Jump to content

Ran MBAM and now XP won't load


Recommended Posts

I have an Acer netbook and I use Avira for anti-virus, Zone-alarm for firewall, and occasionally run MBAM as well. I was surfing the web the other day when Avira beeps and pops up that I have a virus. It said I had 3 or 4 and it would remove them. I let Avira do it's thing and then immediately opened MBAM, updated, and then let it run. It found 25! infections just with a quick scan (which is crazy b/c I run it at least weekly and usually if finds nothing). I can't remember the names of the infections but I know one ended in TDSS and another said something about a "downloader." I clicked remove and then said yes to the restart and after the computer shut down, it would no longer load windows. It goes to the windows logo with the progress bar and just hangs up there, and I tried to load into Safe Mode as well but it stops loading after the mup.sys file loads. I have had a TDSS rootkit in the past on another computer and had great luck removing it with the TDSSKiller utility so I went to Kapersky's website and they had a free utility (I think called "Rescue Disk") to load on a USB drive (since my netbook doesn't have an optical drive) that will allow the computer to boot up and run an additional virus scan. I used it and it found I believe 8 or 10 infections and deleted them, but after trying to restart the computer still won't load. I found a thread on this forum (http://forums.malwarebytes.org/index.php?showtopic=70139) with somebody that had a similar problem, so I followed the first directions given and brought home a usb dvd drive and burned the OTLPE program onto a cd, booted the computer, and ran the OTLPE test and saved the log to a flash drive. I have added the log to this post. If anybody could help at all I would greatly appreciate it. If I end up having to re-install windows I know I can get my files off of the computer but I don't have the factory restore disks and I would love to not have to buy them.

Thanks!

Ryan

OTL.txt log:

OTL logfile created on: 1/7/2011 6:04:04 PM - Run

OTLPE by OldTimer - Version 3.1.44.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 817.00 Mb Available Physical Memory | 81.00% Memory free

901.00 Mb Paging File | 843.00 Mb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.05 Gb Total Space | 44.76 Gb Free Space | 31.51% Space Free | Partition Type: NTFS

Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)

SRV - [2010/12/09 18:19:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/08/02 17:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2009/05/29 15:03:12 | 000,839,168 | ---- | M] () [Disabled] -- C:\Program Files\Bradford\CFUpdater\nuserv.exe -- (CFUpdaterService)

SRV - [2009/02/05 10:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)

DRV - File not found [Kernel | Boot] -- -- (srescan)

DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] -- -- (int15.sys)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2011/01/06 14:31:22 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ptqejn.sys -- (bsxa)

DRV - [2010/12/20 18:35:29 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/23 10:16:51 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2010/06/17 16:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 16:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2009/03/31 04:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2009/02/24 03:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/02/05 05:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2009/02/03 01:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2008/12/30 06:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2008/04/14 07:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 07:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2008/04/14 07:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2008/04/14 07:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2008/04/14 07:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2008/04/14 07:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2008/04/14 07:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2008/04/14 07:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2008/04/14 07:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2008/04/14 07:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2008/04/14 07:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2008/04/14 07:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2008/04/14 07:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2008/04/14 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2008/04/14 02:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/14 02:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/02/14 18:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007/10/01 16:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2004/12/08 01:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Ryan_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one

IE - HKU\Ryan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Ryan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 15:19:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 15:19:11 | 000,000,000 | ---D | M]

[2011/01/06 03:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/06 14:21:26 | 000,001,003 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.8minutedating.com

O1 - Hosts: 127.0.0.1 whysohardx.com

O1 - Hosts: 127.0.0.1 protectyourpc-11.com

O1 - Hosts: 127.0.0.1 checkserverstatux.com

O1 - Hosts: 127.0.0.1 xinmin.cn

O1 - Hosts: 127.0.0.1 xy95.cn

O1 - Hosts: 127.0.0.1 koralda.com

O1 - Hosts: 127.0.0.1 weirden.com

O1 - Hosts: 127.0.0.1 nanocloudcontroller.com

O1 - Hosts: 127.0.0.1 coo0lnet.net

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [uniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\Ryan_ON_C..\Run: [uniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Ryan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://www.pvplus.com/citrix/wficat.cab (Citrix ICA Client)

O16 - DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} http://www.pvplus.com/citrix/UniPrint.cab (UniPrintCab Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/12 00:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: cscrview - (C:\WINDOWS\bootinst.dll) - File not found

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 13:20:25 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\My Documents\TDSSKiller.exe

[2011/01/06 13:12:47 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2011/01/04 10:51:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/01/01 22:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Envisioneer Express 5.0

[2011/01/01 22:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cadsoft

[2010/12/27 20:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0

[2010/12/27 20:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\.thumbnails

[2010/12/27 20:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\.gimp-2.6

[2010/12/27 20:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2010/12/18 16:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\UniPrint

[2010/12/18 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\UniPrint

[2010/12/18 16:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\UniPrint

[2010/12/18 16:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\Ghostscript

[2010/12/18 16:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\Remote Programs

[2010/12/18 16:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\RemotePackages

[2010/12/18 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\gs

[2010/12/18 15:48:35 | 000,084,480 | ---- | C] (West Wind Technologies) -- C:\WINDOWS\System32\wwipstuff.dll

