Jump to content

im infected again...please help get rid of this...


Recommended Posts

hello,

1st off thank you for helping! i had a major infection a few months back on my hp laptop. took some work but Elise helped me get rid of it(thanks Elise!)

i dont know what i have now though, similar to before, but more noticable. desktop.ini keeps adding 1kb txt files everywhere! i can not delete, it will just restrict my access to files/pics until its done, then i can access those files again and find this txt again. its hidden in c: desktop, everywhere. my wallpaper is gone today, cant run defogger; i see a black window pop up for a split second right before the defogger window, but no restart after completing. tryed r click admin and double click. nothing.

IP blocks, windows defender wont update, etc etc. i can sit and list off for hours but i dont think that will help. these might though...

hp laptop, Vista, Avira, Mbam, moz.

sorry i've been on this stupid computer all day... thank you for your time and help! it is greatly appreciated!!!

defogger_disable.log

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:40 on 24/10/2010 (BedigandMary)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4939

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

10/24/2010 7:21:11 PM

mbam-log-2010-10-24 (19-21-11).txt

Scan type: Quick scan

Objects scanned: 140189

Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-10-24 20:07:00

Windows 6.0.6002 Service Pack 2

Running: kydnc9g2.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186312a50

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186312a50 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

vira AntiVir Personal

Report file date: Saturday, October 23, 2010 21:37

Scanning for 2963178 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista x64

Windows version : (Service Pack 2) [6.0.6002]

Boot mode : Normally booted

Username : SYSTEM

Computer name : BEDIGANDMARY-PC

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 16:44:47

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 16:44:57

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 16:45:23

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 16:45:44

VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 16:45:44

VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 16:45:44

VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 16:45:44

VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 16:45:45

VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 16:45:46

VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 16:45:47

VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 16:45:48

VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 16:45:50

VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 16:45:52

VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 16:45:53

VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 16:45:55

VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 16:45:57

VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 18:49:58

VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 17:50:07

VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 15:48:52

VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 16:35:25

VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 16:40:19

VBASE026.VDF : 7.10.12.254 129536 Bytes 10/20/2010 18:57:08

VBASE027.VDF : 7.10.13.22 137728 Bytes 10/22/2010 19:58:47

VBASE028.VDF : 7.10.13.23 2048 Bytes 10/22/2010 19:58:47

VBASE029.VDF : 7.10.13.24 2048 Bytes 10/22/2010 19:58:47

VBASE030.VDF : 7.10.13.25 2048 Bytes 10/22/2010 19:58:47

VBASE031.VDF : 7.10.13.27 12288 Bytes 10/22/2010 19:58:47

Engineversion : 8.2.4.84

AEVDF.DLL : 8.1.2.1 106868 Bytes 10/5/2010 16:46:31

AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/5/2010 16:46:30

AESCN.DLL : 8.1.6.1 127347 Bytes 10/5/2010 16:46:26

AESBX.DLL : 8.1.3.1 254324 Bytes 10/5/2010 16:46:33

AERDL.DLL : 8.1.9.2 635252 Bytes 10/5/2010 16:46:26

AEPACK.DLL : 8.2.3.11 471416 Bytes 10/11/2010 17:52:28

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/5/2010 16:46:19

AEHEUR.DLL : 8.1.2.36 2974072 Bytes 10/20/2010 18:57:23

AEHELP.DLL : 8.1.14.0 246134 Bytes 10/11/2010 17:50:35

AEGEN.DLL : 8.1.3.23 401779 Bytes 10/5/2010 16:46:06

AEEMU.DLL : 8.1.2.0 393588 Bytes 10/5/2010 16:46:04

AECORE.DLL : 8.1.17.0 196982 Bytes 10/5/2010 16:46:03

AEBB.DLL : 8.1.1.0 53618 Bytes 10/5/2010 16:46:01

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: on

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Saturday, October 23, 2010 21:37

Starting search for hidden objects.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\eula

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\launched

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\mov04863

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Cyberlink\Common\EvoParser\QuickPlay\3.7\autocheckperiod

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Cyberlink\Common\EvoParser\YouCam\2.00\autocheckperiod

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Full Tilt Poker\version

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\fdwsupport

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\cformattags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\aformattagcache

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\cfiltertags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\name

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\name

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\id

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\last

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters\trappolltimemillisecs

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring

C:\Windows\system32\unregmp2.exe /ShowWMP

C:\Windows\system32\unregmp2.exe /ShowWMP

[NOTE] The registry entry is invisible.

C:\Program Files\Windows Media Player

C:\Program Files\Windows Media Player

[NOTE] The registry entry is invisible.

C:\Program Files\Windows Media Player

C:\Windows\system32\wbem\Logs\WMITracing.log

C:\Windows\system32\wbem\Logs\WMITracing.log

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e

[NOTE] The registry entry is invisible.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Get Online.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Get Online.lnk

[NOTE] The registry entry is invisible.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype)

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'avscan.exe' - '79' Module(s) have been scanned

Scan process 'avscan.exe' - '30' Module(s) have been scanned

Scan process 'avcenter.exe' - '92' Module(s) have been scanned

Scan process 'mbamservice.exe' - '44' Module(s) have been scanned

Scan process 'Com4QLBEx.exe' - '19' Module(s) have been scanned

Scan process 'hpqWmiEx.exe' - '32' Module(s) have been scanned

Scan process 'avgnt.exe' - '49' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '73' Module(s) have been scanned

Scan process 'mbamgui.exe' - '17' Module(s) have been scanned

Scan process 'QLBCTRL.exe' - '44' Module(s) have been scanned

Scan process 'QPService.exe' - '90' Module(s) have been scanned

Scan process 'ViewpointService.exe' - '31' Module(s) have been scanned

Scan process 'RichVideo.exe' - '22' Module(s) have been scanned

Scan process 'BLService.exe' - '27' Module(s) have been scanned

Scan process 'QPSched.exe' - '39' Module(s) have been scanned

Scan process 'QPCapSvc.exe' - '76' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'avguard.exe' - '67' Module(s) have been scanned

Initiating scan of system files:

Signed -> 'C:\Windows\system32\svchost.exe'

Signed -> 'C:\Windows\system32\winlogon.exe'

Signed -> 'C:\Windows\explorer.exe'

Signed -> 'C:\Windows\system32\smss.exe'

Signed -> 'C:\Windows\system32\wininet.DLL'

Signed -> 'C:\Windows\system32\wsock32.DLL'

Signed -> 'C:\Windows\system32\ws2_32.DLL'

Signed -> 'C:\Windows\system32\services.exe'

Signed -> 'C:\Windows\system32\lsass.exe'

Signed -> 'C:\Windows\system32\csrss.exe'

Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'

Signed -> 'C:\Windows\system32\spoolsv.exe'

Signed -> 'C:\Windows\system32\alg.exe'

Signed -> 'C:\Windows\system32\wuauclt.exe'

Signed -> 'C:\Windows\system32\advapi32.DLL'

Signed -> 'C:\Windows\system32\user32.DLL'

Signed -> 'C:\Windows\system32\gdi32.DLL'

Signed -> 'C:\Windows\system32\kernel32.DLL'

Signed -> 'C:\Windows\system32\ntdll.DLL'

Signed -> 'C:\Windows\system32\ntoskrnl.exe'

Signed -> 'C:\Windows\system32\ctfmon.exe'

The system files were scanned ('21' files)

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1229' files ).

Starting the file scan:

Begin scan in 'C:\'

Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: Sunday, October 24, 2010 00:07

Used time: 2:29:46 Hour(s)

The scan has been done completely.

75263 Scanned directories

737111 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

737111 Files not concerned

3524 Archives were scanned

0 Warnings

0 Notes

768532 Objects were scanned with rootkit scan

52 Hidden objects were found

i did do an update today w Avira before the scan... shows yesterday.

I have the DDS logs as well. please let me know how to proceed.

thank you! :)

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

hello,

i did as instructed, tdss did not reboot my computer. eset didnt find anything(i did see an option to 'scan archives' but did not select it). i did however check the 'remove program and all of its... after scan' and hit finish, but its still in my comp. i'll try a reboot and see if anything has changed.

also, the black window that opened when i ran the Security check is exactly what i see for a split second before i run defogger(which never rebooted my system either) plus, Avira opened an update window during the scan. i added that info as well, just in case. i have not run a scan w Avira or mbam today, i'll do that now.

IP block today around 10:00 am 208.73.210.29. still getting redirects too.

thanks for your help!!

