Jump to content

Petesnewjob

Honorary Members
  • Posts

    78
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I am still getting pop ups and redirects! hpqware did ship w my laptop(part of HP Advisor) but i uninstalled it w revo uninstaller. but after a day or a week, its back. when i check auturun programs, its still there as a start up program(i know i turned it off). in the info dialoge box where it says "ships w operating system=NO" verified signature= NA. "publisher unknown"?? so whatever is calling itself hpqware should NOT be there, imo. i purchased Kap AV and installed it onto my "new" laptop...loaded fine updated files fine, ran check, fine. so far so good. then i loaded it to my infected hp and got all sorts of errors, froze up(screen went black) and i had to manually reboot. so yes, i am having issues...... do i really have to post the obvious symptoms Chris??? when looking through the kap scan files i found traces of errors, registry attempt blocks.... basically, it already infected the Kap AV, imo. they could be malicious, or they could not, and i could just a paranoid idiot at this point. also, when i loaded kap to my infected hp and ran its 1st update...it took 4 hours to update 0 files.....0 bytes... but took 4 hours.... then i rebooted, cleared temp folders, ran update again and got some updates. rescanned comp, clean. check scan results, found warnings and errors, but i was not informed. one had to do with a registry\user trying to change my AV settings(Firefox). also today i find that my error sending reports to microsoft has been turned off(NOT the first time!). and i had 25 IP blocks on the 19th, all the same address(208.94.233.125). one on the 17th(213.131.252.251) and 3 on the 16th, mentioned before. quoted... At this point I have nothing more I can tell you. i completely agree!
  2. hello Chris i used Avast before but had the same issues with it. hidden/password protected files. i was informed that it may not work well on 64 bit or vista and recommended i try Avira. i did just that and found hidden files right away. she also commented as you did that 'its normal to have hidden files' here is the link to my post from a few months ago...http://forums.malwarebytes.org/index.php?showtopic=60342&hl=petesnewjob well, i downloaded Eset yesterday adn ran a scan... C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined then rebooted, ran Avira, found 19 hidden files, not 23. i checked the scan results next to each other, sure enough, hpqware is one of the 'missing' hidden files. imo, there are still 3 or 4 hidden reg files something is attached too. can you please recommend a good hard drive destroyer(software, DOD spec)?? free program or purchased, i dont mind at this point. i want to completely erase/reformat all drives and partitions(C: D:) and reinstall my factory discs, again.. if that doesnt fix this, i dont know what will. also, if its not malware, what could it be? is the Eset scan false as well? thanks for help! please let me know what you think....
  3. if i may ask, how can you know/tell its a false positive?? i only had Avira on and everything else was turned off.... and yes, i'm still experiencing issues. heres another explanation in more detail... avira has 23 hidden now. i'm going to do my best and list all this in order... installed avira, ran 1st scan. Norton removed, comp restarted, wired internet. scan started, about 10 mins in, got hung up on a hidden file, showed the virus while still hung up, internet globe disappeared(local only) but no notification, then globe came back on my internet icon and 18 hidden files show up on the scan, all together, same time. todays scan found 23 files, and the same happened. scan stuck on a file, globe went away(local only), 23 hidden show up this time, then internet(globe) is back adn scan continues, no virus. i also see the warning, detection, suspicious area "0" flicker as if it wants to warn me but something is stopping it. this cant be normal.... why does the scan freeze on a file, switch to 'local only'(with no warning), spit out hidden files, then turn internet back on????? if you could explain, or maybe a give me a reliable link to read about it, that would be great! 3 IP block today while searching google. 69.167.169.186 69.167.169.186 95.168.179.245 thanks!
  4. hello Chris I decided to do a complete system restore to factory setting with the os discs i got in the mail from hp. i'm almost positive i did everything correctly... restart, enter f10, made sure cd-dvd was first to boot, it was. enter disc with computer off then hit start. went thru step by step. entered 2nd disc. 1st thing i did then is bypass my router and plug right into the modem, then to computer. left Norton on and running just to access internet. Avira, downloaded. (Norton Removed). reboot. ran avira.....VIRUS!!!! APPL/KillApp.A its in quarentine. should i delete it or submit it for futher review? also, i have 18 hidden files, before it was 52. and i think a few of those 18 are not supposed to be there, but just a guess. i will download mbam now and run it. probably post in the morning, depending on scan time. any suggestions??? did i miss a step?? maybe do something wrong in the process? i am completely baffled! the only place left is my d drive, which i thought is all hp back up stuff....? heres Avira Scan Avira AntiVir Personal Report file date: Friday, November 12, 2010 19:09 Scanning for 3043988 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista x64 Windows version : (Service Pack 1) [6.0.6001] Boot mode : Normally booted Username : SYSTEM Computer name : PETE-PC Version information: BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/3/2010 00:09:56 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 21:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 8/3/2010 00:10:00 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 08:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 04:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 20:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:10:03 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:10:04 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:10:06 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:46:44 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 00:46:54 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 