KimP Posted November 11, 2010 ID:343207 Share Posted November 11, 2010 **I think I've attached/copied the requested logs. Thank you for any help.**DDS (Ver_10-11-10.01) - NTFSx86 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5038Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.1897511/10/2010 12:22:43 PMmbam-log-2010-11-10 (12-22-43).txtScan type: Quick scanObjects scanned: 165088Time elapsed: 8 minute(s), 54 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Heidi\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> No action taken.Run by Heidi at 14:13:32.94 on Wed 11/10/2010Internet Explorer: 8.0.6001.18975MicrosoftAttach.zip Link to post Share on other sites More sharing options...
Maniac Posted November 12, 2010 ID:343776 Share Posted November 12, 2010 Hello KimP! Welcome to Malwarebytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Follow my instructions step by step if there is a problem somewhere, stop and tell me.Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Keep me informed about any changes.Step 1First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping Avira AntiVir Personal , so please uninstall AVG Free 9.0 .Step 2Your database version of Malwarebytes' Anti-Malware is old, so please:Launch Malwarebytes' Anti-MalwareGo to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In your next reply, please include these log(s):Malwarebytes' Anti-Malware loga new fresh DDS log only Link to post Share on other sites More sharing options...
KimP Posted November 12, 2010 Author ID:343973 Share Posted November 12, 2010 First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping Avira AntiVir Personal , so please uninstall AVG Free 9.0 . ** I downloaded Avira at the recommendation of this website when I couldn't get the AVG to respond in any way, including uninstallation. I tried to uninstall again just now and here is the error I got:***Installer initialization failed due to following error: Error: Initialization of the language file "C:\Program Files\AVG\AVG9" failed. Initialization of languages failed or files count is zero.**Here is the Malwarebytes' Anti-Malware log that shows it quarantined and successfully deleted. It always shows up again after I restart the computer.**Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5102Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.1897511/12/2010 11:24:48 AMmbam-log-2010-11-12 (11-24-48).txtScan type: Quick scanObjects scanned: 166444Time elapsed: 7 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Heidi\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.DDS (Ver_10-11-10.01) - NTFSx86 Run by Heidi at 11:33:27.49 on Fri 11/12/2010Internet Explorer: 8.0.6001.18975Microsoft Link to post Share on other sites More sharing options...
Maniac Posted November 14, 2010 ID:345170 Share Posted November 14, 2010 Okay, step by step... let's fix this issue with AVG. Follow these instructions and let me know:http://forums.avg.com/ww-en/avg-free-forum...4013#post_44013 Link to post Share on other sites More sharing options...
KimP Posted November 14, 2010 Author ID:345259 Share Posted November 14, 2010 By the way, I didn't say "Hello, nice to meet you" last time. I followed the instructions for a 32-bit (since that was what worked). After restart, I deleted c:\program files\AVG, as instructed. The other four files listed for Windows Vista, I did not find: C:\ProgramData\AVG8C:\ProgramData\AVG9C:\Users\<user>\AppData\Roaming\AVG8C:\Users\<user>\AppData\Roaming\AVG9I do, however, see file c:\AVG Temp with "delete_ndis" inside (looks like an execute file, but I'm not sure). I got this computer from a friend, and that file is dated previous to my receipt of the computer. Shall I delete that file too?Thanks for your help. Link to post Share on other sites More sharing options...
Maniac Posted November 15, 2010 ID:345513 Share Posted November 15, 2010 Yes, please. Link to post Share on other sites More sharing options...
KimP Posted November 15, 2010 Author ID:345618 Share Posted November 15, 2010 It has been deleted. Link to post Share on other sites More sharing options...
Maniac Posted November 15, 2010 ID:345711 Share Posted November 15, 2010 Please post a new fresh DDS log only. Link to post Share on other sites More sharing options...
KimP Posted November 15, 2010 Author ID:345802 Share Posted November 15, 2010 DDS (Ver_10-11-10.01) - NTFSx86 Run by Heidi at 13:17:18.78 on Mon 11/15/2010Internet Explorer: 8.0.6001.18975Microsoft Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2010 ID:346029 Share Posted November 16, 2010 You follow all the steps, right?http://forums.avg.com/ww-en/avg-free-forum...4013#post_44013 Link to post Share on other sites More sharing options...
KimP Posted November 16, 2010 Author ID:346356 Share Posted November 16, 2010 I followed all the steps up until it says "stop here if not re-installing", so I didn't understand why it still looked like it was showing up somewhere. As I stated before, there were four folders I couldn't find to remove: I followed the instructions for a 32-bit (since that was what worked). After restart, I deleted c:\program files\AVG, as instructed. The other four files listed for Windows Vista, I did not find: C:\ProgramData\AVG8C:\ProgramData\AVG9C:\Users\<user>\AppData\Roaming\AVG8C:\Users\<user>\AppData\Roaming\AVG9I just restarted the computer and did a search for anything that included "AVG8" or "AVG9" and the only thing that came up were previous DDS logs I had saved and posted here (excluding the one I posted yesterday). Link to post Share on other sites More sharing options...