Avira AntiVir Personal - Free Antivirus Updater

Complete product update

Creation time: Fri Oct 29 12:32:28 2010

Operating system:

Windows Vista x64 (Service Pack 2) [6.0.6002] 64 bit

Product information:

Product version: 10.0.0.567

Updater: C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe 10.0.0.29

Update resource: C:\Program Files (x86)\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0

Library: C:\Program Files (x86)\Avira\AntiVir Desktop\update.dll 0.1.0.44

Plugin: C:\Program Files (x86)\Avira\AntiVir Desktop\updext.dll 10.0.0.8

GUI: C:\Program Files (x86)\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\

Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\

Installation Directory: C:\Program Files (x86)\Avira\AntiVir Desktop\

Updater folder: C:\Program Files (x86)\Avira\AntiVir Desktop\

AppData folder: C:\ProgramData\Avira\AntiVir Desktop\

Proxy settings:

System settings used

12:32:29 [uPD] [iNFO] Checking whether newer files are available.

12:32:29 [uPD] [iNFO] Select update server 'http://80.190.143.236/update'.

12:32:29 [uPD] [iNFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.

12:32:30 [uPD] [iNFO] The installation is up to date. An update of the program files, the engine or the virus definitions is therefore unnecessary.

Summary:

********

0 Files downloaded

0 Files installed

Fri Oct 29 12:32:30 2010

The update was carried out successfully!

2010/10/29 10:08:20.0632 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49

2010/10/29 10:08:20.0632 ================================================================================

2010/10/29 10:08:20.0632 SystemInfo:

2010/10/29 10:08:20.0632

2010/10/29 10:08:20.0632 OS Version: 6.0.6002 ServicePack: 2.0

2010/10/29 10:08:20.0632 Product type: Workstation

2010/10/29 10:08:20.0632 ComputerName: BEDIGANDMARY-PC

2010/10/29 10:08:20.0632 UserName: BedigandMary

2010/10/29 10:08:20.0632 Windows directory: C:\Windows

2010/10/29 10:08:20.0632 System windows directory: C:\Windows

2010/10/29 10:08:20.0632 Running under WOW64

2010/10/29 10:08:20.0632 Processor architecture: Intel x64

2010/10/29 10:08:20.0632 Number of processors: 2

2010/10/29 10:08:20.0632 Page size: 0x1000

2010/10/29 10:08:20.0632 Boot type: Normal boot

2010/10/29 10:08:20.0632 ================================================================================

2010/10/29 10:08:20.0632 Utility is running under WOW64

2010/10/29 10:08:21.0146 Initialize success

2010/10/29 10:08:44.0515 ================================================================================

2010/10/29 10:08:44.0515 Scan started

2010/10/29 10:08:44.0515 Mode: Manual;

2010/10/29 10:08:44.0515 ================================================================================

2010/10/29 10:08:45.0311 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys

2010/10/29 10:08:45.0467 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/10/29 10:08:45.0607 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/10/29 10:08:45.0670 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/10/29 10:08:45.0732 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/10/29 10:08:45.0810 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/10/29 10:08:45.0919 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/10/29 10:08:46.0184 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys

2010/10/29 10:08:46.0340 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/10/29 10:08:46.0403 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/10/29 10:08:46.0450 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

2010/10/29 10:08:46.0465 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/10/29 10:08:46.0528 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/29 10:08:46.0606 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys

2010/10/29 10:08:46.0652 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys

2010/10/29 10:08:46.0730 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys

2010/10/29 10:08:46.0840 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/10/29 10:08:46.0902 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/10/29 10:08:46.0964 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/29 10:08:47.0027 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

2010/10/29 10:08:47.0089 avgntflt (ed2b23707f19ccc1b2a4382b05d31481) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/10/29 10:08:47.0183 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2010/10/29 10:08:47.0308 BCM43XV (3ddc2d2fc52948357ab622b308574d33) C:\Windows\system32\DRIVERS\bcmwl664.sys

2010/10/29 10:08:47.0386 BCM43XX (3ddc2d2fc52948357ab622b308574d33) C:\Windows\system32\DRIVERS\bcmwl664.sys

2010/10/29 10:08:47.0510 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/10/29 10:08:47.0573 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/29 10:08:47.0651 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/10/29 10:08:47.0682 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/10/29 10:08:47.0744 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/10/29 10:08:47.0807 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/10/29 10:08:47.0854 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/10/29 10:08:47.0947 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/10/29 10:08:48.0010 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys

2010/10/29 10:08:48.0056 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/10/29 10:08:48.0134 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys

2010/10/29 10:08:48.0197 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys

2010/10/29 10:08:48.0259 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys

2010/10/29 10:08:48.0322 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/29 10:08:48.0400 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/29 10:08:48.0446 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

2010/10/29 10:08:48.0602 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/10/29 10:08:48.0727 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/29 10:08:48.0743 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/10/29 10:08:48.0805 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/29 10:08:48.0852 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/10/29 10:08:48.0946 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/10/29 10:08:49.0055 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/10/29 10:08:49.0148 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/10/29 10:08:49.0242 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/29 10:08:49.0367 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/10/29 10:08:49.0507 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/10/29 10:08:49.0616 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/10/29 10:08:49.0726 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys

2010/10/29 10:08:49.0866 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/10/29 10:08:49.0991 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/10/29 10:08:50.0100 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/10/29 10:08:50.0162 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/29 10:08:50.0256 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/10/29 10:08:50.0334 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/10/29 10:08:50.0412 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/29 10:08:50.0537 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/10/29 10:08:50.0662 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/29 10:08:50.0740 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/10/29 10:08:50.0849 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/10/29 10:08:50.0989 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/10/29 10:08:51.0130 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/29 10:08:51.0208 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/10/29 10:08:51.0301 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

2010/10/29 10:08:51.0426 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/29 10:08:51.0504 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/10/29 10:08:51.0566 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys

2010/10/29 10:08:51.0660 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2010/10/29 10:08:51.0800 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2010/10/29 10:08:51.0988 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2010/10/29 10:08:52.0159 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/10/29 10:08:52.0284 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/10/29 10:08:52.0346 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/29 10:08:52.0424 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/10/29 10:08:52.0861 igfx (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys

2010/10/29 10:08:53.0314 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/10/29 10:08:53.0532 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\Windows\system32\drivers\IntcHdmi.sys

2010/10/29 10:08:53.0610 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/10/29 10:08:53.0704 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/29 10:08:53.0828 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/29 10:08:54.0016 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/10/29 10:08:54.0094 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/10/29 10:08:54.0187 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/10/29 10:08:54.0250 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/10/29 10:08:54.0374 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/29 10:08:54.0452 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/10/29 10:08:54.0499 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/10/29 10:08:54.0577 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys

2010/10/29 10:08:54.0640 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/29 10:08:54.0718 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/29 10:08:54.0842 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/29 10:08:54.0936 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/10/29 10:08:55.0108 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/29 10:08:55.0217 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/10/29 10:08:55.0264 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/10/29 10:08:55.0310 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/10/29 10:08:55.0326 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/10/29 10:08:55.0435 MBAMProtector (e330051cce41eb4522e5dcebc15adcea) C:\Windows\system32\drivers\mbam.sys

2010/10/29 10:08:55.0498 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/10/29 10:08:55.0560 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/10/29 10:08:55.0622 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/10/29 10:08:55.0654 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/29 10:08:55.0685 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/29 10:08:55.0747 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/29 10:08:55.0763 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/10/29 10:08:55.0810 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/10/29 10:08:55.0856 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/29 10:08:55.0888 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/10/29 10:08:55.0950 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/10/29 10:08:56.0044 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/29 10:08:56.0200 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/29 10:08:56.0324 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/29 10:08:56.0449 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys

2010/10/29 10:08:56.0543 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/10/29 10:08:56.0636 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/10/29 10:08:56.0714 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/10/29 10:08:56.0808 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/29 10:08:56.0824 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/29 10:08:56.0855 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/10/29 10:08:56.0933 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/10/29 10:08:56.0980 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/29 10:08:57.0011 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/10/29 10:08:57.0089 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/10/29 10:08:57.0214 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/29 10:08:57.0354 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/10/29 10:08:57.0448 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/29 10:08:57.0510 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/29 10:08:57.0604 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/29 10:08:57.0666 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/10/29 10:08:57.0744 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/29 10:08:57.0838 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/29 10:08:57.0962 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/10/29 10:08:58.0103 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/10/29 10:08:58.0181 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/29 10:08:58.0352 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/10/29 10:08:58.0540 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/10/29 10:08:58.0633 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys

2010/10/29 10:08:58.0742 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/10/29 10:08:58.0805 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/10/29 10:08:58.0867 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/10/29 10:08:59.0070 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

2010/10/29 10:08:59.0117 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

2010/10/29 10:08:59.0179 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/10/29 10:08:59.0273 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/10/29 10:08:59.0335 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

2010/10/29 10:08:59.0398 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/10/29 10:08:59.0569 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/10/29 10:08:59.0803 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/29 10:08:59.0959 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