00:46:54 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 00:46:54 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 00:46:55 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 00:46:56 VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 00:46:57 VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 00:46:59 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 00:47:00 VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 00:47:00 VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 00:47:00 VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 00:47:00 VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 00:47:01 VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 00:47:01 VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 00:47:01 VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 00:47:01 VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 00:47:01 VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 00:47:02 VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 00:47:02 VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 00:47:02 VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 00:47:02 VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 00:47:02 VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 00:47:03 VBASE031.VDF : 7.10.13.235 75776 Bytes 11/12/2010 00:47:03 Engineversion : 8.2.4.98 AEVDF.DLL : 8.1.2.1 106868 Bytes 8/3/2010 00:09:54 AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/13/2010 00:47:22 AESCN.DLL : 8.1.6.1 127347 Bytes 8/3/2010 00:09:53 AESBX.DLL : 8.1.3.1 254324 Bytes 8/3/2010 00:09:53 AERDL.DLL : 8.1.9.2 635252 Bytes 11/13/2010 00:47:20 AEPACK.DLL : 8.2.3.11 471416 Bytes 11/13/2010 00:47:18 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/3/2010 00:09:52 AEHEUR.DLL : 8.1.2.41 3043703 Bytes 11/13/2010 00:47:15 AEHELP.DLL : 8.1.14.0 246134 Bytes 11/13/2010 00:47:09 AEGEN.DLL : 8.1.3.24 401781 Bytes 11/13/2010 00:47:07 AEEMU.DLL : 8.1.2.0 393588 Bytes 8/3/2010 00:09:49 AECORE.DLL : 8.1.17.0 196982 Bytes 11/13/2010 00:47:06 AEBB.DLL : 8.1.1.0 53618 Bytes 8/3/2010 00:09:48 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/3/2010 00:09:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/3/2010 00:09:55 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 23:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 8/3/2010 00:09:55 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/3/2010 00:09:56 AVARKT.DLL : 10.0.0.14 227176 Bytes 8/3/2010 00:09:54 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/3/2010 00:09:55 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 23:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/3/2010 00:09:56 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 23:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 22:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/3/2010 00:10:08 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: Friday, November 12, 2010 19:09 Starting search for hidden objects. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\name [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\id [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring C:\Windows\system32\unregmp2.exe /ShowWMP C:\Windows\system32\unregmp2.exe /ShowWMP [NOTE] The registry entry is invisible. C:\Program Files\Windows Media Player C:\Program Files\Windows Media Player [NOTE] The registry entry is invisible. C:\Program Files\Windows Media Player C:\Windows\system32\wbem\Logs\WMITracing.log C:\Windows\system32\wbem\Logs\WMITracing.log [NOTE] The registry entry is invisible. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Get Online.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Get Online.lnk [NOTE] The registry entry is invisible. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype) [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'avscan.exe' - '81' Module(s) have been scanned Scan process 'avscan.exe' - '30' Module(s) have been scanned Scan process 'avcenter.exe' - '65' Module(s) have been scanned Scan process 'HpqToaster.exe' - '26' Module(s) have been scanned Scan process 'Com4QLBEx.exe' - '19' Module(s) have been scanned Scan process 'WiFiMsg.EXE' - '36' Module(s) have been scanned Scan process 'hpqWmiEx.exe' - '32' Module(s) have been scanned Scan process 'avgnt.exe' - '49' Module(s) have been scanned Scan process 'jusched.exe' - '23' Module(s) have been scanned Scan process 'HPWAMain.exe' - '33' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '17' Module(s) have been scanned Scan process 'QLBCTRL.exe' - '43' Module(s) have been scanned Scan process 'QPService.exe' - '90' Module(s) have been scanned Scan process 'LightScribeControlPanel.exe' - '32' Module(s) have been scanned Scan process 'ViewpointService.exe' - '31' Module(s) have been scanned Scan process 'RichVideo.exe' - '22' Module(s) have been scanned Scan process 'BLService.exe' - '27' Module(s) have been scanned Scan process 'QPSched.exe' - '40' Module(s) have been scanned Scan process 'QPCapSvc.exe' - '77' Module(s) have been scanned Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned Scan process 'sched.exe' - '56' Module(s) have been scanned Scan process 'avguard.exe' - '64' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '344' files ). Starting the file scan: Begin scan in 'C:\' C:\HP\BIN\EndProcess.exe [DETECTION] Contains recognition pattern of the APPL/KillApp.A application Begin scan in 'D:\' <HP_RECOVERY> Beginning disinfection: C:\HP\BIN\EndProcess.exe [DETECTION] Contains recognition pattern of the APPL/KillApp.A application [NOTE] The file was moved to the quarantine directory under the name '4871c5cd.qua'. End of the scan: Saturday, November 13, 2010 01:57 Used time: 52:20 Minute(s) The scan has been done completely. 28218 Scanned directories 463940 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 463939 Files not concerned 2793 Archives were scanned 0 Warnings 1 Notes 611472 Objects were scanned with rootkit scan 18 Hidden objects were found thanks for your help!