[2010/12/18 15:48:34 | 004,734,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfp9r.dll

[2010/12/18 15:48:34 | 003,907,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfp9t.dll

[2010/12/18 15:48:33 | 004,292,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfp8r.dll

[2010/12/18 15:48:33 | 003,768,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfp8t.dll

[2010/12/18 15:48:33 | 002,800,392 | ---- | C] (SmartSoft Ltd.) -- C:\WINDOWS\System32\sfFTPLib.dll

[2010/12/18 15:48:33 | 000,094,208 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\rfsINet.dll

[2010/12/18 15:48:32 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll

[2010/12/18 15:48:32 | 000,634,880 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctSchedule.ocx

[2010/12/18 15:48:31 | 001,187,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP9RENU.DLL

[2010/12/18 15:48:31 | 001,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP8RENU.DLL

[2010/12/18 15:48:31 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll

[2010/12/18 15:48:31 | 000,303,104 | ---- | C] (GetMySystem.com) -- C:\WINDOWS\System32\BarcodeWiz.dll

[2010/12/18 15:48:31 | 000,253,952 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctMDay.ocx

[2010/12/18 15:48:31 | 000,231,968 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedFtp.dll

[2010/12/18 15:48:31 | 000,151,552 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctDropDate.ocx

[2010/12/18 15:48:31 | 000,122,880 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctDEdit.ocx

[2010/12/18 15:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SigPlus

[2010/12/18 15:47:20 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll

[2010/12/18 15:46:49 | 000,000,000 | ---D | C] -- C:\TaxSlayer

[2010/12/16 18:08:35 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\Xceed360.rra

[2010/12/16 17:59:50 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\Xceed1b1.rra

[2010/12/16 17:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\PC Attorney

[2010/12/16 17:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cosmi

[2010/12/16 17:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\NZCSM

[2010/12/16 17:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\Microsoft Office

[2009/04/02 09:19:47 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009/04/02 09:19:43 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[2009/03/11 07:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Ryan\My Documents\*.tmp files -> C:\Documents and Settings\Ryan\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/06 14:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/06 14:31:22 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ptqejn.sys

[2011/01/06 13:58:46 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2011/01/06 13:58:29 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2011/01/06 13:58:24 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2011/01/06 13:58:21 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2011/01/06 13:58:18 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2011/01/06 13:58:15 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2011/01/06 13:58:11 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2011/01/06 13:28:41 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/06 08:36:56 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\My Documents\TDSSKiller.exe

[2011/01/04 12:10:25 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2011/01/04 10:53:29 | 000,442,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/01/04 10:53:29 | 000,072,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/01/04 10:49:14 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1981001023-1904607352-3529363498-1005.job

[2011/01/04 10:48:59 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/04 10:34:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2011/01/04 10:34:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2011/01/04 10:34:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2011/01/04 10:34:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2011/01/03 16:33:29 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2011/01/03 16:33:27 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010/12/31 12:38:44 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010/12/27 20:50:05 | 000,002,247 | ---- | M] () -- C:\Documents and Settings\Ryan\.recently-used.xbel

[2010/12/27 20:35:25 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/12/25 19:25:22 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/20 18:35:29 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/12/18 16:37:40 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\PVPlus.lnk

[2010/12/18 16:35:29 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/16 18:00:36 | 000,000,000 | ---- | M] () -- C:\ffastun0.ffx

[2010/12/16 17:37:06 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2010/12/16 17:37:06 | 000,000,611 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/12/14 20:56:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010/12/14 15:14:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/12/14 10:54:22 | 000,000,070 | ---- | M] () -- C:\WINDOWS\iltwain.ini

[2010/12/11 18:21:54 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Ryan\My Documents\*.tmp files -> C:\Documents and Settings\Ryan\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/06 14:31:22 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ptqejn.sys

[2010/12/27 20:50:05 | 000,002,247 | ---- | C] () -- C:\Documents and Settings\Ryan\.recently-used.xbel

[2010/12/18 16:37:40 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\PVPlus.lnk

[2010/12/18 15:48:33 | 000,027,158 | ---- | C] () -- C:\WINDOWS\System32\t1.dll

[2010/12/18 15:48:31 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\TALPDF32.dll

[2010/12/18 15:48:31 | 000,048,606 | ---- | C] () -- C:\WINDOWS\System32\FOXPRO.INT

[2010/12/18 15:48:31 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\TALC3932.DLL

[2010/12/18 15:48:25 | 000,004,740 | ---- | C] () -- C:\WINDOWS\SigPlus.ini

[2010/12/16 18:00:36 | 000,000,000 | ---- | C] () -- C:\ffastun0.ffx

[2010/12/16 17:37:06 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/10/21 23:40:09 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\46252.bat

[2010/01/12 15:18:20 | 001,409,890 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll

[2010/01/12 15:18:18 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/01/12 15:18:18 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2010/01/12 15:18:16 | 004,507,983 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2010/01/12 15:18:10 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2010/01/12 15:18:10 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2010/01/12 15:18:10 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2010/01/12 15:18:10 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2010/01/12 15:18:10 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2010/01/12 15:18:10 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2010/01/12 15:18:08 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2010/01/12 15:18:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll

[2010/01/12 15:18:08 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2010/01/12 15:18:08 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2010/01/12 15:12:36 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/12/31 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2009/12/31 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll

[2009/12/19 10:14:30 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll

[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll

[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2009/07/19 01:07:34 | 000,006,689 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\PrimoPDFSet.xml

[2009/07/19 01:07:31 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml

[2009/07/15 17:31:37 | 000,000,332 | ---- | C] () -- C:\WINDOWS\{1A0C3E62-D558-4A45-9458-2DBCBB505CC2}_WiseFW.ini

[2009/06/21 17:45:24 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/16 23:24:45 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2009/06/16 05:41:27 | 000,000,000 | R--- | C] () -- C:\WINDOWS\SA2006.ini

[2009/06/16 03:30:20 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2009/06/16 02:49:40 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\wklnhst.dat

[2009/04/26 23:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2009/04/02 09:19:47 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009/04/02 09:19:47 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009/04/02 09:19:47 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini

[2009/03/12 01:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/03/12 00:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/03/12 00:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/03/12 00:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009/03/11 16:03:29 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/11 07:53:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\shlgltw.dll

[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll

[2008/12/03 17:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

[1996/11/21 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/21 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/21 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer GameZone Console

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Super-Cow

[2009/08/15 19:40:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Ryan\Application Data\.#

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acer GameZone Console

[2009/06/16 05:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DeLorme

[2010/12/27 20:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0

[2009/06/16 03:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ICAClient

[2010/07/05 16:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\LimeWire

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Super-Cow

[2010/04/15 00:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SuperNZB

[2009/07/10 11:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Template

[2010/12/18 16:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\UniPrint

[2011/01/06 13:58:46 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2011/01/04 10:34:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job

[2010/12/11 18:21:54 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job

[2010/10/21 23:40:08 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job

[2011/01/06 13:58:29 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job

[2010/10/21 23:40:08 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job

[2011/01/03 16:33:29 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job

[2010/10/21 23:40:08 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job

[2011/01/06 13:58:21 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job

[2011/01/06 13:58:11 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job

[2011/01/04 10:34:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job

[2010/12/27 20:35:25 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2011/01/03 16:33:27 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job

[2011/01/06 13:58:24 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job

[2010/12/25 19:25:22 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job

[2010/12/31 12:38:44 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job

[2010/11/29 10:50:31 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job

[2011/01/04 10:34:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job

[2011/01/04 10:34:48 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

[2010/12/14 20:56:17 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job

[2011/01/06 13:58:18 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job

[2011/01/06 13:58:15 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job

[2011/01/04 12:10:25 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job

[2010/10/21 23:40:08 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Hello, please run the following: restart OTLPE and copy/paste the text in the codebox below into the "custom scan/fix" field. Click Run Fix. Let me know if you can boot normally afterwards.

:otl
DRV - [2011/01/06 14:31:22 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ptqejn.sys -- (bsxa)

:files
C:\WINDOWS\Tasks\At*.job

Link to post
Share on other sites

Thanks for your quick reply! Unfortunately windows still won't load, it appears to be doing the exact same thing as far as booting up. If I try to boot into XP is just hangs on the XP logo screen with the status bar, and if I try to boot into XP's safe mode it hangs up after loading mup.sys. I am attaching a copy of the fix log it created after I ran that fix code you requested, as well as a new scan log from OTLPE.

Thanks again!

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bsxa deleted successfully.

C:\WINDOWS\system32\drivers\ptqejn.sys moved successfully.

========== FILES ==========

C:\WINDOWS\Tasks\At1.job moved successfully.

C:\WINDOWS\Tasks\At10.job moved successfully.

C:\WINDOWS\Tasks\At11.job moved successfully.

C:\WINDOWS\Tasks\At12.job moved successfully.

C:\WINDOWS\Tasks\At13.job moved successfully.

C:\WINDOWS\Tasks\At14.job moved successfully.

C:\WINDOWS\Tasks\At15.job moved successfully.

C:\WINDOWS\Tasks\At16.job moved successfully.

C:\WINDOWS\Tasks\At17.job moved successfully.

C:\WINDOWS\Tasks\At18.job moved successfully.

C:\WINDOWS\Tasks\At19.job moved successfully.

C:\WINDOWS\Tasks\At2.job moved successfully.

C:\WINDOWS\Tasks\At20.job moved successfully.

C:\WINDOWS\Tasks\At21.job moved successfully.

C:\WINDOWS\Tasks\At22.job moved successfully.

C:\WINDOWS\Tasks\At23.job moved successfully.

C:\WINDOWS\Tasks\At24.job moved successfully.

C:\WINDOWS\Tasks\At3.job moved successfully.

C:\WINDOWS\Tasks\At4.job moved successfully.

C:\WINDOWS\Tasks\At5.job moved successfully.

C:\WINDOWS\Tasks\At6.job moved successfully.

C:\WINDOWS\Tasks\At7.job moved successfully.

C:\WINDOWS\Tasks\At8.job moved successfully.

C:\WINDOWS\Tasks\At9.job moved successfully.