Maniac Posted November 17, 2010 ID:346610 Share Posted November 17, 2010 I see...Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. Link to post Share on other sites More sharing options...
KimP Posted November 17, 2010 Author ID:346865 Share Posted November 17, 2010 OTL logfile created on: 11/17/2010 11:31:38 AM - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Heidi\DesktopWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18975)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 288.27 Gb Total Space | 189.51 Gb Free Space | 65.74% Space Free | Partition Type: NTFSDrive D: | 9.82 Gb Total Space | 4.45 Gb Free Space | 45.30% Space Free | Partition Type: NTFSComputer Name: TREVOR | User Name: Heidi | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Heidi\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)PRC - C:\Windows\explorer.exe (Microsoft Corporation)PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)PRC - C:\Windows\System32\CSHelper.exe ()PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)========== Modules (SafeList) ==========MOD - C:\Users\Heidi\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)SRV - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)SRV - (GameConsoleService) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)========== Driver Services (SafeList) ==========DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not foundDRV - (SDDMI2) -- C:\Windows\System32\DDMI2.sys File not foundDRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not foundDRV - (rcvpn) -- C:\Windows\System32\DRIVERS\rcvpn.sys File not foundDRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not foundDRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not foundDRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not foundDRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not foundDRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys File not foundDRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)DRV - (SWIPsec) -- C:\Windows\System32\drivers\SWIPsec.sys (SonicWALL, Inc.)DRV - (SWVNIC) -- C:\Windows\System32\drivers\SWVNIC.sys (SonicWALL, Inc.)DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)DRV - (atkdisplf) -- C:\Windows\System32\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)DRV - (asusgsb) -- C:\Windows\System32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)DRV - (NETw2v32) Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel Link to post Share on other sites More sharing options...
KimP Posted November 17, 2010 Author ID:346886 Share Posted November 17, 2010 After I pasted the last info and could see where "AVG8" and "AVG9" showed up, I decided the files I needed to delete were hidden. I somehow found some (no idea how!), located c:\programdata\AVG9 and deleted it. Then I figured out how to show hidden icons and found C:\Users\<user>\AppData\Roaming\AVG9 and deleted it also. The recycle bin was hidden, so I figured out how to show it and emptied it as well. I still see folder c:\$AVG\$Vault - shall I delete that too?I'm posting OTL log again. For some reason, the "extras" screen didn't pop up this time.OTL logfile created on: 11/17/2010 12:22:41 PM - Run 3OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Heidi\DesktopWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18975)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 288.27 Gb Total Space | 204.08 Gb Free Space | 70.80% Space Free | Partition Type: NTFSDrive D: | 9.82 Gb Total Space | 4.45 Gb Free Space | 45.30% Space Free | Partition Type: NTFSDrive F: | 1005.72 Mb Total Space | 571.84 Mb Free Space | 56.86% Space Free | Partition Type: FATComputer Name: TREVOR | User Name: Heidi | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Heidi\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)PRC - C:\Windows\explorer.exe (Microsoft Corporation)PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)PRC - C:\Windows\System32\CSHelper.exe ()PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)========== Modules (SafeList) ==========MOD - C:\Users\Heidi\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)SRV - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)SRV - (GameConsoleService) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)========== Driver Services (SafeList) ==========DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not foundDRV - (SDDMI2) -- C:\Windows\System32\DDMI2.sys File not foundDRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not foundDRV - (rcvpn) -- C:\Windows\System32\DRIVERS\rcvpn.sys File not foundDRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not foundDRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not foundDRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not foundDRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not foundDRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys File not foundDRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)DRV - (SWIPsec) -- C:\Windows\System32\drivers\SWIPsec.sys (SonicWALL, Inc.)DRV - (SWVNIC) -- C:\Windows\System32\drivers\SWVNIC.sys (SonicWALL, Inc.)DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)DRV - (atkdisplf) -- C:\Windows\System32\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)DRV - (asusgsb) -- C:\Windows\System32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)DRV - (NETw2v32) Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel Link to post Share on other sites More sharing options...
Maniac Posted November 18, 2010 ID:347180 Share Posted November 18, 2010 Yes, please delete and this one. Next, uninstall CouponBar and perform a new scan with Malwarebytes' Anti-Malware. Link to post Share on other sites More sharing options...
KimP Posted November 18, 2010 Author ID:347408 Share Posted November 18, 2010 I deleted the $AVG folder. It will not allow me uninstall CouponBar. It pops up a window that says "Windows needs permission to continue." When I press "Continue" it thinks for a brief moment and does nothing more. I ran a Malwarebytes quick scan anyway.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5146Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.1897511/18/2010 11:31:02 AMmbam-log-2010-11-18 (11-31-02).txtScan type: Quick scanObjects scanned: 166446Time elapsed: 6 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Users\Heidi\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> No action taken. Link to post Share on other sites More sharing options...