  5. ok, here is one that i found right now in my pictures\for sale file. desktop seams to always be a 1kb process that jumps from one file to another, constantly. removing all my pics "the hard way" consisted of opening each individual file and "copying" the clean pics(hopefully) to a new folder on my desktop, then "copying" them to the E drive/cd. if i did it any other way, as in cut paste, or through file\move to folder\E\ etc, the download would not finish(computer makes crazy noises) then disc would not eject, and windows would stop responding. i hit ctl alt del and before the task manager even opens, windows is running again. i found this today, and in the same file, i found a shortcut pic with no picture in it. i cant even open it. 374bytes but taking 4.00kb on disc. created aug 29, 2010, modified oct 18, 2008, accessed aug 29, 2010. i've had this computer for almost a year and bought it new. also, i have many files w shortcut logos on them that i cannot access. desktop.ini from my for sale folder. hidden [LocalizedFileNames] Pictures.lnk=@shell32.dll,-21779 Sample Pictures.lnk=@%SystemRoot%\system32\shell32.dll,-21805 desktop.ini from its own folder. pictures\Slide Shows. hidden [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21819 another. hidden [LocalizedFileNames] Pictures.lnk=@shell32.dll,-21779 desktop.ini in pictures folder, hidden. [ExtShellFolderViews] Default={8BEBB290-52D0-11D0-B7F4-00C04FD706EC} {8BEBB290-52D0-11D0-B7F4-00C04FD706EC}={8BEBB290-52D0-11D0-B7F4-00C04FD706EC} {5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262} [{5984FFE0-28D4-11CF-AE66-08002B2E1262}] WebViewTemplate.NT5=%WebDir%\ImgView.htt [.ShellClassInfo] InfoTip=@Shell32.dll,-12688 IconFile=%SystemRoot%\system32\mydocs.dll IconIndex=-101 [DeleteOnCopy] Owner=PeterM Personalized=39 PersonalizedName=My Pictures desktop.ini in my documents. the only file in there now. created 11-7-2010, 1kb [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21770 IconResource=%SystemRoot%\system32\imageres.dll,-112 IconFile=%SystemRoot%\system32\shell32.dll IconIndex=-235 1 'read only hidden file' named 'Originals' w 1 pic in it, but 3 files. made aug 29 2010. once i open it i find hidden picasa.ini and Thumbs.db, but the picture in the file is not hidden. if that makes sense. about 20 new shortcut files from today in my Youcam pics folder. i tryed to open them, nothing there. i check properties and its a document. but i have no access to my docs(shortcut logo) just found SIV100.tmp and SIV105.tmp in my pictures. wont open, hidden, modified in 2008 SIV28A.tmp, created aug 29, 2010, modified oct 22, 2005. hidden. AdobeAR8.1.2_A5.cva 4kb. SwSetup\Adobe. created april 21, 2008. notepad, then when i closed it, i couldnt open it again. good thing i copied. C:\Swsetup\Adobe\AdobeAR8.1.2_A5.cva C:\Swsetup\CyberDVD\CyberLink DVD Suite.cva C:\Swsetup\Drivers\Audio\1001902.CVA C:\Swsetup\Drivers\Chipset\1001909.CVA C:\Swsetup\Drivers\CIR\1001907.CVA C:\Swsetup\Drivers\CReader\1001905.cva C:\Swsetup\Drivers\Modem\vista_modem_installer.cva C:\Swsetup\Drivers\Network\1001904.CVA C:\Swsetup\Drivers\ProtSHD\SP39123.CVA C:\Swsetup\Drivers\Touchpad\1001987.CVA C:\Swsetup\Drivers\Video\1001950.cva C:\Swsetup\Drivers\WLAN\sp38119.cva C:\Swsetup\ESUVT\ESU.CVA C:\Swsetup\HPASL\sp39157.cva C:\Swsetup\HPUGID\UG0101.CVA C:\Swsetup\HPUpdate\HPSU.cva C:\Swsetup\HSC\SP38989.cva C:\Swsetup\Inetsec\Sym.cva C:\Swsetup\LSSS\LSSS.cva C:\Swsetup\MMFlash\AdobeFlash9.0.115.0.CVA C:\Swsetup\MSWorks\MS Works 90.cva C:\Swsetup\MVEDV\MuveeBasic_6.1.4.26_1758b_A6.cva C:\Swsetup\QLB\SP38688.CVA C:\Swsetup\QPW\QP4W.cva C:\Swsetup\QTouch\QTouch.cva C:\Swsetup\SFTD\Slingboxflashtour.CVA C:\Swsetup\SPFS\Slingbox140206_A2.cva C:\Swsetup\SUNJAVA\SunJava.cva C:\Swsetup\sw_ver\325670B2.CVA C:\Swsetup\sw_ver\OCAMRK.CVA C:\Swsetup\sw_ver\TPV6HP00.CVA C:\Swsetup\WLASST\SP39041.CVA C:\Swsetup\YouCam\Youcam.cva Resegrg_.TTF from 3-22-2004 ReserviorGrunge. i have no idea where this came from, or what it is. 'full security, Everyone' under properties. something about font type. file version jan 23, 2002, initial release. ©1999 ZETAfonts for copyright. this is one of many TTF files in SwSetup. it seams that most of the desktop.ini files are gone. maybe from my constant cleaning, or maybe ??? Thumbs.db is everywhere now, including other randoms, like IPH.PH, 1kb, dated 3-20-2010. i have never used AOL. i just found a word doc dated 3-10-2010 regarding MS framework. eula.rtf[compatability mode] in chinese. i'd post it for you, but i cannot copy it. under C\ton of numbers&letters\1028 this is from yesterday. i just found it under bedigandmary\appdata\local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 4kb, notepad, not hidden.
  6. hello, i've ordered the disc, should be here tomorrow. Bogus files... adobe reader 8 certain picture files(with no picture in it), wouldn't delete. i check the 'hidden process' etc and find Thumbs.db(hidden), ehthumbs.db(not hidden), Desktop.ini(hidden, the culprit i think) Desktop.is the hidden process thats in most of the files. thumbs and ehthumbs are in most all, sometimes hidden sometimes not, sometimes both. ehthumbs_vista.db is another i found. hpqp.ini. all 1kb files this is what one of the desktop.ini hidden process text files have right now. i copy/pasted below [LocalizedFileNames] Pictures.lnk=@shell32.dll,-21779 Sample Pictures.lnk=@%SystemRoot%\system32\shell32.dll,-21805 also came across this. found it 11-6-2010, i removed some text and added **** in a few spots, then decided to just leave it alone and post. if you would like, i'll post the rest. IntelGFX.log >>> 3/20/2010 13:51:50:321 [installer] Installer Version: 1.1.10.0 Date Compiled = Fri Apr 11 10:51:31 2008 Commandline = -s [Resources] Intel® 4 Series Express Chipset Family HardwareID = PCI\VEN_8086&DEV_2A43&SUBSYS_360B103C Matched HardwareID = PCI\VEN_8086&DEV_2A42&SUBSYS_30F7103C Installed Driver = {4d36e968-e325-11ce-bfc1-08002be10318}\0000 !!! ERROR 0x2: Error querying registry key Matched HardwareID = PCI\VEN_8086&DEV_2A43&SUBSYS_30F7103C {INF Info} Current INF = C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf Date = 06/04/2008 Version = 6.10.00.2056 ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318} PackageInfo.Name = PackageInfo.Sequence = 0 PackageInfo.INFSource = Manufacturer = Intel,NT.5.1,NTamd64.6.0 Resolved Manufacturer = Intel.NTamd64.6.0 Inf supports 64 bit. Description: Intel® High Definition Audio HDMI HardwareID = HDAUDIO\FUNC_***** Description: Intel® High Definition Audio HDMI HardwareID = HDAUDIO\FUNC_01**** Matched HardwareID = HDAUDIO\FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101 