2010/10/29 10:09:00.0193 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/29 10:09:00.0318 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/10/29 10:09:00.0427 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/10/29 10:09:00.0599 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/29 10:09:00.0661 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/29 10:09:00.0724 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/29 10:09:00.0848 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/29 10:09:00.0926 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/29 10:09:01.0036 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/29 10:09:01.0067 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/29 10:09:01.0223 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/10/29 10:09:01.0270 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/29 10:09:01.0426 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/10/29 10:09:01.0566 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys

2010/10/29 10:09:01.0660 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

2010/10/29 10:09:01.0722 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/29 10:09:01.0816 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys

2010/10/29 10:09:01.0862 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/10/29 10:09:01.0940 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys

2010/10/29 10:09:02.0003 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/10/29 10:09:02.0050 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

2010/10/29 10:09:02.0096 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

2010/10/29 10:09:02.0159 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/10/29 10:09:02.0237 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/10/29 10:09:02.0315 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/10/29 10:09:02.0377 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/10/29 10:09:02.0440 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/10/29 10:09:02.0533 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/10/29 10:09:02.0642 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/10/29 10:09:02.0830 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/10/29 10:09:03.0266 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/10/29 10:09:03.0454 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys

2010/10/29 10:09:03.0703 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/29 10:09:03.0797 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/29 10:09:04.0062 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\Windows\system32\DRIVERS\stwrt64.sys

2010/10/29 10:09:04.0327 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/29 10:09:04.0405 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/10/29 10:09:04.0702 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/10/29 10:09:04.0920 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/10/29 10:09:05.0326 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/10/29 10:09:05.0560 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/29 10:09:05.0684 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/29 10:09:05.0825 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/10/29 10:09:05.0996 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/10/29 10:09:06.0184 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/29 10:09:06.0324 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/29 10:09:06.0527 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/29 10:09:06.0605 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/10/29 10:09:06.0730 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/29 10:09:06.0792 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/10/29 10:09:07.0057 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/29 10:09:07.0151 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/10/29 10:09:07.0198 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/10/29 10:09:07.0244 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/10/29 10:09:07.0276 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/10/29 10:09:07.0354 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/29 10:09:07.0463 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/29 10:09:07.0525 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

2010/10/29 10:09:07.0634 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/29 10:09:07.0697 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/29 10:09:07.0744 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/29 10:09:07.0822 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/29 10:09:07.0900 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

2010/10/29 10:09:07.0993 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/29 10:09:08.0040 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/29 10:09:08.0149 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2010/10/29 10:09:08.0243 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/29 10:09:08.0274 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/10/29 10:09:08.0305 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/10/29 10:09:08.0383 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/10/29 10:09:08.0477 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/10/29 10:09:08.0586 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/10/29 10:09:08.0680 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/10/29 10:09:08.0758 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/10/29 10:09:08.0851 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/29 10:09:08.0867 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/29 10:09:08.0945 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/10/29 10:09:09.0116 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/29 10:09:09.0397 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2010/10/29 10:09:09.0647 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/29 10:09:09.0740 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/29 10:09:09.0834 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/29 10:09:09.0881 ================================================================================

2010/10/29 10:09:09.0881 Scan finished

2010/10/29 10:09:09.0881 ================================================================================

2010/10/29 10:09:57.0426 Deinitialize success

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Results of screen317's Security Check version 0.99.5

Windows Vista (UAC is enabled)

Out of date service

pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 21

Java 6 Update 5

Out of date Java installed!

Adobe Flash Player 10.1.82.76

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

windows defender MpCmdRun.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

hello,

only one file opened(otl.txt). nothing else saved to my desktop. i tryed to open 'my documents', access denied. checked newest

i use a linksys router. should i reset it or wait for further instructions?

thank you!

quick side note, my last infection was found in my mbr.

OTL logfile created on: 10/31/2010 4:46:52 PM - Run 2

OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\BedigandMary\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 221.65 Gb Total Space | 126.58 Gb Free Space | 57.11% Space Free | Partition Type: NTFS

Drive D: | 11.24 Gb Total Space | 1.83 Gb Free Space | 16.25% Space Free | Partition Type: NTFS

Computer Name: BEDIGANDMARY-PC | User Name: BedigandMary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/31 16:44:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe

PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/10/31 16:44:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe

MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)

SRV:64bit: - [2008/03/18 16:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)

SRV:64bit: - [2008/02/12 13:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/12/11 12:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/10/23 02:16:34 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2008/10/23 02:16:34 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)

DRV:64bit: - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)

DRV:64bit: - [2008/03/27 12:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 12:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/02/29 15:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)

DRV:64bit: - [2008/01/31 16:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)

DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)

DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)

DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)

DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)

DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/08/17 12:48:08 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 03:12:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 13:25:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 13:25:50 | 000,000,000 | ---D | M]

[2010/03/20 20:08:13 | 000,000,000 | ---D | M] -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Extensions

[2010/10/31 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Firefox\Profiles\a11mwgv3.default\extensions

[2010/04/28 14:48:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Firefox\Profiles\a11mwgv3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/31 16:37:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/05/04 16:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/10/31 16:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/10/31 16:37:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\BedigandMary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\BedigandMary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 16:44:05 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe

[2010/10/31 16:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010/10/31 16:37:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010/10/31 16:37:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010/10/31 16:37:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010/10/31 16:33:21 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\BedigandMary\Desktop\jxpiinstall.exe

[2010/10/29 10:08:00 | 000,000,000 | ---D | C] -- C:\Users\BedigandMary\Desktop\tdsskiller

[2010/10/26 11:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/10/26 11:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/10/26 11:42:02 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\BedigandMary\Desktop\spybotsd162.exe

[2010/10/26 10:20:35 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2010/10/26 10:20:35 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2010/10/26 10:20:25 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll

[2010/10/26 10:20:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll

[2010/10/26 10:20:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll

[2010/10/26 10:20:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

[2010/10/24 00:06:39 | 000,000,000 | R--D | C] -- C:\Users\BedigandMary\Desktop\bedopkzfuku449

[2010/10/13 09:16:11 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll

[2010/10/13 09:16:11 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll

[2010/10/13 09:16:08 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010/10/13 09:15:59 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010/10/13 09:15:58 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010/10/13 09:15:57 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010/10/13 09:15:57 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010/10/13 09:15:56 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010/10/13 09:15:56 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2010/10/13 09:15:56 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010/10/13 09:15:56 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010/10/13 09:15:56 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/10/13 09:15:56 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll

[2010/10/13 09:15:56 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll

[2010/10/13 09:15:55 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2010/10/13 09:15:41 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010/10/13 09:15:36 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010/10/13 09:15:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010/10/13 09:15:33 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010/10/13 09:15:19 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010/10/13 09:15:19 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010/10/13 09:15:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010/10/13 09:15:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010/10/13 09:15:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2010/10/13 09:15:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2010/10/13 09:15:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll

[2010/10/13 09:15:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010/10/13 09:14:58 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010/10/13 09:11:43 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2010/10/13 09:11:43 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2010/10/05 09:53:59 | 000,000,000 | ---D | C] -- C:\Users\BedigandMary\AppData\Roaming\Avira

[2010/10/05 09:42:15 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/10/05 09:42:15 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/10/05 09:42:15 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/10/05 09:42:15 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/10/05 09:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

========== Files - Modified Within 30 Days ==========

[2010/10/31 16:44:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe

[2010/10/31 16:37:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2010/10/31 16:37:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010/10/31 16:37:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010/10/31 16:37:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010/10/31 16:33:22 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\BedigandMary\Desktop\jxpiinstall.exe

[2010/10/31 16:28:19 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/10/31 16:28:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/31 16:28:06 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/31 16:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/31 16:27:47 | 4256,133,120 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/31 16:26:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/10/31 13:57:23 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F54C0B5-B365-4AD8-9FC0-6DCF103A51F6}.job

[2010/10/29 12:29:59 | 000,869,051 | ---- | M] () -- C:\Users\BedigandMary\Desktop\SecurityCheck.exe

[2010/10/29 10:06:38 | 001,207,026 | ---- | M] () -- C:\Users\BedigandMary\Desktop\tdsskiller.zip

[2010/10/26 11:59:09 | 000,001,079 | ---- | M] () -- C:\Users\BedigandMary\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/10/26 11:59:09 | 000,001,057 | ---- | M] () -- C:\Users\BedigandMary\Desktop\Spybot - Search & Destroy.lnk

[2010/10/26 11:50:27 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\BedigandMary\Desktop\spybotsd162.exe

[2010/10/24 20:09:13 | 000,000,000 | ---- | M] () -- C:\Users\BedigandMary\defogger_reenable