OTLPE by OldTimer - Version 3.1.44.0 log created on 01082011_062518

OTL logfile created on: 1/8/2011 6:40:44 AM - Run

OTLPE by OldTimer - Version 3.1.44.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 823.00 Mb Available Physical Memory | 81.00% Memory free

901.00 Mb Paging File | 847.00 Mb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.05 Gb Total Space | 44.76 Gb Free Space | 31.51% Space Free | Partition Type: NTFS

Drive D: | 3.73 Gb Total Space | 3.49 Gb Free Space | 93.56% Space Free | Partition Type: FAT32

Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)

SRV - [2010/12/09 18:19:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/08/02 17:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2009/05/29 15:03:12 | 000,839,168 | ---- | M] () [Disabled] -- C:\Program Files\Bradford\CFUpdater\nuserv.exe -- (CFUpdaterService)

SRV - [2009/02/05 10:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)

DRV - File not found [Kernel | Boot] -- -- (srescan)

DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] -- -- (int15.sys)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2010/12/20 18:35:29 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/23 10:16:51 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2010/06/17 16:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 16:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2009/03/31 04:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2009/02/24 03:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/02/05 05:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2009/02/03 01:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2008/12/30 06:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2008/04/14 07:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 07:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2008/04/14 07:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2008/04/14 07:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2008/04/14 07:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2008/04/14 07:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2008/04/14 07:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2008/04/14 07:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2008/04/14 07:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2008/04/14 07:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2008/04/14 07:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2008/04/14 07:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2008/04/14 07:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2008/04/14 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2008/04/14 02:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/14 02:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/02/14 18:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007/10/01 16:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2004/12/08 01:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Ryan_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one

IE - HKU\Ryan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Ryan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 15:19:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 15:19:11 | 000,000,000 | ---D | M]

[2011/01/06 03:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/06 14:21:26 | 000,001,003 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.8minutedating.com

O1 - Hosts: 127.0.0.1 whysohardx.com

O1 - Hosts: 127.0.0.1 protectyourpc-11.com

O1 - Hosts: 127.0.0.1 checkserverstatux.com

O1 - Hosts: 127.0.0.1 xinmin.cn

O1 - Hosts: 127.0.0.1 xy95.cn

O1 - Hosts: 127.0.0.1 koralda.com

O1 - Hosts: 127.0.0.1 weirden.com

O1 - Hosts: 127.0.0.1 nanocloudcontroller.com

O1 - Hosts: 127.0.0.1 coo0lnet.net

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [uniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\Ryan_ON_C..\Run: [uniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Ryan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://www.pvplus.com/citrix/wficat.cab (Citrix ICA Client)

O16 - DPF: {3637C046-4008-11D5-ADF6-0050DA74F67C} http://www.pvplus.com/citrix/UniPrint.cab (UniPrintCab Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/12 00:07:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: cscrview - (C:\WINDOWS\bootinst.dll) - File not found

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 06:25:18 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/01/06 13:20:25 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\My Documents\TDSSKiller.exe

[2011/01/06 13:12:47 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2011/01/04 10:51:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/01/01 22:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\Envisioneer Express 5.0

[2011/01/01 22:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cadsoft

[2010/12/27 20:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0

[2010/12/27 20:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\.thumbnails

[2010/12/27 20:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\.gimp-2.6

[2010/12/27 20:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0

[2010/12/18 16:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\UniPrint

[2010/12/18 16:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\UniPrint

[2010/12/18 16:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Local Settings\Application Data\UniPrint

[2010/12/18 16:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\Ghostscript

[2010/12/18 16:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\Remote Programs

[2010/12/18 16:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\RemotePackages

[2010/12/18 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\gs

[2010/12/18 15:48:35 | 000,084,480 | ---- | C] (West Wind Technologies) -- C:\WINDOWS\System32\wwipstuff.dll

[2010/12/18 15:48:34 | 004,734,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfp9r.dll

[2010/12/18 15:48:34 | 003,907,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfp9t.dll

[2010/12/18 15:48:33 | 004,292,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfp8r.dll

[2010/12/18 15:48:33 | 003,768,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfp8t.dll

[2010/12/18 15:48:33 | 002,800,392 | ---- | C] (SmartSoft Ltd.) -- C:\WINDOWS\System32\sfFTPLib.dll

[2010/12/18 15:48:33 | 000,094,208 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\rfsINet.dll

[2010/12/18 15:48:32 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll

[2010/12/18 15:48:32 | 000,634,880 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctSchedule.ocx

[2010/12/18 15:48:31 | 001,187,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP9RENU.DLL

[2010/12/18 15:48:31 | 001,150,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VFP8RENU.DLL

[2010/12/18 15:48:31 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll

[2010/12/18 15:48:31 | 000,303,104 | ---- | C] (GetMySystem.com) -- C:\WINDOWS\System32\BarcodeWiz.dll

[2010/12/18 15:48:31 | 000,253,952 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctMDay.ocx

[2010/12/18 15:48:31 | 000,231,968 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedFtp.dll

[2010/12/18 15:48:31 | 000,151,552 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctDropDate.ocx

[2010/12/18 15:48:31 | 000,122,880 | ---- | C] (DBI Technologies Inc.) -- C:\WINDOWS\System32\ctDEdit.ocx