Installed Driver = {4d3****}\0007 [Manditory Filters] [Filter Active] [Filter 4ID] [PreChecks] Windows Version = WINVSTA New version = 7.15.10.1502 Old version = 6.0.6001.18000 New version = 7.15.10.1502 Old version = New version = 6.10.00.2056 Old version = 6.0.6000.16386 [Dialogs] Mode = Silent [Cleanup Previous] Using RegDeleteKeyEx [installApp] Opened IIF2.ini [Filter INI Conditions] [CopyDir] [CopyFiles] New Uninstall Key = copyfile0 Copy File Source = C:\SwSetup\Drivers\Video\setup.exe Copy File Destination = C:\Windows\SysWOW64\igxpun.exe Silent mode. Skipping dialogs. Copy File Source = C:\SwSetup\Drivers\Video\difxapi.dll Copy File Destination = C:\Windows\SysWOW64\difxapi.dll Silent mode. Skipping dialogs. Copy File Source = C:\SwSetup\Drivers\Video\x64\difxapi.dll Copy File Destination = C:\Windows\SysWOW64\x64\difxapi.dll Silent mode. Skipping dialogs. Copy File Source = C:\SwSetup\Drivers\Video\x64\Difx64.exe Copy File Destination = C:\Windows\SysWOW64\x64\Difx64.exe Silent mode. Skipping dialogs. New Uninstall Key = copyfile1 Copy File Source = C:\SwSetup\Drivers\Video\Lang\HDMI\ENU\HDMIENU.dll Copy File Destination = C:\Windows\SysWOW64\Lang\HDMI\ENU\HDMIENU.dll Silent mode. Skipping dialogs. New Uninstall Key = copyfile2 Copy File (uninstallonly) = C:\Windows\SysWOW64\igfxsrvc.exe New Uninstall Key = copyfile3 Copy File (uninstallonly) = C:\Windows\SysWOW64\igfxtray.exe [Registry] New Uninstall Key = registry0 Created Key (uninstallonly)= HKLM\SOFTWARE\Intel\Display\=, New Uninstall Key = registry1 Create SZ Key = HKLM\System\CurrentControlSet\Control\Windows\SystemDirectory=C:\Windows\SysWOW64,sz Silent mode. Skipping dialogs. New Uninstall Key = registry2 Create SZ Key = HKLM\System\CurrentControlSet\Services\ialm\Device0\SystemDirectory=C:\Windows\SysWOW64,sz Silent mode. Skipping dialogs. New Uninstall Key = registry3 Create SZ Key = HKLM\System\CurrentControlSet\Services\ialm\Device1\SystemDirectory=C:\Windows\SysWOW64,sz Silent mode. Skipping dialogs. New Uninstall Key = registry4 Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\DisplayName=Intel® Graphics Media Accelerator Driver,sz Silent mode. Skipping dialogs. New Uninstall Key = registry5 Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\UninstallString=C:\Windows\SysWOW64\igxpun.exe -uninstall,sz Silent mode. Skipping dialogs. New Uninstall Key = registry6 Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\DisplayIcon=C:\Windows\SysWOW64\igxpun.exe,0,sz Silent mode. Skipping dialogs. New Uninstall Key = registry7 Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\Publisher=Intel Corporation,sz Silent mode. Skipping dialogs. New Uninstall Key = registry8 Create DWORD Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\EstimatedSize=39000000,dw Silent mode. Skipping dialogs. New Uninstall Key = registry9 Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\InstallLocation=C:\Program Files (x86)\Intel\Intel Quick Resume Technology,sz Silent mode. Skipping dialogs. New Uninstall Key = registry10 Create DWORD Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\NoModify=1,dw Silent mode. Skipping dialogs. New Uninstall Key = registry11 Create DWORD Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI\NoRepair=1,dw Silent mode. Skipping dialogs. Create SZ Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\WinSat=winsat dwm -xml results.xml,sz Silent mode. Skipping dialogs. New Uninstall Key = registry12 Created Key (uninstallonly)= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds=, New Uninstall Key = registry13 Created Key (uninstallonly)= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IgfxTray=, New Uninstall Key = registry14 Created Key (uninstallonly)= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Persistence=, [DLLs] [services] [Processes] [shortcuts] [installDev] [Device] Driver = C:\SwSetup\Drivers\Video\Graphics\Kit14110.inf Silent mode. Skipping dialogs. Silent mode. Skipping dialogs. INF = C:\SwSetup\Drivers\Video\Graphics\Kit14110.inf Provider = Microsoft Installed INF = C:\Windows\inf\display.inf Previous driver package = ! Warning 0xE0000235: DriverPackageGetPath failed. Difx = 64 bit Execute command: C:\SwSetup\Drivers\Video\x64\Difx64.exe -DriverInf "C:\SwSetup\Drivers\Video\Graphics\Kit14110.inf" -Flags 20 -KeyPath "Software\Intel\Difx64" Using RegDeleteKeyEx Installed Package = C:\SwSetup\Drivers\Video\Graphics\Kit14110.inf Package Requires Reboot = no New Uninstall Key = inf0 [Device] Driver = C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf Silent mode. Skipping dialogs. Silent mode. Skipping dialogs. INF = C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf Provider = Microsoft Installed INF = C:\Windows\inf\hdaudio.inf Previous driver package = ! Warning 0xE0000235: DriverPackageGetPath failed. Difx = 64 bit Execute command: C:\SwSetup\Drivers\Video\x64\Difx64.exe -DriverInf "C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf" -Flags 20 -KeyPath "Software\Intel\Difx64" Using RegDeleteKeyEx Installed Package = C:\SwSetup\Drivers\Video\HDMI\IntcHdmi.inf Package Requires Reboot = no New Uninstall Key = inf1 Using RegDeleteKeyEx [Finish] [ResponseResult] ResultCode = 0 <<< 3/20/2010 13:53:28:789 i dont know if any of these are normal, but i also found some word docs that are in japanese/chinese/?? its not english, i know that. cant find it, but found this log file from a few minutes ago. its a SetupExe(*ton of numbers*).log this is only a small portion. PERF: TickCount=208477162 Name=RunSetup Description=Begin function Catalyst execution began: 11/09/2010 18:00:37. Setup COM Server Session: CollectUserInfo. The ProductCode ({91120000-002F-0000-0000-0000000FF1CE}) is resolved to ProductId (HOMESTUDENTR) Setupexe Resiliency Mode is set to [AlwaysPerform]; thus Resiliency is [enabled] for the [CollectUserInfoExecutionMode] Ensuring the install-state of setup controller files for product [HOMESTUDENTR]. Ensuring the install-state of setup controller featur... also found about 5 renamed pictures in a random file. i know i didnt do it, the names have about 20 numbers or more. i have no idea if any of these are normal, but there is much i'm not adding. please let me know if there is anything specific you'd like to know, or that i can do, prior to my complete restore. thank you so much for your help!