[2010/10/24 20:07:55 | 000,050,477 | ---- | M] () -- C:\Users\BedigandMary\Desktop\Defogger.exe

[2010/10/24 19:43:53 | 000,294,912 | ---- | M] () -- C:\Users\BedigandMary\Desktop\kydnc9g2.exe

[2010/10/24 19:32:31 | 000,545,280 | ---- | M] () -- C:\Users\BedigandMary\Desktop\dds.scr

[2010/10/21 03:03:01 | 000,726,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/21 03:03:01 | 000,608,644 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/21 03:03:01 | 000,106,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/13 09:29:35 | 000,314,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/05 09:42:28 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/10/05 09:31:37 | 044,089,904 | ---- | M] () -- C:\Users\BedigandMary\Desktop\avira_antivir_personal_en.exe

========== Files Created - No Company Name ==========

[2010/10/29 12:29:54 | 000,869,051 | ---- | C] () -- C:\Users\BedigandMary\Desktop\SecurityCheck.exe

[2010/10/29 10:08:20 | 000,058,024 | ---- | C] () -- \TDSSKiller.2.4.5.1_29.10.2010_10.08.20_log.txt

[2010/10/29 10:06:36 | 001,207,026 | ---- | C] () -- C:\Users\BedigandMary\Desktop\tdsskiller.zip

[2010/10/26 11:59:09 | 000,001,079 | ---- | C] () -- C:\Users\BedigandMary\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/10/26 11:59:09 | 000,001,057 | ---- | C] () -- C:\Users\BedigandMary\Desktop\Spybot - Search & Destroy.lnk

[2010/10/24 20:09:13 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\defogger_reenable

[2010/10/24 20:07:54 | 000,050,477 | ---- | C] () -- C:\Users\BedigandMary\Desktop\Defogger.exe

[2010/10/24 19:43:53 | 000,294,912 | ---- | C] () -- C:\Users\BedigandMary\Desktop\kydnc9g2.exe

[2010/10/24 19:32:30 | 000,545,280 | ---- | C] () -- C:\Users\BedigandMary\Desktop\dds.scr

[2010/10/05 09:42:28 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/10/05 09:27:26 | 044,089,904 | ---- | C] () -- C:\Users\BedigandMary\Desktop\avira_antivir_personal_en.exe

[2010/08/23 10:11:53 | 4256,133,120 | -HS- | C] () --

[2010/08/17 12:48:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/08/11 21:08:05 | 000,000,732 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\d3d9caps64.dat

[2010/08/03 20:17:45 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Roaming\wklnhst.dat

[2010/04/19 10:59:21 | 000,005,632 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/26 04:08:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/03/26 04:07:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2010/03/20 19:55:51 | 000,427,144 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistMSI3630.txt

[2010/03/20 19:55:50 | 000,011,626 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistUI3630.txt

[2010/03/20 19:30:15 | 000,002,402 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistMSI2284.txt

[2010/03/20 19:30:08 | 000,125,744 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistUI2284.txt

[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\QSwitch.txt

[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\DSwitch.txt

[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\AtStart.txt

[2010/03/20 15:11:10 | 000,000,366 | -H-- | C] () -- \IPH.PH

[2010/03/20 13:39:18 | 274,755,583 | -HS- | C] () --

[2008/02/08 01:51:02 | 000,333,257 | RHS- | C] () -- \bootmgr

[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006/12/01 23:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

< End of report >

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: Compal

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP Pavilion dv4 Notebook PC

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 196):

0x02616000 \SystemRoot\system32\ntoskrnl.exe

0x02B2D000 \SystemRoot\system32\hal.dll

0x00602000 \SystemRoot\system32\kdcom.dll

0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00647000 \SystemRoot\system32\PSHED.dll

0x0065B000 \SystemRoot\system32\CLFS.SYS

0x006B8000 \SystemRoot\system32\CI.dll

0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008F1000 \SystemRoot\system32\drivers\acpi.sys

0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00950000 \SystemRoot\system32\drivers\msisadrv.sys

0x0095A000 \SystemRoot\system32\drivers\pci.sys

0x0098A000 \SystemRoot\system32\drivers\isapnp.sys

0x00993000 \SystemRoot\system32\drivers\mpio.sys

0x009B5000 \SystemRoot\System32\drivers\partmgr.sys

0x009CA000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x009CE000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x009DA000 \SystemRoot\system32\drivers\volmgr.sys

0x0076A000 \SystemRoot\System32\drivers\volmgrx.sys

0x009EE000 \SystemRoot\system32\drivers\intelide.sys

0x007D0000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x009F6000 \SystemRoot\system32\drivers\pciide.sys

0x00800000 \SystemRoot\system32\drivers\aliide.sys

0x007E0000 \SystemRoot\system32\drivers\amdide.sys

0x007E7000 \SystemRoot\system32\drivers\cmdide.sys

0x00A0D000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A20000 \SystemRoot\system32\drivers\msdsm.sys

0x00A3E000 \SystemRoot\system32\drivers\nvraid.sys

0x00A61000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x00A8D000 \SystemRoot\system32\drivers\viaide.sys

0x00A95000 \SystemRoot\system32\drivers\iastorv.sys

0x00B5C000 \SystemRoot\system32\drivers\atapi.sys

0x00B64000 \SystemRoot\system32\drivers\ataport.SYS

0x00B88000 \SystemRoot\system32\drivers\lsi_scsi.sys

0x00C04000 \SystemRoot\system32\drivers\storport.sys

0x00C61000 \SystemRoot\system32\drivers\nvstor.sys

0x00C71000 \SystemRoot\system32\drivers\msahci.sys

0x00C7B000 \SystemRoot\system32\drivers\hpcisss.sys

0x00C89000 \SystemRoot\system32\drivers\adp94xx.sys

0x00D02000 \SystemRoot\system32\drivers\adpahci.sys

0x00D58000 \SystemRoot\system32\drivers\adpu160m.sys

0x00D79000 \SystemRoot\system32\drivers\SCSIPORT.SYS

0x00DA7000 \SystemRoot\system32\drivers\adpu320.sys

0x00DD6000 \SystemRoot\system32\drivers\djsvs.sys

0x00BA6000 \SystemRoot\system32\drivers\arc.sys

0x00BBF000 \SystemRoot\system32\drivers\arcsas.sys

0x00E0D000 \SystemRoot\system32\drivers\elxstor.sys

0x00EB0000 \SystemRoot\system32\drivers\i2omp.sys

0x00EBB000 \SystemRoot\system32\drivers\iirsp.sys

0x00ECC000 \SystemRoot\system32\drivers\iteatapi.sys

0x00ED9000 \SystemRoot\system32\drivers\iteraid.sys

0x00EE6000 \SystemRoot\system32\drivers\lsi_fc.sys

0x00F04000 \SystemRoot\system32\drivers\lsi_sas.sys

0x00F20000 \SystemRoot\system32\drivers\megasas.sys

0x00F2C000 \SystemRoot\system32\drivers\megasr.sys

0x00FF3000 \SystemRoot\system32\drivers\mraid35x.sys

0x00DEE000 \SystemRoot\system32\drivers\nfrd960.sys

0x01009000 \SystemRoot\system32\drivers\ql2300.sys

0x0115B000 \SystemRoot\system32\drivers\ql40xx.sys

0x011B9000 \SystemRoot\system32\drivers\sisraid2.sys

0x011C7000 \SystemRoot\system32\drivers\sisraid4.sys

0x011DD000 \SystemRoot\system32\drivers\symc8xx.sys

0x011EB000 \SystemRoot\system32\drivers\sym_hi.sys

0x00BD8000 \SystemRoot\system32\drivers\sym_u3.sys

0x0120C000 \SystemRoot\system32\drivers\uliahci.sys

0x01255000 \SystemRoot\system32\drivers\ulsata.sys

0x01284000 \SystemRoot\system32\drivers\ulsata2.sys

0x012C6000 \SystemRoot\system32\drivers\vsmraid.sys

0x012ED000 \SystemRoot\system32\drivers\fltmgr.sys

0x01334000 \SystemRoot\system32\drivers\fileinfo.sys

0x01348000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0140F000 \SystemRoot\system32\drivers\ndis.sys

0x01601000 \SystemRoot\system32\drivers\msrpc.sys

0x01651000 \SystemRoot\system32\drivers\NETIO.SYS

0x01801000 \SystemRoot\System32\drivers\tcpip.sys

0x01977000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01A03000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01B83000 \SystemRoot\system32\drivers\wd.sys