[2010/12/18 15:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SigPlus

[2010/12/18 15:47:20 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll

[2010/12/18 15:46:49 | 000,000,000 | ---D | C] -- C:\TaxSlayer

[2010/12/16 18:08:35 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\Xceed360.rra

[2010/12/16 17:59:50 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\Xceed1b1.rra

[2010/12/16 17:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\PC Attorney

[2010/12/16 17:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cosmi

[2010/12/16 17:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\NZCSM

[2010/12/16 17:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\Microsoft Office

[2009/04/02 09:19:47 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009/04/02 09:19:43 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[2009/03/11 07:53:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Ryan\My Documents\*.tmp files -> C:\Documents and Settings\Ryan\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/06 14:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/06 13:28:41 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/06 08:36:56 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan\My Documents\TDSSKiller.exe

[2011/01/04 10:53:29 | 000,442,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/01/04 10:53:29 | 000,072,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/01/04 10:49:14 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1981001023-1904607352-3529363498-1005.job

[2011/01/04 10:48:59 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/27 20:50:05 | 000,002,247 | ---- | M] () -- C:\Documents and Settings\Ryan\.recently-used.xbel

[2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/20 18:35:29 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/12/18 16:37:40 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\PVPlus.lnk

[2010/12/18 16:35:29 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/16 18:00:36 | 000,000,000 | ---- | M] () -- C:\ffastun0.ffx

[2010/12/16 17:37:06 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2010/12/16 17:37:06 | 000,000,611 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/12/14 15:14:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/12/14 10:54:22 | 000,000,070 | ---- | M] () -- C:\WINDOWS\iltwain.ini

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Ryan\My Documents\*.tmp files -> C:\Documents and Settings\Ryan\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/27 20:50:05 | 000,002,247 | ---- | C] () -- C:\Documents and Settings\Ryan\.recently-used.xbel

[2010/12/18 16:37:40 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\PVPlus.lnk

[2010/12/18 15:48:33 | 000,027,158 | ---- | C] () -- C:\WINDOWS\System32\t1.dll

[2010/12/18 15:48:31 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\TALPDF32.dll

[2010/12/18 15:48:31 | 000,048,606 | ---- | C] () -- C:\WINDOWS\System32\FOXPRO.INT

[2010/12/18 15:48:31 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\TALC3932.DLL

[2010/12/18 15:48:25 | 000,004,740 | ---- | C] () -- C:\WINDOWS\SigPlus.ini

[2010/12/16 18:00:36 | 000,000,000 | ---- | C] () -- C:\ffastun0.ffx

[2010/12/16 17:37:06 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/10/21 23:40:09 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\46252.bat

[2010/01/12 15:18:20 | 001,409,890 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll

[2010/01/12 15:18:18 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/01/12 15:18:18 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2010/01/12 15:18:16 | 004,507,983 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2010/01/12 15:18:10 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2010/01/12 15:18:10 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2010/01/12 15:18:10 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2010/01/12 15:18:10 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2010/01/12 15:18:10 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2010/01/12 15:18:10 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2010/01/12 15:18:08 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2010/01/12 15:18:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll

[2010/01/12 15:18:08 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2010/01/12 15:18:08 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2010/01/12 15:12:36 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/12/31 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2009/12/31 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll

[2009/12/19 10:14:30 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll

[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll

[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2009/07/19 01:07:34 | 000,006,689 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\PrimoPDFSet.xml

[2009/07/19 01:07:31 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml

[2009/07/15 17:31:37 | 000,000,332 | ---- | C] () -- C:\WINDOWS\{1A0C3E62-D558-4A45-9458-2DBCBB505CC2}_WiseFW.ini

[2009/06/21 17:45:24 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/16 23:24:45 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2009/06/16 05:41:27 | 000,000,000 | R--- | C] () -- C:\WINDOWS\SA2006.ini

[2009/06/16 03:30:20 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2009/06/16 02:49:40 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\wklnhst.dat

[2009/04/26 23:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2009/04/02 09:19:47 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009/04/02 09:19:47 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009/04/02 09:19:47 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini

[2009/03/12 01:47:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/03/12 00:55:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/03/12 00:10:15 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/03/12 00:05:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009/03/11 16:03:29 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/11 07:53:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\shlgltw.dll

[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll

[2008/12/03 17:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

[1996/11/21 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/21 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/21 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer GameZone Console

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Super-Cow

[2009/08/15 19:40:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Ryan\Application Data\.#

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acer GameZone Console

[2009/06/16 05:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DeLorme

[2010/12/27 20:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0

[2009/06/16 03:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ICAClient

[2010/07/05 16:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\LimeWire

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Super-Cow

[2010/04/15 00:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SuperNZB

[2009/07/10 11:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Template

[2010/12/18 16:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\UniPrint

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Do you remember what exactly was detected by TDSSkiller? Please see if you can find the log, it should be saved at c:\tdsskiller<date&time>.txt

I apologize for the confusion, but I haven't actually been able to run TDSSkiller yet. After the computer wouldn't load I went to Kapersky's website and downloaded it and their "recovery disk" program. My hope was that I could boot into the computer with their recovery disk and then run the TDSSkiller after that so I copied it into "my documents" after booting from the recovery disk. However, it wouldn't let any programs load, including that one. I did run the rescue disk's built-in scanner, and like I said in my first post it found 8 or 9 infections and deleted them. I'm sure it probably made a log as well but you would have to tell me where to find it.