Maniac Posted November 18, 2010 ID:347415 Share Posted November 18, 2010 Run OTL.exeUnder Custom Scans/Fixes post the following script::OTLO2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Heidi\AppData\Local\Temp\low\COUPON~1.DLL File not foundO3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not foundO32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2004/04/30 00:01:00 | 000,000,053 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]O33 - MountPoints2\{71c61c9d-76f4-11de-8d20-0019d11b9aa9}\Shell\AutoRun\command - "" = L:\ReCycLEr\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe -- File not foundO33 - MountPoints2\{71c61c9d-76f4-11de-8d20-0019d11b9aa9}\Shell\OpEN\cOMMaND - "" = L:\ReCycLEr\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe -- File not foundO33 - MountPoints2\{a3ecf01d-e26f-11dd-afa8-0019d11b9aa9}\Shell\AutoRun\command - "" = M:\WDSetup.exe -- File not foundO33 - MountPoints2\{cf865bce-b131-11de-ba21-0019d11b9aa9}\Shell\AutoRun\command - "" = F:\setup.exe -- File not foundO33 - MountPoints2\{e53003cc-6abd-11df-a448-0019d11b9aa9}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not foundO33 - MountPoints2\{e53003cc-6abd-11df-a448-0019d11b9aa9}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found:Commands[emptytemp][Reboot]Click on Run FixWait patiently until the program finished its work. Then, having completed its work, the computer will reboot.After computer reboot, run OTL.exe and the click on Quick Scan. Will eventually be generated log file, which is necessary to copy and post in your next post in this topic. Link to post Share on other sites More sharing options...
KimP Posted November 18, 2010 Author ID:347524 Share Posted November 18, 2010 OTL logfile created on: 11/18/2010 2:37:02 PM - Run 5OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Heidi\DesktopWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18975)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 288.27 Gb Total Space | 204.85 Gb Free Space | 71.06% Space Free | Partition Type: NTFSDrive D: | 9.82 Gb Total Space | 4.45 Gb Free Space | 45.30% Space Free | Partition Type: NTFSComputer Name: TREVOR | User Name: Heidi | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Heidi\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)PRC - C:\Windows\explorer.exe (Microsoft Corporation)PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)PRC - C:\Windows\System32\CSHelper.exe ()PRC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)========== Modules (SafeList) ==========MOD - C:\Users\Heidi\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)SRV - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)SRV - (GameConsoleService) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)SRV - (CSHelper) -- C:\Windows\System32\CSHelper.exe ()SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)SRV - (M1 Server) Intel® Viiv -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)========== Driver Services (SafeList) ==========DRV - (USBAAPL) -- C:\Windows\System32\Drivers\usbaapl.sys File not foundDRV - (SDDMI2) -- C:\Windows\System32\DDMI2.sys File not foundDRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not foundDRV - (rcvpn) -- C:\Windows\System32\DRIVERS\rcvpn.sys File not foundDRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not foundDRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not foundDRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not foundDRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not foundDRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys File not foundDRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)DRV - (SWIPsec) -- C:\Windows\System32\drivers\SWIPsec.sys (SonicWALL, Inc.)DRV - (SWVNIC) -- C:\Windows\System32\drivers\SWVNIC.sys (SonicWALL, Inc.)DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)DRV - (atkdisplf) -- C:\Windows\System32\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)DRV - (asusgsb) -- C:\Windows\System32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)DRV - (NETw2v32) Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel Link to post Share on other sites More sharing options...
Maniac Posted November 19, 2010 ID:347713 Share Posted November 19, 2010 Launch Malwarebytes' Anti-MalwareGo to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Link to post Share on other sites More sharing options...
KimP Posted November 19, 2010 Author ID:347936 Share Posted November 19, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 5153Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.1897511/19/2010 10:22:00 AMmbam-log-2010-11-19 (10-22-00).txtScan type: Quick scanObjects scanned: 155541Time elapsed: 4 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Maniac Posted November 19, 2010 ID:347993 Share Posted November 19, 2010 Congratulations! Step 1Double-click OTL.exe to start the program.Close all other programs apart from OTL as this step will require a rebootOn the OTL main screen, press the CLEANUP buttonSay Yes to the prompt and then allow the program to reboot your computer.Manually delete any remaining logs or tools.Step 2Your software is not up-to-date, so please:http://www.bleepingcomputer.com/tutorials/tutorial174.htmlSome malware preventions:http://forums.malwarebytes.org/index.php?showtopic=9365Safe surfing! Link to post Share on other sites More sharing options...
KimP Posted November 20, 2010 Author ID:348131 Share Posted November 20, 2010 I think the congrats belong to you - you had the know-how to walk me through. I will follow up with the other links before I use that computer normally again. Thank you so much for your help! Link to post Share on other sites More sharing options...
Maniac Posted November 20, 2010 ID:348500 Share Posted November 20, 2010 Glad I could help! Good luck! Link to post Share on other sites More sharing options...
Staff screen317 Posted November 21, 2010 Staff ID:348570 Share Posted November 21, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts