Jump to content

Hijack of Firefox, started out as kevinsmoneytree.org


sjt

Recommended Posts

When I open Firefox, it will open up a new junk tab on its own. At first it would open kevinsmoneytree.org, and now it opens a series of different sites, some claiming that my registry is infected. I followed instructions at this link: http://forums.malwarebytes.org/index.php?showtopic=9573.

1. I scanned (quick and full scans) with Malware Bytes anti malware, and it found nothing

2. I ran Avira Anti Virus for a full scan, found nothing

3. DeFogger - RAN IT TO disable MY CD Emulation drivers.

4. I tried to run DDS three times and it crashed my computer every time

5. I ran GMER and it found some potential Rootkit hijacks

My scans need to be read, please. The scans from Malware and GMER follow.

I am running WinXPHome Service Pack 3

Thanks in advance for the advice.

Malware Scan log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5088

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/10/2010 8:58:54 AM

mbam-log-2010-11-10 (08-58-54).txt

Scan type: Quick scan

Objects scanned: 157288

Time elapsed: 11 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

GMER log (also zipped and attached):

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-11-08 15:47:43

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK8032GSX rev.AS111G

Running: 4bqjfbef.exe; Driver: C:\DOCUME~1\dad\LOCALS~1\Temp\kwdoikob.sys

---- System - GMER 1.0.15 ----

SSDT B966525E ZwCreateKey

SSDT B9665254 ZwCreateThread

SSDT B9665263 ZwDeleteKey

SSDT B966526D ZwDeleteValueKey

SSDT B9665272 ZwLoadKey

SSDT B9665240 ZwOpenProcess

SSDT B9665245 ZwOpenThread

SSDT B966527C ZwReplaceKey

SSDT B9665277 ZwRestoreKey

SSDT B9665268 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9314EBF]

? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A

.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A

.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C

.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A

.text C:\WINDOWS\System32\svchost.exe[1192] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D8000A

.text C:\WINDOWS\Explorer.EXE[4988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001B000A

.text C:\WINDOWS\Explorer.EXE[4988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 001C000A

.text C:\WINDOWS\Explorer.EXE[4988] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 001A000C

.text C:\Program Files\Mozilla Firefox\firefox.exe[16620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0137000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[16620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0138000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[16620] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0136000C

.text C:\Program Files\Mozilla Firefox\firefox.exe[16620] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[17284] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

.text C:\Program Files\Microsoft Office\Office12\EXCEL.EXE[17284] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 330B9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A34F999

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A34F999

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A34F999

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK8032GSX_______________________AS111G__#5&69b5607&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!

Disk \Device\Harddisk0\DR0 sector 28: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 35: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 38: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 42: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 43: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 44: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 45: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 48: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 52: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 54: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 55: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sectors 155910569 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

sjt_gmer.zip

Link to post
Share on other sites

Hi sjt,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

    [*]Please post the contents of these 2 Notepad files in your next reply.

Link to post
Share on other sites

Thanks a lot for the quick assistance!

OTL.txt below

OTL logfile created on: 11/10/2010 3:27:49 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = c:\Documents and Settings\dad\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free

3.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.34 Gb Total Space | 46.08 Gb Free Space | 61.98% Space Free | Partition Type: NTFS

Computer Name: SJT-LAPTOP | User Name: dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)

PRC - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe (Logitech, Inc.)

PRC - c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe (Logitech, Inc.)

PRC - C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

PRC - C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe (Vonage Holdings)

PRC - C:\Program Files\Eraser\eraser.exe (-)

========== Modules (SafeList) ==========

MOD - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

MOD - C:\WINDOWS\system32\TDispVol.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found

DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found

DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found

DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found

DRV - (BVRPMPR5) -- D:\INSTAL~E\Core\BVRPMPR5.SYS File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co., LTD.)

DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co., LTD.)

DRV - (PTDMWFLT) -- C:\WINDOWS\system32\drivers\PTDMWFLT.sys (DEVGURU Co., LTD.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel

Link to post
Share on other sites

Thanks a lot for the quick assistance, deltalima!