Thanks!

Link to post
Share on other sites

Did anything change after kaspersky rescue disk scanned?

For now lets have a look at some files:

Please rerun OTLPE, copy/paste the following text into the "custom scan/fix" field and click the NONE button. Then click Run Scan. Post me the resulting log.

/md5start
bootinst.dll
explorer.exe
winlogon.exe
/md5stop

Link to post
Share on other sites

Here is the result of the last scan. I clicked "none" on all of the options I could, hopefully that's what you meant.

Thanks!

OTL logfile created on: 1/8/2011 11:52:32 AM - Run

OTLPE by OldTimer - Version 3.1.44.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 744.00 Mb Available Physical Memory | 73.00% Memory free

901.00 Mb Paging File | 794.00 Mb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.05 Gb Total Space | 44.76 Gb Free Space | 31.51% Space Free | Partition Type: NTFS

Drive D: | 3.73 Gb Total Space | 3.49 Gb Free Space | 93.56% Space Free | Partition Type: FAT32

Drive X: | 284.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== LOP Check ==========

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer GameZone Console

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Super-Cow

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer GameZone Console

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Super-Cow

[2009/08/15 19:40:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Ryan\Application Data\.#

[2009/03/12 01:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acer

[2009/03/12 01:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Acer GameZone Console

[2009/06/16 05:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\DeLorme

[2010/12/27 20:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0

[2009/06/16 03:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ICAClient

[2010/07/05 16:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\LimeWire

[2009/03/12 01:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Super-Cow

[2010/04/15 00:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\SuperNZB

[2009/07/10 11:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Template

[2010/12/18 16:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\UniPrint

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: WINLOGON.EXE >

[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

Link to post
Share on other sites

I ran the fix and here is the log. I tried to start the computer normally afterward and it is still doing the same thing.

Thanks!

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls\\cscrview:C:\WINDOWS\bootinst.dll deleted successfully.

OTLPE by OldTimer - Version 3.1.44.0 log created on 01082011_123703

Link to post
Share on other sites

Please look in this folder and post me the most recent MBAM log.

C:\Documents and Settings\Ryan\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

here's the latest log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5471

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/6/2011 1:31:02 PM

mbam-log-2011-01-06 (13-31-02).txt

Scan type: Quick scan

Objects scanned: 148185

Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 18

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\shlgltw.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dyuxiroquqofoli (Trojan.TDSS) -> Value: Dyuxiroquqofoli -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\506E7F4A_ 0 (Trojan.LVBP) -> Value: 506E7F4A_ 0 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lqjebrvj (Trojan.FakeAlert) -> Value: lqjebrvj -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gflwjdhp (Trojan.FakeAlert) -> Value: gflwjdhp -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\swpbkorg (Trojan.FakeAlert) -> Value: swpbkorg -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\shlgltw.dll (Trojan.TDSS) -> Delete on reboot.

c:\documents and settings\Ryan\local settings\Temp\vcchfc.exe (Trojan.LVBP) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\Temp\onyhbbxvq\ulglwfclajb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\Temp\mauhbslne\uttffielajb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\Temp\fnfhbtyot\utkkdrllajb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\Temp\184.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\Temp\fenpcn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\Temp\numpj.exe (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\185.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\186.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\187.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\temporary internet files\Content.IE5\0PQ8XBUO\mmaucwe[1].html (Adware.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\temporary internet files\Content.IE5\0PQ8XBUO\qhlkrzhf[1].html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\temporary internet files\Content.IE5\0PQ8XBUO\kbwdyfeyta[1].html (Trojan.LVBP) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\temporary internet files\Content.IE5\1Z6CFZNI\sjnlgn[1].html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\temporary internet files\Content.IE5\MVY3MBQ0\kbwdyfeyta[1].html (Trojan.LVBP) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\temporary internet files\Content.IE5\YXNJIWQG\cptrlg[1].html (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\documents and settings\Ryan\local settings\temporary internet files\Content.IE5\YXNJIWQG\qhlkrzhf[1].html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

When booting in normal mode, does the loading bar screen (splash screen) actually disappear/go blank or does it hang indefinitely there?

It hangs indefinitely there. And when booting into safe mode it hangs indefinitely on the screen where it shows all the drivers loading, with mup.sys as the last one loaded.

Thanks

Link to post
Share on other sites

Please boot your computer without CD and tap F8. When the advanced boot options menu comes up, select Enable Boot Logging and press enter. Select your windows installation and let it load as far as it goes.

After it stalling, reboot from the CD and look for c:\windows\ntbtlog.txt

Link to post
Share on other sites

Please boot your computer without CD and tap F8. When the advanced boot options menu comes up, select Enable Boot Logging and press enter. Select your windows installation and let it load as far as it goes.

After it stalling, reboot from the CD and look for c:\windows\ntbtlog.txt

I followed your directions but when I located the file it shows it was created back in october of last year. I guess for some reason this one didn't save. When the computer freezes on the splash screen I just have to hold down the power button to turn if off, and I'm not sure if maybe that kept if from saving the file.