  7. thank you Screen, i completely agree. i've spent a few days(literally) backing up all data. then i started erasing bogus files, my windows would stop working "windows not responding" mbam didnt run, Avira scan took 4 hours, etc... at this point, short of reenacting a scene from one of my favorite movies, Office Space(and the printer, lol), i need to do a complete system restore w a factory disc. question... would you recommend i stay w Vista or upgrade to 7? i'm going to buy a new computer in the next 3 weeks, so this computer will end up as an extra. also, any idea on how i could have got this?? thanks for all your help!!
  8. hello i did what you said. the settings regarding tcp/ip was already set at your recommended settings. but i have 2, Version 6 (TCP/IPv6) & Version 4 (TCP/IPv4). i checked both, settings are good on both, but do i need both? also, everytime i reboot my system, windows def gives me a security warning; one is "firewall is off" the other "antivirus is off". i get one of the 2 everytime i reboot now. it does go away on its own, or somehow turns itself back on, regardless of what i do. its still not right by any means. what can i do to completely erase this? i'm in the process of backing up my pics and docs to floppy discs...i mean cd's... caveman style it wouldnt let me do it the easy way, so i have to pull every file so i dont transfer the hidden process thats in 'every' folder... i cant even compile all my pics into 1 folder. and it wont eject the disc if i dont do it the 'hard way'... do you think it would help it i remove all programs(avira, mbam, spybot, itunes, defogger, etc) then reinstall them all again? also, i'm going to order a system restore CD from HP, just in case. thanks for your help!!! i'll be patiently waiting for your reply
  9. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: Compal BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv4 Notebook PC Logical Drives Mask: 0x0000001c Kernel Drivers (total 196): 0x02616000 \SystemRoot\system32\ntoskrnl.exe 0x02B2D000 \SystemRoot\system32\hal.dll 0x00602000 \SystemRoot\system32\kdcom.dll 0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00647000 \SystemRoot\system32\PSHED.dll 0x0065B000 \SystemRoot\system32\CLFS.SYS 0x006B8000 \SystemRoot\system32\CI.dll 0x00809000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008E3000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008F1000 \SystemRoot\system32\drivers\acpi.sys 0x00947000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00950000 \SystemRoot\system32\drivers\msisadrv.sys 0x0095A000 \SystemRoot\system32\drivers\pci.sys 0x0098A000 \SystemRoot\system32\drivers\isapnp.sys 0x00993000 \SystemRoot\system32\drivers\mpio.sys 0x009B5000 \SystemRoot\System32\drivers\partmgr.sys 0x009CA000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x009CE000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x009DA000 \SystemRoot\system32\drivers\volmgr.sys 0x0076A000 \SystemRoot\System32\drivers\volmgrx.sys 0x009EE000 \SystemRoot\system32\drivers\intelide.sys 0x007D0000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x009F6000 \SystemRoot\system32\drivers\pciide.sys 0x00800000 \SystemRoot\system32\drivers\aliide.sys 0x007E0000 \SystemRoot\system32\drivers\amdide.sys 0x007E7000 \SystemRoot\system32\drivers\cmdide.sys 0x00A0D000 \SystemRoot\System32\drivers\mountmgr.sys 0x00A20000 \SystemRoot\system32\drivers\msdsm.sys 0x00A3E000 \SystemRoot\system32\drivers\nvraid.sys 0x00A61000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x00A8D000 \SystemRoot\system32\drivers\viaide.sys 0x00A95000 \SystemRoot\system32\drivers\iastorv.sys 0x00B5C000 \SystemRoot\system32\drivers\atapi.sys 0x00B64000 \SystemRoot\system32\drivers\ataport.SYS 0x00B88000 \SystemRoot\system32\drivers\lsi_scsi.sys 0x00C04000 \SystemRoot\system32\drivers\storport.sys 0x00C61000 \SystemRoot\system32\drivers\nvstor.sys 0x00C71000 \SystemRoot\system32\drivers\msahci.sys 0x00C7B000 \SystemRoot\system32\drivers\hpcisss.sys 0x00C89000 \SystemRoot\system32\drivers\adp94xx.sys 0x00D02000 \SystemRoot\system32\drivers\adpahci.sys 0x00D58000 \SystemRoot\system32\drivers\adpu160m.sys 0x00D79000 \SystemRoot\system32\drivers\SCSIPORT.SYS 0x00DA7000 \SystemRoot\system32\drivers\adpu320.sys 0x00DD6000 \SystemRoot\system32\drivers\djsvs.sys 0x00BA6000 \SystemRoot\system32\drivers\arc.sys 0x00BBF000 \SystemRoot\system32\drivers\arcsas.sys 0x00E0D000 \SystemRoot\system32\drivers\elxstor.sys 0x00EB0000 \SystemRoot\system32\drivers\i2omp.sys 0x00EBB000 \SystemRoot\system32\drivers\iirsp.sys 0x00ECC000 \SystemRoot\system32\drivers\iteatapi.sys 0x00ED9000 \SystemRoot\system32\drivers\iteraid.sys 0x00EE6000 \SystemRoot\system32\drivers\lsi_fc.sys 0x00F04000 \SystemRoot\system32\drivers\lsi_sas.sys 0x00F20000 \SystemRoot\system32\drivers\megasas.sys 0x00F2C000 \SystemRoot\system32\drivers\megasr.sys 0x00FF3000 \SystemRoot\system32\drivers\mraid35x.sys 0x00DEE000 \SystemRoot\system32\drivers\nfrd960.sys 0x01009000 \SystemRoot\system32\drivers\ql2300.sys 0x0115B000 \SystemRoot\system32\drivers\ql40xx.sys 0x011B9000 \SystemRoot\system32\drivers\sisraid2.sys 0x011C7000 \SystemRoot\system32\drivers\sisraid4.sys 0x011DD000 \SystemRoot\system32\drivers\symc8xx.sys 0x011EB000 \SystemRoot\system32\drivers\sym_hi.sys 0x00BD8000 \SystemRoot\system32\drivers\sym_u3.sys 0x0120C000 \SystemRoot\system32\drivers\uliahci.sys 0x01255000 \SystemRoot\system32\drivers\ulsata.sys 0x01284000 \SystemRoot\system32\drivers\ulsata2.sys 0x012C6000 \SystemRoot\system32\drivers\vsmraid.sys 0x012ED000 \SystemRoot\system32\drivers\fltmgr.sys 0x01334000 \SystemRoot\system32\drivers\fileinfo.sys 0x01348000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0140F000 \SystemRoot\system32\drivers\ndis.sys 0x01601000 \SystemRoot\system32\drivers\msrpc.sys 0x01651000 \SystemRoot\system32\drivers\NETIO.SYS 0x01801000 \SystemRoot\System32\drivers\tcpip.sys 0x01977000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01A03000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01B83000 \SystemRoot\system32\drivers\wd.sys 0x01B8B000 \SystemRoot\system32\drivers\volsnap.sys 0x01BCF000 \SystemRoot\System32\Drivers\spldr.sys 0x01BD7000 \SystemRoot\system32\drivers\sbp2port.sys 0x019A3000 \SystemRoot\System32\Drivers\mup.sys 0x019B5000 \SystemRoot\System32\drivers\ecache.sys 0x01BF0000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x019E1000 \SystemRoot\system32\drivers\disk.sys 0x019F5000 \SystemRoot\system32\drivers\crcdisk.sys 0x016CE000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x016DB000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x016E4000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x01BFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x02A0E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x016F7000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x0319A000 \SystemRoot\System32\drivers\watchdog.sys 0x031AA000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x031B6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x017DA000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03208000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03409000 \SystemRoot\system32\DRIVERS\bcmwl664.sys 0x03581000 \SystemRoot\system32\DRIVERS\Rtlh64.sys 