0x01B8B000 \SystemRoot\system32\drivers\volsnap.sys

0x01BCF000 \SystemRoot\System32\Drivers\spldr.sys

0x01BD7000 \SystemRoot\system32\drivers\sbp2port.sys

0x019A3000 \SystemRoot\System32\Drivers\mup.sys

0x019B5000 \SystemRoot\System32\drivers\ecache.sys

0x01BF0000 \SystemRoot\system32\DRIVERS\hpdskflt.sys

0x019E1000 \SystemRoot\system32\drivers\disk.sys

0x019F5000 \SystemRoot\system32\drivers\crcdisk.sys

0x016CE000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x016DB000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x016E4000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x01BFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x02A0E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x016F7000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0319A000 \SystemRoot\System32\drivers\watchdog.sys

0x031AA000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x031B6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x017DA000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03208000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x03409000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x03581000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x035AC000 \SystemRoot\system32\DRIVERS\jmcr.sys

0x035CF000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x035E5000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

0x035F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x032F5000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x03329000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x03335000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x03351000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x0335E000 \SystemRoot\system32\DRIVERS\Accelerometer.sys

0x0336A000 \SystemRoot\system32\DRIVERS\enecir.sys

0x03400000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x03386000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x033BF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x033CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x033EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x013CF000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x017EB000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x015D2000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x00BE6000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03607000 \SystemRoot\system32\DRIVERS\termdd.sys

0x0361A000 \SystemRoot\system32\DRIVERS\swenum.sys

0x0361C000 \SystemRoot\system32\DRIVERS\ks.sys

0x03650000 \SystemRoot\system32\DRIVERS\circlass.sys

0x03661000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x0366C000 \SystemRoot\system32\DRIVERS\umbus.sys

0x0367C000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x036C4000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x036D8000 \SystemRoot\system32\DRIVERS\stwrt64.sys

0x03753000 \SystemRoot\system32\DRIVERS\portcls.sys

0x0378E000 \SystemRoot\system32\DRIVERS\drmk.sys

0x037B1000 \SystemRoot\system32\drivers\ksthunk.sys

0x04A0E000 \SystemRoot\system32\DRIVERS\agrsm64.sys

0x04B4A000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04B4C000 \SystemRoot\system32\drivers\modem.sys

0x04B5B000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x04B80000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04B89000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04B9B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04BA3000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04BBF000 \SystemRoot\system32\DRIVERS\hidir.sys

0x04BCA000 \SystemRoot\system32\DRIVERS\Amusbx64.sys

0x04BD3000 \SystemRoot\System32\Drivers\usbvideo.sys

0x04A00000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x037B7000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x037C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x037CC000 \SystemRoot\System32\Drivers\Null.SYS

0x037D5000 \SystemRoot\system32\DRIVERS\Amfltx64.sys

0x037DE000 \SystemRoot\System32\drivers\vga.sys

0x04C0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x04C34000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x04C3D000 \SystemRoot\system32\drivers\rdpencdd.sys

0x04C46000 \SystemRoot\System32\Drivers\Msfs.SYS

0x04C51000 \SystemRoot\System32\Drivers\Npfs.SYS

0x04C62000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x04C6B000 \SystemRoot\system32\DRIVERS\tdx.sys

0x04C88000 \SystemRoot\system32\DRIVERS\smb.sys

0x04CA3000 \SystemRoot\system32\drivers\afd.sys

0x04D0E000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04D52000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04D70000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04D7F000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04D9A000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x04DE7000 \SystemRoot\system32\drivers\nsiproxy.sys

0x04E0C000 \SystemRoot\System32\Drivers\dfsc.sys

0x04E29000 \SystemRoot\system32\DRIVERS\avipbb.sys

0x04E4B000 \SystemRoot\System32\Drivers\crashdmp.sys

0x04E59000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x04E65000 \SystemRoot\System32\Drivers\dump_msahci.sys

0x000E0000 \SystemRoot\System32\win32k.sys

0x04E6F000 \SystemRoot\System32\drivers\Dxapi.sys

0x04E7B000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00450000 \SystemRoot\System32\TSDDD.dll

0x006B0000 \SystemRoot\System32\cdd.dll

0x04E8E000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x04EAB000 \SystemRoot\system32\drivers\luafv.sys

0x04ECD000 \SystemRoot\system32\drivers\spsys.sys

0x04F67000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x04F7B000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x04FAF000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x04FBA000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x16E01000 \SystemRoot\system32\drivers\HTTP.sys

0x16EA4000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x16ECD000 \SystemRoot\system32\DRIVERS\bowser.sys

0x16EEB000 \SystemRoot\System32\drivers\mpsdrv.sys

0x16F05000 \SystemRoot\system32\drivers\mrxdav.sys

0x16F2C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x16F55000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x16F9E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x16FBD000 \SystemRoot\System32\DRIVERS\srv2.sys

0x17201000 \SystemRoot\System32\DRIVERS\srv.sys

0x17295000 \SystemRoot\system32\drivers\peauth.sys

0x1734B000 \SystemRoot\System32\Drivers\secdrv.SYS

0x17356000 \SystemRoot\System32\drivers\tcpipreg.sys

0x17368000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x17384000 \??\C:\Windows\system32\drivers\mbam.sys

0x77110000 \WINDOWS\System32\ntdll.dll

Processes (total 74):

0 System Idle Process

4 System

476 C:\WINDOWS\System32\smss.exe

572 csrss.exe

608 C:\WINDOWS\System32\wininit.exe

628 csrss.exe

664 C:\WINDOWS\System32\services.exe

676 C:\WINDOWS\System32\lsass.exe

684 C:\WINDOWS\System32\lsm.exe

844 C:\WINDOWS\System32\winlogon.exe

872 C:\WINDOWS\System32\svchost.exe

916 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

936 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

364 C:\WINDOWS\System32\svchost.exe

548 C:\WINDOWS\System32\svchost.exe

624 C:\WINDOWS\System32\svchost.exe

564 C:\WINDOWS\System32\svchost.exe

1040 C:\WINDOWS\System32\svchost.exe

1072 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe

1208 C:\WINDOWS\System32\audiodg.exe

1368 C:\WINDOWS\System32\SLsvc.exe

1412 C:\WINDOWS\System32\svchost.exe

1496 C:\WINDOWS\System32\hpservice.exe

1560 C:\WINDOWS\System32\svchost.exe

1680 C:\WINDOWS\System32\wlanext.exe

1788 C:\WINDOWS\System32\spoolsv.exe

1816 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

1828 C:\WINDOWS\System32\svchost.exe

1036 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe

1376 C:\WINDOWS\System32\agr64svc.exe

1476 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1520 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1548 C:\WINDOWS\System32\svchost.exe

1912 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2152 C:\WINDOWS\System32\svchost.exe

2168 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

2184 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

2208 C:\WINDOWS\SMINST\BLService.exe

2296 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

2316 C:\WINDOWS\System32\svchost.exe

2348 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

2380 C:\WINDOWS\System32\svchost.exe

2460 C:\WINDOWS\System32\SearchIndexer.exe

2488 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

1276 C:\WINDOWS\System32\dwm.exe

2404 C:\WINDOWS\System32\taskeng.exe

720 C:\WINDOWS\explorer.exe

3184 C:\WINDOWS\System32\igfxtray.exe

3192 C:\WINDOWS\System32\hkcmd.exe

3200 C:\WINDOWS\System32\igfxpers.exe

3208 C:\Program Files\Apoint2K\Apoint.exe

3216 C:\WINDOWS\System32\taskeng.exe

3232 C:\Program Files\IDT\WDM\sttray64.exe

3240 C:\WINDOWS\ehome\ehtray.exe

3260 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

3292 C:\WINDOWS\System32\igfxsrvc.exe

3440 C:\Program Files (x86)\HP\QuickPlay\QPService.exe

3448 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

3456 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

3484 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3520 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

3608 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3684 C:\WINDOWS\ehome\ehmsas.exe

2624 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

3136 C:\Program Files\iPod\bin\iPodService.exe

3856 WmiPrvSE.exe

2244 C:\Program Files\Apoint2K\ApMsgFwd.exe

3604 C:\Program Files\Apoint2K\ApntEx.exe

2704 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

2816 C:\WINDOWS\System32\SearchProtocolHost.exe

3656 C:\WINDOWS\System32\SearchFilterHost.exe

3664 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

800 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

2264 C:\Users\BedigandMary\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`69700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Link to post
Share on other sites

  • Staff

Hi,

1. Very important: First disconnect your computer from the internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

3. Reset the IP/DNS settings of your interent connection:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Let me know what issues persist.