Link to post
Share on other sites

if the file already existed, it is possible the information has been appended. Have a look in the file and see if any logging was done today (it will start with a header including date, and then a list of files.

Otherwise, delete the existing file and try it again and see if it gets recreated.

Link to post
Share on other sites

if the file already existed, it is possible the information has been appended. Have a look in the file and see if any logging was done today (it will start with a header including date, and then a list of files.

Otherwise, delete the existing file and try it again and see if it gets recreated.

I deleted the file and tried again, but it did not recreate the file.

Link to post
Share on other sites

Did you try booting in the Last Known Good Configuration?

Do you have an XP CD at hand?

Yes, that was one of the first things I tried. I was hoping that would work but it didn't. And no, I don't have an XP boot disk. The computer didn't come with one and I never made one as it wasn't very easy to since the computer had no built in optical drive. If your efforts (which I greatly appreciate) aren't successfull I will have to order a restore disk from ACER.

Thanks!

Link to post
Share on other sites

Can you run another scan with the kaspersky rescue disk and let me know if anything was found (do not fix it).

I ran kapersky again and it didn't find anything this time. I figured out how to save the log file and I'll post it here in case it would help at all. It lists all of the scans I have ran since the first time I used it and what they found.

Thanks!

Objects Scan: completed 1 day ago (events: 2, objects: 680, time: 00:02:54)

1/6/11 6:17 PM Task completed

1/6/11 6:14 PM Task started

Objects Scan: completed 1 day ago (events: 47, objects: 228245, time: 01:10:16)

1/6/11 6:22 PM Task started

1/6/11 6:30 PM Detected: Trojan-Downloader.Java.OpenConnection.bu C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/37/51040625-353022c5/bpac/a.class

1/6/11 6:30 PM Untreated: Trojan-Downloader.Java.OpenConnection.bu C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/37/51040625-353022c5/bpac/a.class Postponed

1/6/11 6:30 PM Detected: Trojan-Downloader.Java.OpenConnection.cg C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/37/51040625-353022c5/bpac/KAVS.class

1/6/11 6:30 PM Untreated: Trojan-Downloader.Java.OpenConnection.cg C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/37/51040625-353022c5/bpac/KAVS.class Postponed

1/6/11 6:30 PM Detected: Trojan-Downloader.Java.OpenConnection.cm C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/48/4a305fb0-6ff8983c/yid.class

1/6/11 6:30 PM Untreated: Trojan-Downloader.Java.OpenConnection.cm C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/48/4a305fb0-6ff8983c/yid.class Postponed

1/6/11 6:30 PM Detected: Trojan-Downloader.Java.Agent.ja C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/57/458317b9-2d476012/RequiredJavaComponent.class

1/6/11 6:30 PM Untreated: Trojan-Downloader.Java.Agent.ja C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/57/458317b9-2d476012/RequiredJavaComponent.class Postponed

1/6/11 6:31 PM Detected: Trojan-Downloader.Java.Agent.hx C:/Documents and Settings/Ryan/Local Settings/Temp/jar_cache2023603178854487939.tmp/bpac/a.class

1/6/11 6:31 PM Untreated: Trojan-Downloader.Java.Agent.hx C:/Documents and Settings/Ryan/Local Settings/Temp/jar_cache2023603178854487939.tmp/bpac/a.class Postponed

1/6/11 6:31 PM Detected: Trojan-Downloader.Java.OpenConnection.cg C:/Documents and Settings/Ryan/Local Settings/Temp/jar_cache2023603178854487939.tmp/bpac/KAVS.class

1/6/11 6:31 PM Untreated: Trojan-Downloader.Java.OpenConnection.cg C:/Documents and Settings/Ryan/Local Settings/Temp/jar_cache2023603178854487939.tmp/bpac/KAVS.class Postponed

1/6/11 6:32 PM Detected: Exploit.HTML.CVE-2010-1885.aa C:/Documents and Settings/Ryan/Local Settings/Temporary Internet Files/Content.IE5/0PQ8XBUO/isyuewbrhralkoe7[1].asx

1/6/11 6:32 PM Untreated: Exploit.HTML.CVE-2010-1885.aa C:/Documents and Settings/Ryan/Local Settings/Temporary Internet Files/Content.IE5/0PQ8XBUO/isyuewbrhralkoe7[1].asx Postponed

1/6/11 6:43 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Image_070517_0128 (11).gi/VIDEO_TS/VTS_02_1.VOB;1 Read error

1/6/11 6:43 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Work Documents/Backup/Documents/Programs/nokia_media_studio_handango_demo.zip/Nokia Media Studio Demo/Install on your PC/Nokia Media Studio 2.0.1 PC Demo Installer.exe/UPX/0001\F7\Nokia Media Studio Demo.exe Read error

1/6/11 6:43 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Work Documents/Backup/Documents/Programs/age of empires for pocket pc with serial.exe/Age of Empires Campaigns for Pocket PC_1.07.exe Read error

1/6/11 6:43 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Work Documents/Backup/Documents/Programs/age of empires for pocket pc with serial.exe Read error

1/6/11 6:43 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Image_070517_0128 (11).gi Read error