OTL.txt below

OTL logfile created on: 11/10/2010 3:27:49 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = c:\Documents and Settings\dad\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free

3.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.34 Gb Total Space | 46.08 Gb Free Space | 61.98% Space Free | Partition Type: NTFS

Computer Name: SJT-LAPTOP | User Name: dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)

PRC - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe (Logitech, Inc.)

PRC - c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe (Logitech, Inc.)

PRC - C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

PRC - C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe (Vonage Holdings)

PRC - C:\Program Files\Eraser\eraser.exe (-)

========== Modules (SafeList) ==========

MOD - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

MOD - C:\WINDOWS\system32\TDispVol.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found

DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found

DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found

DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found

DRV - (BVRPMPR5) -- D:\INSTAL~E\Core\BVRPMPR5.SYS File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co., LTD.)

DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co., LTD.)

DRV - (PTDMWFLT) -- C:\WINDOWS\system32\drivers\PTDMWFLT.sys (DEVGURU Co., LTD.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel

Link to post
Share on other sites

Thanks a lot for the quick assistance, deltalima!

OTL.txt below

OTL logfile created on: 11/10/2010 3:27:49 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = c:\Documents and Settings\dad\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free

3.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.34 Gb Total Space | 46.08 Gb Free Space | 61.98% Space Free | Partition Type: NTFS

Computer Name: SJT-LAPTOP | User Name: dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)

PRC - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe (Logitech, Inc.)

PRC - c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe (Logitech, Inc.)

PRC - C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

PRC - C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe (Vonage Holdings)

PRC - C:\Program Files\Eraser\eraser.exe (-)

========== Modules (SafeList) ==========

MOD - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

MOD - C:\WINDOWS\system32\TDispVol.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found

DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found

DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found

DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found

DRV - (BVRPMPR5) -- D:\INSTAL~E\Core\BVRPMPR5.SYS File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co., LTD.)

DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co., LTD.)

DRV - (PTDMWFLT) -- C:\WINDOWS\system32\drivers\PTDMWFLT.sys (DEVGURU Co., LTD.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel

Link to post
Share on other sites

Thanks a lot for the quick assistance, deltalima!

OTL.txt below

OTL logfile created on: 11/10/2010 3:27:49 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = c:\Documents and Settings\dad\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free

3.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.34 Gb Total Space | 46.08 Gb Free Space | 61.98% Space Free | Partition Type: NTFS

Computer Name: SJT-LAPTOP | User Name: dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)

PRC - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe (Logitech, Inc.)

PRC - c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe (Logitech, Inc.)

PRC - C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

PRC - C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe (Vonage Holdings)

PRC - C:\Program Files\Eraser\eraser.exe (-)

========== Modules (SafeList) ==========

MOD - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

MOD - C:\WINDOWS\system32\TDispVol.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found

DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found

DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found

DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found

DRV - (BVRPMPR5) -- D:\INSTAL~E\Core\BVRPMPR5.SYS File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co., LTD.)

DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co., LTD.)

DRV - (PTDMWFLT) -- C:\WINDOWS\system32\drivers\PTDMWFLT.sys (DEVGURU Co., LTD.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel

Link to post
Share on other sites

Thanks a lot for the quick assistance, deltalima!

OTL.txt below

OTL logfile created on: 11/10/2010 3:27:49 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = c:\Documents and Settings\dad\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free

3.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.34 Gb Total Space | 46.08 Gb Free Space | 61.98% Space Free | Partition Type: NTFS

Computer Name: SJT-LAPTOP | User Name: dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)

PRC - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe (Logitech, Inc.)

PRC - c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe (Logitech, Inc.)

PRC - C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

PRC - C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe (Vonage Holdings)

PRC - C:\Program Files\Eraser\eraser.exe (-)

========== Modules (SafeList) ==========

MOD - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

MOD - C:\WINDOWS\system32\TDispVol.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found

DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found

DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found

DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found

DRV - (BVRPMPR5) -- D:\INSTAL~E\Core\BVRPMPR5.SYS File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co., LTD.)

DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co., LTD.)

DRV - (PTDMWFLT) -- C:\WINDOWS\system32\drivers\PTDMWFLT.sys (DEVGURU Co., LTD.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel

Link to post
Share on other sites

Hi sjt,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.

Link to post
Share on other sites

Thanks a lot for the quick assistance, deltalima!

OTL.txt below

OTL logfile created on: 11/10/2010 3:27:49 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = c:\Documents and Settings\dad\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 20.00% Memory free

3.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.34 Gb Total Space | 46.08 Gb Free Space | 61.98% Space Free | Partition Type: NTFS

Computer Name: SJT-LAPTOP | User Name: dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)

PRC - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe (Logitech, Inc.)

PRC - c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe (Logitech, Inc.)

PRC - C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TCtrlIOHook.exe (TOSHIBA)

PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)

PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

PRC - C:\WINDOWS\system32\ZoomingHook.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

PRC - C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe (Vonage Holdings)

PRC - C:\Program Files\Eraser\eraser.exe (-)

========== Modules (SafeList) ==========

MOD - c:\Documents and Settings\dad\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)

MOD - C:\WINDOWS\system32\TDispVol.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found

DRV - (NWUSBPort) -- C:\WINDOWS\System32\DRIVERS\nwusbser.sys File not found

DRV - (NWUSBModem) -- C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys File not found

DRV - (NWADI) -- C:\WINDOWS\System32\DRIVERS\NWADIenum.sys File not found

DRV - (BVRPMPR5) -- D:\INSTAL~E\Core\BVRPMPR5.SYS File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co., LTD.)

DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co., LTD.)

DRV - (PTDMWFLT) -- C:\WINDOWS\system32\drivers\PTDMWFLT.sys (DEVGURU Co., LTD.)

DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()

DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (mr7910) -- C:\WINDOWS\system32\drivers\mr7910.sys (Mars Semiconductor Corp.)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel

Link to post
Share on other sites

Hello Deltalima,

I enjoyed your advice to run the TDSSKILLER only once, especially after I posted my logs from last scan 5 times. My browser kept giving me a failure notice every time I tried to post the reply, and advising me to try again. Sorry.

Anyway, thanks again and here is the log from the TDSSKILLER:

2010/11/11 09:55:08.0015 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22

2010/11/11 09:55:08.0015 ================================================================================

2010/11/11 09:55:08.0015 SystemInfo:

2010/11/11 09:55:08.0015

2010/11/11 09:55:08.0015 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/11 09:55:08.0015 Product type: Workstation

2010/11/11 09:55:08.0015 ComputerName: SJT-LAPTOP

2010/11/11 09:55:08.0015 UserName: dad

2010/11/11 09:55:08.0015 Windows directory: C:\WINDOWS

2010/11/11 09:55:08.0015 System windows directory: C:\WINDOWS

2010/11/11 09:55:08.0015 Processor architecture: Intel x86

2010/11/11 09:55:08.0015 Number of processors: 1

2010/11/11 09:55:08.0015 Page size: 0x1000

2010/11/11 09:55:08.0015 Boot type: Normal boot

2010/11/11 09:55:08.0015 ================================================================================

2010/11/11 09:55:08.0359 Initialize success

2010/11/11 09:55:47.0062 ================================================================================

2010/11/11 09:55:47.0062 Scan started

2010/11/11 09:55:47.0062 Mode: Manual;

2010/11/11 09:55:47.0062 ================================================================================