Link to post
Share on other sites

hello

i did what you said. the settings regarding tcp/ip was already set at your recommended settings. but i have 2, Version 6 (TCP/IPv6) & Version 4 (TCP/IPv4). i checked both, settings are good on both, but do i need both?

also, everytime i reboot my system, windows def gives me a security warning; one is "firewall is off" the other "antivirus is off". i get one of the 2 everytime i reboot now. it does go away on its own, or somehow turns itself back on, regardless of what i do.

its still not right by any means. what can i do to completely erase this? i'm in the process of backing up my pics and docs to floppy discs...i mean cd's... caveman style :welcome: it wouldnt let me do it the easy way, so i have to pull every file so i dont transfer the hidden process thats in 'every' folder... i cant even compile all my pics into 1 folder. and it wont eject the disc if i dont do it the 'hard way'...

do you think it would help it i remove all programs(avira, mbam, spybot, itunes, defogger, etc) then reinstall them all again? also, i'm going to order a system restore CD from HP, just in case.

thanks for your help!!! i'll be patiently waiting for your reply

Link to post
Share on other sites

  • Staff

Hi,

I'm beginning to be more and more convinced that this is not a malware issue but a system corruption issue.

When you disks arrive, I would recommend performing either a Repair Installation of Windows, or (I even more highly recommend) backing up all your data and starting fresh with a format of your hard drive and reinstallation of Windows.

Let me know what you decide to do.

Link to post
Share on other sites

thank you Screen, i completely agree. i've spent a few days(literally) backing up all data. then i started erasing bogus files, my windows would stop working "windows not responding" mbam didnt run, Avira scan took 4 hours, etc...

at this point, short of reenacting a scene from one of my favorite movies, Office Space(and the printer, lol), i need to do a complete system restore w a factory disc.

question... would you recommend i stay w Vista or upgrade to 7? i'm going to buy a new computer in the next 3 weeks, so this computer will end up as an extra.

also, any idea on how i could have got this??

thanks for all your help!!

Link to post
Share on other sites

hello,

i've ordered the disc, should be here tomorrow.

Bogus files...

adobe reader 8

certain picture files(with no picture in it), wouldn't delete. i check the 'hidden process' etc and find Thumbs.db(hidden), ehthumbs.db(not hidden), Desktop.ini(hidden, the culprit i think) Desktop.is the hidden process thats in most of the files. thumbs and ehthumbs are in most all, sometimes hidden sometimes not, sometimes both. ehthumbs_vista.db is another i found. hpqp.ini. all 1kb files

this is what one of the desktop.ini hidden process text files have right now. i copy/pasted below

[LocalizedFileNames]

Pictures.lnk=@shell32.dll,-21779

Sample Pictures.lnk=@%SystemRoot%\system32\shell32.dll,-21805

also came across this. found it 11-6-2010, i removed some text and added **** in a few spots, then decided to just leave it alone and post. if you would like, i'll post the rest.

IntelGFX.log

>>> 3/20/2010 13:51:50:321

[installer]

Installer Version: 1.1.10.0

Date Compiled = Fri Apr 11 10:51:31 2008

Commandline = -s

[Resources]

Intel® 4 Series Express Chipset Family

HardwareID = PCI\VEN_8086&DEV_2A43&SUBSYS_360B103C

Matched HardwareID = PCI\VEN_8086&DEV_2A42&SUBSYS_30F7103C

Installed Driver = {4d36e968-e325-11ce-bfc1-08002be10318}\0000

!!! ERROR 0x2: Error querying registry key

Matched HardwareID = PCI\VEN_8086&DEV_2A43&SUBSYS_30F7103C

{INF Info}

Current INF = C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf

Date = 06/04/2008

Version = 6.10.00.2056

ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}

PackageInfo.Name =

PackageInfo.Sequence = 0

PackageInfo.INFSource =

Manufacturer = Intel,NT.5.1,NTamd64.6.0

Resolved Manufacturer = Intel.NTamd64.6.0

Inf supports 64 bit.

Description: Intel® High Definition Audio HDMI

HardwareID = HDAUDIO\FUNC_*****

Description: Intel® High Definition Audio HDMI

HardwareID = HDAUDIO\FUNC_01****

Matched HardwareID = HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101

Installed Driver = {4d3****}\0007

[Manditory Filters]

[Filter Active]

[Filter 4ID]

[PreChecks]

Windows Version = WINVSTA

New version = 7.15.10.1502

Old version = 6.0.6001.18000

New version = 7.15.10.1502

Old version =

New version = 6.10.00.2056

Old version = 6.0.6000.16386

[Dialogs]

Mode = Silent

[Cleanup Previous]

Using RegDeleteKeyEx

[installApp]

Opened IIF2.ini

[Filter INI Conditions]

[CopyDir]

[CopyFiles]

New Uninstall Key = copyfile0

Copy File Source = C:\SwSetup\Drivers\Video\setup.exe

Copy File Destination = C:\Windows\SysWOW64\igxpun.exe

Silent mode. Skipping dialogs.

Copy File Source = C:\SwSetup\Drivers\Video\difxapi.dll

Copy File Destination = C:\Windows\SysWOW64\difxapi.dll

Silent mode. Skipping dialogs.

Copy File Source = C:\SwSetup\Drivers\Video\x64\difxapi.dll

Copy File Destination = C:\Windows\SysWOW64\x64\difxapi.dll

Silent mode. Skipping dialogs.

Copy File Source = C:\SwSetup\Drivers\Video\x64\Difx64.exe

Copy File Destination = C:\Windows\SysWOW64\x64\Difx64.exe

Silent mode. Skipping dialogs.

New Uninstall Key = copyfile1

Copy File Source = C:\SwSetup\Drivers\Video\Lang\HDMI\ENU\HDMIENU.dll

Copy File Destination = C:\Windows\SysWOW64\Lang\HDMI\ENU\HDMIENU.dll

Silent mode. Skipping dialogs.

New Uninstall Key = copyfile2

Copy File (uninstallonly) = C:\Windows\SysWOW64\igfxsrvc.exe

New Uninstall Key = copyfile3

Copy File (uninstallonly) = C:\Windows\SysWOW64\igfxtray.exe

[Registry]

New Uninstall Key = registry0

Created Key (uninstallonly)= HKLM\SOFTWARE\Intel\Display\=,

New Uninstall Key = registry1

Create SZ Key = HKLM\System\CurrentControlSet\Control\Windows\SystemDirectory=C:\Windows\SysWOW64,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry2

Create SZ Key = HKLM\System\CurrentControlSet\Services\ialm\Device0\SystemDirectory=C:\Windows\SysWOW64,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry3

Create SZ Key = HKLM\System\CurrentControlSet\Services\ialm\Device1\SystemDirectory=C:\Windows\SysWOW64,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry4

Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\DisplayName=Intel® Graphics Media Accelerator Driver,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry5

Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\UninstallString=C:\Windows\SysWOW64\igxpun.exe -uninstall,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry6

Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\DisplayIcon=C:\Windows\SysWOW64\igxpun.exe,0,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry7

Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\Publisher=Intel Corporation,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry8

Create DWORD Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\EstimatedSize=39000000,dw

Silent mode. Skipping dialogs.

New Uninstall Key = registry9

Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\InstallLocation=C:\Program Files (x86)\Intel\Intel Quick Resume Technology,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry10

Create DWORD Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\NoModify=1,dw

Silent mode. Skipping dialogs.

New Uninstall Key = registry11

Create DWORD Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\NoRepair=1,dw

Silent mode. Skipping dialogs.

Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\WinSat=winsat dwm -xml results.xml,sz

Silent mode. Skipping dialogs.

New Uninstall Key = registry12

Created Key (uninstallonly)= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds=,

New Uninstall Key = registry13

Created Key (uninstallonly)= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IgfxTray=,

New Uninstall Key = registry14

Created Key (uninstallonly)= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Persistence=,

[DLLs]

[services]

[Processes]

[shortcuts]

[installDev]

[Device]

Driver = C:\SwSetup\Drivers\Video\Graphics\Kit14110.inf

Silent mode. Skipping dialogs.

Silent mode. Skipping dialogs.

INF = C:\SwSetup\Drivers\Video\Graphics\Kit14110.inf

Provider = Microsoft

Installed INF = C:\Windows\inf\display.inf

Previous driver package =

! Warning 0xE0000235: DriverPackageGetPath failed.

Difx = 64 bit

Execute command: C:\SwSetup\Drivers\Video\x64\Difx64.exe -DriverInf "C:\SwSetup\Drivers\Video\Graphics\Kit14110.inf" -Flags 20 -KeyPath "Software\Intel\Difx64"

Using RegDeleteKeyEx

Installed Package = C:\SwSetup\Drivers\Video\Graphics\Kit14110.inf

Package Requires Reboot = no

New Uninstall Key = inf0

[Device]

Driver = C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf

Silent mode. Skipping dialogs.

Silent mode. Skipping dialogs.

INF = C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf

Provider = Microsoft

Installed INF = C:\Windows\inf\hdaudio.inf

Previous driver package =

! Warning 0xE0000235: DriverPackageGetPath failed.