1/6/11 6:44 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Camtasia Studio V6.0.0.689/setup.msi/Cabs.w1.cab Read error

1/6/11 6:44 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Camtasia Studio V6.0.0.689/setup.msi Read error

1/6/11 7:13 PM Detected: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP148/A0036348.dll

1/6/11 7:13 PM Untreated: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP148/A0036348.dll Postponed

1/6/11 7:14 PM Detected: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP151/A0037483.dll

1/6/11 7:14 PM Untreated: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP151/A0037483.dll Postponed

1/6/11 7:14 PM Detected: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP151/A0037482.dll

1/6/11 7:14 PM Untreated: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP151/A0037482.dll Postponed

1/6/11 7:31 PM Detected: Trojan-Downloader.Java.OpenConnection.bu C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/37/51040625-353022c5/bpac/a.class

1/6/11 7:31 PM Detected: Trojan-Downloader.Java.OpenConnection.cg C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/37/51040625-353022c5/bpac/KAVS.class

1/6/11 7:31 PM Deleted: Trojan-Downloader.Java.OpenConnection.cg C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/37/51040625-353022c5

1/6/11 7:31 PM Detected: Trojan-Downloader.Java.OpenConnection.cm C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/48/4a305fb0-6ff8983c/yid.class

1/6/11 7:32 PM Deleted: Trojan-Downloader.Java.OpenConnection.cm C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/48/4a305fb0-6ff8983c

1/6/11 7:32 PM Detected: Trojan-Downloader.Java.Agent.ja C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/57/458317b9-2d476012/RequiredJavaComponent.class

1/6/11 7:32 PM Deleted: Trojan-Downloader.Java.Agent.ja C:/Documents and Settings/Ryan/Application Data/Sun/Java/Deployment/cache/6.0/57/458317b9-2d476012

1/6/11 7:32 PM Detected: Trojan-Downloader.Java.Agent.hx C:/Documents and Settings/Ryan/Local Settings/Temp/jar_cache2023603178854487939.tmp/bpac/a.class

1/6/11 7:32 PM Detected: Trojan-Downloader.Java.OpenConnection.cg C:/Documents and Settings/Ryan/Local Settings/Temp/jar_cache2023603178854487939.tmp/bpac/KAVS.class

1/6/11 7:32 PM Deleted: Trojan-Downloader.Java.OpenConnection.cg C:/Documents and Settings/Ryan/Local Settings/Temp/jar_cache2023603178854487939.tmp

1/6/11 7:32 PM Detected: Exploit.HTML.CVE-2010-1885.aa C:/Documents and Settings/Ryan/Local Settings/Temporary Internet Files/Content.IE5/0PQ8XBUO/isyuewbrhralkoe7[1].asx

1/6/11 7:32 PM Deleted: Exploit.HTML.CVE-2010-1885.aa C:/Documents and Settings/Ryan/Local Settings/Temporary Internet Files/Content.IE5/0PQ8XBUO/isyuewbrhralkoe7[1].asx

1/6/11 7:32 PM Detected: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP148/A0036348.dll

1/6/11 7:32 PM Deleted: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP148/A0036348.dll

1/6/11 7:32 PM Detected: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP151/A0037482.dll

1/6/11 7:32 PM Deleted: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP151/A0037482.dll

1/6/11 7:32 PM Detected: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP151/A0037483.dll

1/6/11 7:32 PM Deleted: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}/RP151/A0037483.dll

1/6/11 7:32 PM Task completed

Objects Scan: completed 6 minutes ago (events: 6, objects: 228399, time: 01:09:23)

1/8/11 3:43 PM Task started

1/8/11 4:04 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Image_070517_0128 (11).gi/VIDEO_TS/VTS_02_1.VOB;1 Read error

1/8/11 4:04 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Work Documents/Backup/Documents/Programs/age of empires for pocket pc with serial.exe/Age of Empires Campaigns for Pocket PC_1.07.exe Read error

1/8/11 4:04 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Work Documents/Backup/Documents/Programs/age of empires for pocket pc with serial.exe Read error

1/8/11 4:05 PM Processing error C:/Documents and Settings/Ryan/My Documents/Documents/Image_070517_0128 (11).gi Read error

1/8/11 4:52 PM Task completed

Link to post
Share on other sites

Please boot from the CD and click Start, open a Command Prompt.

At the command prompt, type the following and press enter after each line.

c:

fixmbr

Let me know what comes back after the last line.

Hopefully I did it right, it said:

'fixmbr' is not recognized as an internal or external command, operable program or batch file.

Link to post
Share on other sites

Download the TestDisk executable for Windows here: Download

Extract the downloaded zip file using your favorite archive extractor (right click on the file and select Extract Files..) to your flashdrive.

Now boot in Reatogo and navigate to your flashdrive.

Double-click on the testdisk_win.exe file (found in the win folder of the extracted archive)

The first screen will present log options - press Enter to continue.

td1.gif

TestDisk will scan the system and show drive information.

If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

td2.gif

Select [intel] partiton and press Enter to continue.

td3.gif

Select [MBR Code] and press Enter to continue.

td5.gif

Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.

td6.gif

Press Q repeatedly until TestDisk exits then reboot.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.