0x035AC000 \SystemRoot\system32\DRIVERS\jmcr.sys 0x035CF000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x035E5000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x035F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x032F5000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0x03329000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03335000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03351000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x0335E000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x0336A000 \SystemRoot\system32\DRIVERS\enecir.sys 0x03400000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03386000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x033BF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x033CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x033EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x013CF000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x017EB000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x015D2000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x00BE6000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x03607000 \SystemRoot\system32\DRIVERS\termdd.sys 0x0361A000 \SystemRoot\system32\DRIVERS\swenum.sys 0x0361C000 \SystemRoot\system32\DRIVERS\ks.sys 0x03650000 \SystemRoot\system32\DRIVERS\circlass.sys 0x03661000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x0366C000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0367C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x036C4000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x036D8000 \SystemRoot\system32\DRIVERS\stwrt64.sys 0x03753000 \SystemRoot\system32\DRIVERS\portcls.sys 0x0378E000 \SystemRoot\system32\DRIVERS\drmk.sys 0x037B1000 \SystemRoot\system32\drivers\ksthunk.sys 0x04A0E000 \SystemRoot\system32\DRIVERS\agrsm64.sys 0x04B4A000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04B4C000 \SystemRoot\system32\drivers\modem.sys 0x04B5B000 \SystemRoot\system32\drivers\IntcHdmi.sys 0x04B80000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x04B89000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x04B9B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x04BA3000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x04BBF000 \SystemRoot\system32\DRIVERS\hidir.sys 0x04BCA000 \SystemRoot\system32\DRIVERS\Amusbx64.sys 0x04BD3000 \SystemRoot\System32\Drivers\usbvideo.sys 0x04A00000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x037B7000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x037C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x037CC000 \SystemRoot\System32\Drivers\Null.SYS 0x037D5000 \SystemRoot\system32\DRIVERS\Amfltx64.sys 0x037DE000 \SystemRoot\System32\drivers\vga.sys 0x04C0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x04C34000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x04C3D000 \SystemRoot\system32\drivers\rdpencdd.sys 0x04C46000 \SystemRoot\System32\Drivers\Msfs.SYS 0x04C51000 \SystemRoot\System32\Drivers\Npfs.SYS 0x04C62000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x04C6B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x04C88000 \SystemRoot\system32\DRIVERS\smb.sys 0x04CA3000 \SystemRoot\system32\drivers\afd.sys 0x04D0E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04D52000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04D70000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04D7F000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04D9A000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04DE7000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04E0C000 \SystemRoot\System32\Drivers\dfsc.sys 0x04E29000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x04E4B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04E59000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x04E65000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x000E0000 \SystemRoot\System32\win32k.sys 0x04E6F000 \SystemRoot\System32\drivers\Dxapi.sys 0x04E7B000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00450000 \SystemRoot\System32\TSDDD.dll 0x006B0000 \SystemRoot\System32\cdd.dll 0x04E8E000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x04EAB000 \SystemRoot\system32\drivers\luafv.sys 0x04ECD000 \SystemRoot\system32\drivers\spsys.sys 0x04F67000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x04F7B000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x04FAF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x04FBA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x16E01000 \SystemRoot\system32\drivers\HTTP.sys 0x16EA4000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x16ECD000 \SystemRoot\system32\DRIVERS\bowser.sys 0x16EEB000 \SystemRoot\System32\drivers\mpsdrv.sys 0x16F05000 \SystemRoot\system32\drivers\mrxdav.sys 0x16F2C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x16F55000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x16F9E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x16FBD000 \SystemRoot\System32\DRIVERS\srv2.sys 0x17201000 \SystemRoot\System32\DRIVERS\srv.sys 0x17295000 \SystemRoot\system32\drivers\peauth.sys 0x1734B000 \SystemRoot\System32\Drivers\secdrv.SYS 0x17356000 \SystemRoot\System32\drivers\tcpipreg.sys 0x17368000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x17384000 \??\C:\Windows\system32\drivers\mbam.sys 0x77110000 \WINDOWS\System32\ntdll.dll Processes (total 74): 0 System Idle Process 4 System 476 C:\WINDOWS\System32\smss.exe 572 csrss.exe 608 C:\WINDOWS\System32\wininit.exe 628 csrss.exe 664 C:\WINDOWS\System32\services.exe 676 C:\WINDOWS\System32\lsass.exe 684 C:\WINDOWS\System32\lsm.exe 844 C:\WINDOWS\System32\winlogon.exe 872 C:\WINDOWS\System32\svchost.exe 916 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 936 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 364 C:\WINDOWS\System32\svchost.exe 548 C:\WINDOWS\System32\svchost.exe 624 C:\WINDOWS\System32\svchost.exe 564 C:\WINDOWS\System32\svchost.exe 1040 C:\WINDOWS\System32\svchost.exe 1072 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe 1208 C:\WINDOWS\System32\audiodg.exe 1368 C:\WINDOWS\System32\SLsvc.exe 1412 C:\WINDOWS\System32\svchost.exe 1496 C:\WINDOWS\System32\hpservice.exe 1560 C:\WINDOWS\System32\svchost.exe 1680 C:\WINDOWS\System32\wlanext.exe 1788 C:\WINDOWS\System32\spoolsv.exe 1816 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1828 C:\WINDOWS\System32\svchost.exe 1036 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe 1376 C:\WINDOWS\System32\agr64svc.exe 1476 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1520 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1548 C:\WINDOWS\System32\svchost.exe 1912 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 2152 C:\WINDOWS\System32\svchost.exe 2168 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2184 C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe 2208 C:\WINDOWS\SMINST\BLService.exe 2296 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 2316 C:\WINDOWS\System32\svchost.exe 2348 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe 2380 C:\WINDOWS\System32\svchost.exe 2460 C:\WINDOWS\System32\SearchIndexer.exe 2488 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 1276 C:\WINDOWS\System32\dwm.exe 2404 C:\WINDOWS\System32\taskeng.exe 720 C:\WINDOWS\explorer.exe 3184 C:\WINDOWS\System32\igfxtray.exe 3192 C:\WINDOWS\System32\hkcmd.exe 3200 C:\WINDOWS\System32\igfxpers.exe 3208 C:\Program Files\Apoint2K\Apoint.exe 3216 C:\WINDOWS\System32\taskeng.exe 3232 C:\Program Files\IDT\WDM\sttray64.exe 3240 C:\WINDOWS\ehome\ehtray.exe 3260 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe 3292 C:\WINDOWS\System32\igfxsrvc.exe 3440 C:\Program Files (x86)\HP\QuickPlay\QPService.exe 3448 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3456 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3484 C:\Program Files (x86)\iTunes\iTunesHelper.exe 3520 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3608 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3684 C:\WINDOWS\ehome\ehmsas.exe 2624 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 3136 C:\Program Files\iPod\bin\iPodService.exe 3856 WmiPrvSE.exe 2244 C:\Program Files\Apoint2K\ApMsgFwd.exe 3604 C:\Program Files\Apoint2K\ApntEx.exe 2704 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 2816 C:\WINDOWS\System32\SearchProtocolHost.exe 3656 C:\WINDOWS\System32\SearchFilterHost.exe 3664 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe 800 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 2264 C:\Users\BedigandMary\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`69700000 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done!
  10. hello, only one file opened(otl.txt). nothing else saved to my desktop. i tryed to open 'my documents', access denied. checked newest i use a linksys router. should i reset it or wait for further instructions? thank you! quick side note, my last infection was found in my mbr. OTL logfile created on: 10/31/2010 4:46:52 PM - Run 2 OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\BedigandMary\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 221.65 Gb Total Space | 126.58 Gb Free Space | 57.11% Space Free | Partition Type: NTFS Drive D: | 11.24 Gb Total Space | 1.83 Gb Free Space | 16.25% Space Free | Partition Type: NTFS Computer Name: BEDIGANDMARY-PC | User Name: BedigandMary | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/10/31 16:44:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe ========== Modules (SafeList) ========== MOD - [2010/10/31 16:44:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV) SRV:64bit: - [2008/03/18 16:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv) SRV:64bit: - [2008/02/12 13:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/12/11 12:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio) SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/10/23 02:16:34 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX) DRV:64bit: - [2008/10/23 02:16:34 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV) DRV:64bit: - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:64bit: - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/04/11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR) DRV:64bit: - [2008/03/27 12:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2008/03/27 12:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2008/02/29 15:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt) DRV:64bit: - [2008/01/31 16:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir) DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV) DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf) DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL) DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter) DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD) DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2010/08/17 12:48:08 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 03:12:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 13:25:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 13:25:50 | 000,000,000 | ---D | M] [2010/03/20 20:08:13 | 000,000,000 | ---D | M] -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Extensions [2010/10/31 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Firefox\Profiles\a11mwgv3.default\extensions [2010/04/28 14:48:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Firefox\Profiles\a11mwgv3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/10/31 16:37:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/05/04 16:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/10/31 16:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/10/31 16:37:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\BedigandMary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\BedigandMary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/31 16:44:05 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe [2010/10/31 16:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010/10/31 16:37:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/10/31 16:37:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/10/31 16:37:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/10/31 16:33:21 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\BedigandMary\Desktop\jxpiinstall.exe [2010/10/29 10:08:00 | 000,000,000 | ---D | C] -- C:\Users\BedigandMary\Desktop\tdsskiller [2010/10/26 11:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/10/26 11:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010/10/26 11:42:02 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\BedigandMary\Desktop\spybotsd162.exe [2010/10/26 10:20:35 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2010/10/26 10:20:35 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2010/10/26 10:20:25 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2010/10/26 10:20:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010/10/26 10:20:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010/10/26 10:20:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010/10/24 00:06:39 | 000,000,000 | R--D | C] -- C:\Users\BedigandMary\Desktop\bedopkzfuku449 [2010/10/13 09:16:11 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll [2010/10/13 09:16:11 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll [2010/10/13 09:16:08 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010/10/13 09:15:59 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010/10/13 09:15:58 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010/10/13 09:15:57 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010/10/13 09:15:57 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010/10/13 09:15:56 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010/10/13 09:15:56 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2010/10/13 09:15:56 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010/10/13 09:15:56 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010/10/13 09:15:56 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010/10/13 09:15:56 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll [2010/10/13 09:15:56 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll [2010/10/13 09:15:55 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2010/10/13 09:15:41 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010/10/13 09:15:36 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010/10/13 09:15:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010/10/13 09:15:33 