Difx = 64 bit

Execute command: C:\SwSetup\Drivers\Video\x64\Difx64.exe -DriverInf "C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf" -Flags 20 -KeyPath "Software\Intel\Difx64"

Using RegDeleteKeyEx

Installed Package = C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf

Package Requires Reboot = no

New Uninstall Key = inf1

Using RegDeleteKeyEx

[Finish]

[ResponseResult]

ResultCode = 0

<<< 3/20/2010 13:53:28:789

i dont know if any of these are normal, but i also found some word docs that are in japanese/chinese/?? its not english, i know that. cant find it, but found this log file from a few minutes ago. its a SetupExe(*ton of numbers*).log this is only a small portion.

PERF: TickCount=208477162 Name=RunSetup Description=Begin function

Catalyst execution began: 11/09/2010 18:00:37.

Setup COM Server Session: CollectUserInfo.

The ProductCode ({91120000-002F-0000-0000-0000000FF1CE}) is resolved to ProductId (HOMESTUDENTR)

Setupexe Resiliency Mode is set to [AlwaysPerform]; thus Resiliency is [enabled] for the [CollectUserInfoExecutionMode]

Ensuring the install-state of setup controller files for product [HOMESTUDENTR].

Ensuring the install-state of setup controller featur...

also found about 5 renamed pictures in a random file. i know i didnt do it, the names have about 20 numbers or more.

i have no idea if any of these are normal, but there is much i'm not adding. please let me know if there is anything specific you'd like to know, or that i can do, prior to my complete restore.

thank you so much for your help!

Link to post
Share on other sites

ok, here is one that i found right now in my pictures\for sale file. desktop seams to always be a 1kb process that jumps from one file to another, constantly.

removing all my pics "the hard way" consisted of opening each individual file and "copying" the clean pics(hopefully) to a new folder on my desktop, then "copying" them to the E drive/cd. if i did it any other way, as in cut paste, or through file\move to folder\E\ etc, the download would not finish(computer makes crazy noises) then disc would not eject, and windows would stop responding. i hit ctl alt del and before the task manager even opens, windows is running again.

i found this today, and in the same file, i found a shortcut pic with no picture in it. i cant even open it. 374bytes but taking 4.00kb on disc. created aug 29, 2010, modified oct 18, 2008, accessed aug 29, 2010. i've had this computer for almost a year and bought it new. also, i have many files w shortcut logos on them that i cannot access.

desktop.ini from my for sale folder. hidden

[LocalizedFileNames]

Pictures.lnk=@shell32.dll,-21779

Sample Pictures.lnk=@%SystemRoot%\system32\shell32.dll,-21805

desktop.ini from its own folder. pictures\Slide Shows. hidden

[.ShellClassInfo]

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21819

another. hidden

[LocalizedFileNames]

Pictures.lnk=@shell32.dll,-21779

desktop.ini in pictures folder, hidden.

[ExtShellFolderViews]

Default={8BEBB290-52D0-11D0-B7F4-00C04FD706EC}

{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}={8BEBB290-52D0-11D0-B7F4-00C04FD706EC}

{5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262}

[{5984FFE0-28D4-11CF-AE66-08002B2E1262}]

WebViewTemplate.NT5=%WebDir%\ImgView.htt

[.ShellClassInfo]

InfoTip=@Shell32.dll,-12688

IconFile=%SystemRoot%\system32\mydocs.dll

IconIndex=-101

[DeleteOnCopy]

Owner=PeterM

Personalized=39

PersonalizedName=My Pictures

desktop.ini in my documents. the only file in there now. created 11-7-2010, 1kb

[.ShellClassInfo]

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21770

IconResource=%SystemRoot%\system32\imageres.dll,-112

IconFile=%SystemRoot%\system32\shell32.dll

IconIndex=-235

1 'read only hidden file' named 'Originals' w 1 pic in it, but 3 files. made aug 29 2010. once i open it i find hidden picasa.ini and Thumbs.db, but the picture in the file is not hidden. if that makes sense.

about 20 new shortcut files from today in my Youcam pics folder. i tryed to open them, nothing there. i check properties and its a document. but i have no access to my docs(shortcut logo)

just found SIV100.tmp and SIV105.tmp in my pictures. wont open, hidden, modified in 2008

SIV28A.tmp, created aug 29, 2010, modified oct 22, 2005. hidden.

AdobeAR8.1.2_A5.cva 4kb. SwSetup\Adobe. created april 21, 2008. notepad, then when i closed it, i couldnt open it again. good thing i copied.

C:\Swsetup\Adobe\AdobeAR8.1.2_A5.cva

C:\Swsetup\CyberDVD\CyberLink DVD Suite.cva

C:\Swsetup\Drivers\Audio\1001902.CVA

C:\Swsetup\Drivers\Chipset\1001909.CVA

C:\Swsetup\Drivers\CIR\1001907.CVA

C:\Swsetup\Drivers\CReader\1001905.cva

C:\Swsetup\Drivers\Modem\vista_modem_installer.cva

C:\Swsetup\Drivers\Network\1001904.CVA

C:\Swsetup\Drivers\ProtSHD\SP39123.CVA

C:\Swsetup\Drivers\Touchpad\1001987.CVA

C:\Swsetup\Drivers\Video\1001950.cva

C:\Swsetup\Drivers\WLAN\sp38119.cva

C:\Swsetup\ESUVT\ESU.CVA

C:\Swsetup\HPASL\sp39157.cva

C:\Swsetup\HPUGID\UG0101.CVA

C:\Swsetup\HPUpdate\HPSU.cva

C:\Swsetup\HSC\SP38989.cva

C:\Swsetup\Inetsec\Sym.cva

C:\Swsetup\LSSS\LSSS.cva

C:\Swsetup\MMFlash\AdobeFlash9.0.115.0.CVA

C:\Swsetup\MSWorks\MS Works 90.cva

C:\Swsetup\MVEDV\MuveeBasic_6.1.4.26_1758b_A6.cva

C:\Swsetup\QLB\SP38688.CVA

C:\Swsetup\QPW\QP4W.cva

C:\Swsetup\QTouch\QTouch.cva

C:\Swsetup\SFTD\Slingboxflashtour.CVA

C:\Swsetup\SPFS\Slingbox140206_A2.cva

C:\Swsetup\SUNJAVA\SunJava.cva

C:\Swsetup\sw_ver\325670B2.CVA

C:\Swsetup\sw_ver\OCAMRK.CVA

C:\Swsetup\sw_ver\TPV6HP00.CVA

C:\Swsetup\WLASST\SP39041.CVA

C:\Swsetup\YouCam\Youcam.cva

Resegrg_.TTF from 3-22-2004 ReserviorGrunge. i have no idea where this came from, or what it is. 'full security, Everyone' under properties. something about font type. file version jan 23, 2002, initial release. ©1999 ZETAfonts for copyright. this is one of many TTF files in SwSetup.

it seams that most of the desktop.ini files are gone. maybe from my constant cleaning, or maybe ??? Thumbs.db is everywhere now, including other randoms, like IPH.PH, 1kb, dated 3-20-2010. i have never used AOL.

i just found a word doc dated 3-10-2010 regarding MS framework. eula.rtf[compatability mode] in chinese. i'd post it for you, but i cannot copy it. under C\ton of numbers&letters\1028

this is from yesterday. i just found it under bedigandmary\appdata\local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 4kb, notepad, not hidden.

Link to post
Share on other sites

  • Staff

Hi,

Please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.

Navigate to File --> Save As..., and save the file as RegExport.bat (make sure the Save As Type is set to All Files).

Save it to your Desktop.

@echo off
REGEDIT.exe /E "%userprofile%\DESKTOP\ExplorerAdvanced.reg" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
REGEDIT.exe /E "%userprofile%\DESKTOP\ExplorerPolicies.reg" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
REGEDIT.exe /E "%userprofile%\DESKTOP\SystemPolicies.reg" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System"
EXIT

Now navigate to your Desktop, and double click RegExport.bat

A black window will open and close quickly. This is normal.

Now, open Notepad, navigate to your Desktop, and open SystemPolicies.reg, ExplorerPolicies.reg, and ExplorerAdvanced.reg. Post the contents of each.

Link to post
Share on other sites

hello Chris

I decided to do a complete system restore to factory setting with the os discs i got in the mail from hp. i'm almost positive i did everything correctly...

restart, enter f10, made sure cd-dvd was first to boot, it was.

enter disc with computer off then hit start.

went thru step by step.

entered 2nd disc.

1st thing i did then is bypass my router and plug right into the modem, then to computer. left Norton on and running just to access internet.