2010/11/11 09:55:47.0953 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/11 09:55:48.0000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/11/11 09:55:48.0093 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/11 09:55:48.0187 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/11/11 09:55:48.0265 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/11 09:55:48.0375 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/11/11 09:55:48.0796 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/11/11 09:55:48.0906 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/11 09:55:49.0046 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2010/11/11 09:55:49.0140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/11 09:55:49.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/11 09:55:49.0296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/11 09:55:49.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/11 09:55:49.0546 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/11/11 09:55:49.0750 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/11/11 09:55:49.0796 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/11/11 09:55:49.0875 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/11 09:55:49.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/11 09:55:50.0031 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/11/11 09:55:50.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/11 09:55:50.0171 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/11 09:55:50.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/11 09:55:50.0281 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/11/11 09:55:50.0515 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/11/11 09:55:50.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/11 09:55:50.0750 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2010/11/11 09:55:50.0796 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2010/11/11 09:55:50.0843 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS

2010/11/11 09:55:50.0875 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2010/11/11 09:55:50.0906 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2010/11/11 09:55:50.0953 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2010/11/11 09:55:50.0984 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2010/11/11 09:55:51.0015 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2010/11/11 09:55:51.0062 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2010/11/11 09:55:51.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/11 09:55:51.0312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/11 09:55:51.0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/11 09:55:51.0562 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/11 09:55:51.0625 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/11 09:55:51.0734 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2010/11/11 09:55:51.0781 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2010/11/11 09:55:51.0890 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/11/11 09:55:52.0015 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/11 09:55:52.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/11 09:55:52.0187 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2010/11/11 09:55:52.0359 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/11 09:55:52.0437 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/11 09:55:52.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/11 09:55:52.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/11 09:55:52.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/11 09:55:52.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/11 09:55:52.0828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/11 09:55:52.0937 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/11 09:55:53.0187 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/11 09:55:53.0390 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/11 09:55:53.0546 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/11/11 09:55:53.0781 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/11 09:55:54.0093 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/11/11 09:55:54.0703 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/11 09:55:54.0765 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/11 09:55:54.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/11 09:55:54.0937 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/11 09:55:55.0000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/11 09:55:55.0062 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/11 09:55:55.0296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/11 09:55:55.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/11 09:55:55.0625 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/11 09:55:55.0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/11 09:55:56.0015 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/11 09:55:56.0171 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/11/11 09:55:56.0328 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/11/11 09:55:56.0421 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2010/11/11 09:55:56.0546 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2010/11/11 09:55:56.0671 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2010/11/11 09:55:57.0046 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2010/11/11 09:55:57.0578 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

2010/11/11 09:55:57.0640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/11 09:55:57.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/11 09:55:57.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/11 09:55:57.0859 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/11 09:55:57.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/11 09:55:58.0015 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys

2010/11/11 09:55:58.0281 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/11 09:55:58.0406 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/11 09:55:58.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/11 09:55:58.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/11 09:55:58.0625 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/11 09:55:58.0671 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/11 09:55:58.0718 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/11 09:55:58.0765 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/11/11 09:55:58.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/11 09:55:58.0890 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/11/11 09:55:59.0125 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/11 09:55:59.0187 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/11/11 09:55:59.0250 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/11 09:55:59.0312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/11 09:55:59.0375 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/11 09:55:59.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/11 09:55:59.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/11 09:55:59.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/11 09:55:59.0625 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

2010/11/11 09:55:59.0703 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/11 09:55:59.0781 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/11 09:55:59.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/11 09:56:00.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/11 09:56:00.0218 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/11 09:56:00.0250 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/11 09:56:00.0375 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/11 09:56:00.0468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/11/11 09:56:00.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/11 09:56:00.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/11 09:56:00.0593 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/11 09:56:00.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/11 09:56:00.0687 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/11/11 09:56:00.0890 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

2010/11/11 09:56:01.0031 PNDIS5 (3ab95ecf07a0576a6be736cfbaa9619c) c:\drivers\LINKSY~1\PNDIS5.SYS

2010/11/11 09:56:01.0234 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/11 09:56:01.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/11 09:56:01.0328 PTDMBus (c23d7e6cfdfbdf0139a9315655315fc7) C:\WINDOWS\system32\DRIVERS\PTDMBus.sys

2010/11/11 09:56:01.0375 PTDMMdm (182ed48f0f876e10ed2398fa4cf8e385) C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys

