tried Combofix again. It's been running for over twenty minutes with no change.
  20. Did the above. It's been running for over half an hour now. Still at the same point as before.
  21. I entered the bold text exactly as above, and I got an error message: Windows cannot find 'C:\Documents and Settings\user\desktop\ComboFix.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
  22. Combofix has been running for nearly an hour and a half. Is it stalled or should I just let it keep going overnight?
  23. I think it stalled. I didn't see the part about not mouse-clicking until afterward. So I started it again. It's been running for about fifteen or twenty minutes. Still scanning, I assume. Not being impatient--just updating you on the status.
  24. Using a different computer now. DDS is running, but it's taking WAY longer than the three minutes it promises. It has a line of # signs across the screen, with a cursor blinking underneath it at the left, and that's where it's been for the last twenty minutes or so.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.