Avira, downloaded. (Norton Removed). reboot. ran avira.....VIRUS!!!! APPL/KillApp.A its in quarentine. should i delete it or submit it for futher review? also, i have 18 hidden files, before it was 52. and i think a few of those 18 are not supposed to be there, but just a guess.

i will download mbam now and run it. probably post in the morning, depending on scan time.

any suggestions??? did i miss a step?? maybe do something wrong in the process? i am completely baffled! the only place left is my d drive, which i thought is all hp back up stuff....?

heres Avira Scan

Avira AntiVir Personal

Report file date: Friday, November 12, 2010 19:09

Scanning for 3043988 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista x64

Windows version : (Service Pack 1) [6.0.6001]

Boot mode : Normally booted

Username : SYSTEM

Computer name : PETE-PC

Version information:

BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/3/2010 00:09:56

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 21:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 8/3/2010 00:10:00

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 08:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 04:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 20:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:10:03

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:10:04

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:10:06

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:46:44

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:46:54

VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:46:54

VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:46:54

VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:46:55

VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:46:56

VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:46:57

VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:46:59

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 00:47:00

VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 00:47:00

VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 00:47:00

VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 00:47:00

VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 00:47:01

VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 00:47:01

VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 00:47:01

VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 00:47:01

VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 00:47:01

VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 00:47:02

VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 00:47:02

VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 00:47:02

VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 00:47:02

VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 00:47:02

VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 00:47:03

VBASE031.VDF : 7.10.13.235 75776 Bytes 11/12/2010 00:47:03

Engineversion : 8.2.4.98

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/3/2010 00:09:54

AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/13/2010 00:47:22

AESCN.DLL : 8.1.6.1 127347 Bytes 8/3/2010 00:09:53

AESBX.DLL : 8.1.3.1 254324 Bytes 8/3/2010 00:09:53

AERDL.DLL : 8.1.9.2 635252 Bytes 11/13/2010 00:47:20

AEPACK.DLL : 8.2.3.11 471416 Bytes 11/13/2010 00:47:18

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/3/2010 00:09:52

AEHEUR.DLL : 8.1.2.41 3043703 Bytes 11/13/2010 00:47:15

AEHELP.DLL : 8.1.14.0 246134 Bytes 11/13/2010 00:47:09

AEGEN.DLL : 8.1.3.24 401781 Bytes 11/13/2010 00:47:07

AEEMU.DLL : 8.1.2.0 393588 Bytes 8/3/2010 00:09:49

AECORE.DLL : 8.1.17.0 196982 Bytes 11/13/2010 00:47:06

AEBB.DLL : 8.1.1.0 53618 Bytes 8/3/2010 00:09:48

AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/3/2010 00:09:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 8/3/2010 00:09:55

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 23:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 8/3/2010 00:09:55

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/3/2010 00:09:56

AVARKT.DLL : 10.0.0.14 227176 Bytes 8/3/2010 00:09:54

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/3/2010 00:09:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 23:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/3/2010 00:09:56

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 23:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 22:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/3/2010 00:10:08

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Friday, November 12, 2010 19:09

Starting search for hidden objects.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\name

[NOTE] The registry entry is invisible.

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\id

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring

C:\Windows\system32\unregmp2.exe /ShowWMP

C:\Windows\system32\unregmp2.exe /ShowWMP

[NOTE] The registry entry is invisible.

C:\Program Files\Windows Media Player

C:\Program Files\Windows Media Player

[NOTE] The registry entry is invisible.

C:\Program Files\Windows Media Player

C:\Windows\system32\wbem\Logs\WMITracing.log

C:\Windows\system32\wbem\Logs\WMITracing.log

[NOTE] The registry entry is invisible.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Get Online.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Get Online.lnk

[NOTE] The registry entry is invisible.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype)

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'avscan.exe' - '81' Module(s) have been scanned

Scan process 'avscan.exe' - '30' Module(s) have been scanned

Scan process 'avcenter.exe' - '65' Module(s) have been scanned

Scan process 'HpqToaster.exe' - '26' Module(s) have been scanned

Scan process 'Com4QLBEx.exe' - '19' Module(s) have been scanned

Scan process 'WiFiMsg.EXE' - '36' Module(s) have been scanned

Scan process 'hpqWmiEx.exe' - '32' Module(s) have been scanned

Scan process 'avgnt.exe' - '49' Module(s) have been scanned

Scan process 'jusched.exe' - '23' Module(s) have been scanned

Scan process 'HPWAMain.exe' - '33' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '17' Module(s) have been scanned

Scan process 'QLBCTRL.exe' - '43' Module(s) have been scanned

Scan process 'QPService.exe' - '90' Module(s) have been scanned

Scan process 'LightScribeControlPanel.exe' - '32' Module(s) have been scanned

Scan process 'ViewpointService.exe' - '31' Module(s) have been scanned

Scan process 'RichVideo.exe' - '22' Module(s) have been scanned

Scan process 'BLService.exe' - '27' Module(s) have been scanned

Scan process 'QPSched.exe' - '40' Module(s) have been scanned

Scan process 'QPCapSvc.exe' - '77' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'avguard.exe' - '64' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '344' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\HP\BIN\EndProcess.exe

[DETECTION] Contains recognition pattern of the APPL/KillApp.A application

Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:

C:\HP\BIN\EndProcess.exe

[DETECTION] Contains recognition pattern of the APPL/KillApp.A application

[NOTE] The file was moved to the quarantine directory under the name '4871c5cd.qua'.

End of the scan: Saturday, November 13, 2010 01:57

Used time: 52:20 Minute(s)

The scan has been done completely.

28218 Scanned directories

463940 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

463939 Files not concerned

2793 Archives were scanned

0 Warnings

1 Notes

611472 Objects were scanned with rootkit scan

18 Hidden objects were found

thanks for your help!

Link to post
Share on other sites

if i may ask, how can you know/tell its a false positive?? i only had Avira on and everything else was turned off....

and yes, i'm still experiencing issues.

heres another explanation in more detail...

avira has 23 hidden now. i'm going to do my best and list all this in order...

installed avira, ran 1st scan. Norton removed, comp restarted, wired internet. scan started, about 10 mins in, got hung up on a hidden file, showed the virus while still hung up, internet globe disappeared(local only) but no notification, then globe came back on my internet icon and 18 hidden files show up on the scan, all together, same time.

todays scan found 23 files, and the same happened. scan stuck on a file, globe went away(local only), 23 hidden show up this time, then internet(globe) is back adn scan continues, no virus. i also see the warning, detection, suspicious area "0" flicker as if it wants to warn me but something is stopping it. this cant be normal.... why does the scan freeze on a file, switch to 'local only'(with no warning), spit out hidden files, then turn internet back on????? if you could explain, or maybe a give me a reliable link to read about it, that would be great!

3 IP block today while searching google.

69.167.169.186

69.167.169.186

95.168.179.245

thanks!

Link to post
Share on other sites

  • Staff
if i may ask, how can you know/tell its a false positive?? i only had Avira on and everything else was turned off....
Perhaps you misunderstand what I mean by false positive. Avira is calling that HP file malware because it contains characteristics that malware uses sometimes; that doesn't make the file itself malcious.

All of your problems appear to be artifacts of the Avira scans you are reading.

I recommend switching antivirus software to either Microsoft Security Essentials or avast!. All of your "problems" are related to Avira not working properly, not your computer not working.

Let me know what you want to do.

Link to post
Share on other sites

hello Chris

i used Avast before but had the same issues with it. hidden/password protected files. i was informed that it may not work well on 64 bit or vista and recommended i try Avira. i did just that and found hidden files right away. she also commented as you did that 'its normal to have hidden files' here is the link to my post from a few months ago...http://forums.malwarebytes.org/index.php?showtopic=60342&hl=petesnewjob

well, i downloaded Eset yesterday adn ran a scan...

C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

then rebooted, ran Avira, found 19 hidden files, not 23. i checked the scan results next to each other, sure enough, hpqware is one of the 'missing' hidden files. imo, there are still 3 or 4 hidden reg files something is attached too.

can you please recommend a good hard drive destroyer(software, DOD spec)?? free program or purchased, i dont mind at this point. i want to completely erase/reformat all drives and partitions(C: D:) and reinstall my factory discs, again.. if that doesnt fix this, i dont know what will.

also, if its not malware, what could it be? is the Eset scan false as well?

thanks for help! please let me know what you think....

Link to post
Share on other sites

  • Staff

Look at the files being detected:

C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

Look where they are located.

They are all files that came with your computer.

"Detecting" hidden files doesn't mean anything if no infection is associated to them. It means exactly that: they're hidden. Nothing else.

Think about it-- if you were actually infected, you would be experiencing symptoms of infection. You would be getting popups. You would be getting fake antispyware programs trying to steal your money.

If you insist, here's a guide on DoD-level hard drive formatting:

http://www.ehow.com/how_6813633_wipe-hard-...completely.html

At this point I have nothing more I can tell you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.