2010/11/11 09:56:01.0421 PTDMVsp (0f13e2f9c746fa53a0292f6a9b7a34d4) C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys

2010/11/11 09:56:01.0453 PTDMWFLT (cd358e58e865989667ff3af59a546ece) C:\WINDOWS\system32\DRIVERS\PTDMWFLT.sys

2010/11/11 09:56:01.0500 PTDMWWAN (3e1793aea177a1192495d21ff09512bb) C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys

2010/11/11 09:56:01.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/11 09:56:01.0640 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/11 09:56:01.0875 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/11 09:56:02.0125 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/11 09:56:02.0203 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/11 09:56:02.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/11 09:56:02.0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/11 09:56:02.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/11 09:56:02.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/11 09:56:02.0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/11 09:56:02.0578 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/11/11 09:56:02.0765 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/11/11 09:56:02.0843 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/11 09:56:02.0937 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/11/11 09:56:03.0015 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2010/11/11 09:56:03.0046 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2010/11/11 09:56:03.0093 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/11 09:56:03.0390 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/11/11 09:56:03.0578 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS

2010/11/11 09:56:03.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/11 09:56:03.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/11 09:56:03.0968 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/11 09:56:04.0156 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/11/11 09:56:04.0250 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys

2010/11/11 09:56:04.0328 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/11/11 09:56:04.0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/11 09:56:04.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/11 09:56:04.0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/11 09:56:04.0906 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys

2010/11/11 09:56:05.0046 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/11 09:56:05.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/11 09:56:05.0343 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/11 09:56:05.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/11 09:56:05.0562 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys

2010/11/11 09:56:05.0671 TPwSav (9ffffb4c5b06c7b75e8159f1106006ac) C:\WINDOWS\system32\Drivers\TPwSav.sys

2010/11/11 09:56:05.0718 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys

2010/11/11 09:56:05.0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/11 09:56:06.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/11 09:56:06.0265 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/11/11 09:56:06.0359 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/11 09:56:06.0437 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/11 09:56:06.0531 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/11 09:56:06.0609 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/11/11 09:56:06.0671 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/11 09:56:06.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/11 09:56:06.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/11 09:56:06.0968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/11 09:56:07.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/11 09:56:07.0093 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/11 09:56:07.0296 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2010/11/11 09:56:07.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/11 09:56:07.0687 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/11/11 09:56:07.0812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/11 09:56:07.0968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/11/11 09:56:08.0062 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/11 09:56:08.0078 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/11 09:56:08.0156 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/11/11 09:56:08.0156 ================================================================================

2010/11/11 09:56:08.0156 Scan finished

2010/11/11 09:56:08.0156 ================================================================================

2010/11/11 09:56:08.0171 Detected object count: 1

2010/11/11 09:57:29.0500 \HardDisk0 - will be cured after reboot

2010/11/11 09:57:29.0500 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

Link to post
Share on other sites

Hi sjt,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 0
    "AntiVirusOverride" = 0
    :commands
    [REBOOT]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now please run a quick scan with Malwarebytes and post the log in your next reply and let me know how the computer is running now.

Link to post
Share on other sites

So far, so good! I have not had any sites opening up their own tabs in Firefox like they were. I have rebooted and also restarted Firefox at least 6 times and opened groups of windows that previously had caused unwanted added tabs to open.

Thanks, Deltalima!

Should I re-enable the CD Emulation drivers?

Thanks again,

sjt

Link to post
Share on other sites

Hi sjt,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.

All versions numbered lower than 9.4 are vulnerable.

  • Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22.

  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version

DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:

  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Link to post
Share on other sites

Here is the Scan after doing the OTL fix:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5096

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/11/2010 5:05:50 PM

mbam-log-2010-11-11 (17-05-50).txt

Scan type: Quick scan

Objects scanned: 157295

Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi sjt,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.

All versions numbered lower than 9.4 are vulnerable.

  • Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22.

  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version

DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:

  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.