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010/10/13 09:15:19 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010/10/13 09:15:19 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010/10/13 09:15:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010/10/13 09:15:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010/10/13 09:15:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2010/10/13 09:15:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2010/10/13 09:15:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll [2010/10/13 09:15:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010/10/13 09:14:58 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010/10/13 09:11:43 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010/10/13 09:11:43 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010/10/05 09:53:59 | 000,000,000 | ---D | C] -- C:\Users\BedigandMary\AppData\Roaming\Avira [2010/10/05 09:42:15 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010/10/05 09:42:15 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010/10/05 09:42:15 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010/10/05 09:42:15 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010/10/05 09:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira ========== Files - Modified Within 30 Days ========== [2010/10/31 16:44:06 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe [2010/10/31 16:37:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010/10/31 16:37:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/10/31 16:37:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/10/31 16:37:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/10/31 16:33:22 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\BedigandMary\Desktop\jxpiinstall.exe [2010/10/31 16:28:19 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/10/31 16:28:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/10/31 16:28:06 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/10/31 16:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/10/31 16:27:47 | 4256,133,120 | -HS- | M] () -- C:\hiberfil.sys [2010/10/31 16:26:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/10/31 13:57:23 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F54C0B5-B365-4AD8-9FC0-6DCF103A51F6}.job [2010/10/29 12:29:59 | 000,869,051 | ---- | M] () -- C:\Users\BedigandMary\Desktop\SecurityCheck.exe [2010/10/29 10:06:38 | 001,207,026 | ---- | M] () -- C:\Users\BedigandMary\Desktop\tdsskiller.zip [2010/10/26 11:59:09 | 000,001,079 | ---- | M] () -- C:\Users\BedigandMary\Desktop\Spybot - Search & Destroy (for blind users).lnk [2010/10/26 11:59:09 | 000,001,057 | ---- | M] () -- C:\Users\BedigandMary\Desktop\Spybot - Search & Destroy.lnk [2010/10/26 11:50:27 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\BedigandMary\Desktop\spybotsd162.exe [2010/10/24 20:09:13 | 000,000,000 | ---- | M] () -- C:\Users\BedigandMary\defogger_reenable [2010/10/24 20:07:55 | 000,050,477 | ---- | M] () -- C:\Users\BedigandMary\Desktop\Defogger.exe [2010/10/24 19:43:53 | 000,294,912 | ---- | M] () -- C:\Users\BedigandMary\Desktop\kydnc9g2.exe [2010/10/24 19:32:31 | 000,545,280 | ---- | M] () -- C:\Users\BedigandMary\Desktop\dds.scr [2010/10/21 03:03:01 | 000,726,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/10/21 03:03:01 | 000,608,644 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/10/21 03:03:01 | 000,106,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/10/13 09:29:35 | 000,314,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/10/05 09:42:28 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/10/05 09:31:37 | 044,089,904 | ---- | M] () -- C:\Users\BedigandMary\Desktop\avira_antivir_personal_en.exe ========== Files Created - No Company Name ========== [2010/10/29 12:29:54 | 000,869,051 | ---- | C] () -- C:\Users\BedigandMary\Desktop\SecurityCheck.exe [2010/10/29 10:08:20 | 000,058,024 | ---- | C] () -- \TDSSKiller.2.4.5.1_29.10.2010_10.08.20_log.txt [2010/10/29 10:06:36 | 001,207,026 | ---- | C] () -- C:\Users\BedigandMary\Desktop\tdsskiller.zip [2010/10/26 11:59:09 | 000,001,079 | ---- | C] () -- C:\Users\BedigandMary\Desktop\Spybot - Search & Destroy (for blind users).lnk [2010/10/26 11:59:09 | 000,001,057 | ---- | C] () -- C:\Users\BedigandMary\Desktop\Spybot - Search & Destroy.lnk [2010/10/24 20:09:13 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\defogger_reenable [2010/10/24 20:07:54 | 000,050,477 | ---- | C] () -- C:\Users\BedigandMary\Desktop\Defogger.exe [2010/10/24 19:43:53 | 000,294,912 | ---- | C] () -- C:\Users\BedigandMary\Desktop\kydnc9g2.exe [2010/10/24 19:32:30 | 000,545,280 | ---- | C] () -- C:\Users\BedigandMary\Desktop\dds.scr [2010/10/05 09:42:28 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/10/05 09:27:26 | 044,089,904 | ---- | C] () -- C:\Users\BedigandMary\Desktop\avira_antivir_personal_en.exe [2010/08/23 10:11:53 | 4256,133,120 | -HS- | C] () -- [2010/08/17 12:48:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys [2010/08/11 21:08:05 | 000,000,732 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\d3d9caps64.dat [2010/08/03 20:17:45 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Roaming\wklnhst.dat [2010/04/19 10:59:21 | 000,005,632 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/26 04:08:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010/03/26 04:07:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010/03/20 19:55:51 | 000,427,144 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistMSI3630.txt [2010/03/20 19:55:50 | 000,011,626 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistUI3630.txt [2010/03/20 19:30:15 | 000,002,402 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistMSI2284.txt [2010/03/20 19:30:08 | 000,125,744 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistUI2284.txt [2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\QSwitch.txt [2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\DSwitch.txt [2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\AtStart.txt [2010/03/20 15:11:10 | 000,000,366 | -H-- | C] () -- \IPH.PH [2010/03/20 13:39:18 | 274,755,583 | -HS- | C] () -- [2008/02/08 01:51:02 | 000,333,257 | RHS- | C] () -- \bootmgr [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/12/01 23:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll < End of report >
  11. hello, i did as instructed, tdss did not reboot my computer. eset didnt find anything(i did see an option to 'scan archives' but did not select it). i did however check the 'remove program and all of its... after scan' and hit finish, but its still in my comp. i'll try a reboot and see if anything has changed. also, the black window that opened when i ran the Security check is exactly what i see for a split second before i run defogger(which never rebooted my system either) plus, Avira opened an update window during the scan. i added that info as well, just in case. i have not run a scan w Avira or mbam today, i'll do that now. IP block today around 10:00 am 208.73.210.29. still getting redirects too. thanks for your help!! Avira AntiVir Personal - Free Antivirus Updater Complete product update Creation time: Fri Oct 29 12:32:28 2010 Operating system: Windows Vista x64 (Service Pack 2) [6.0.6002] 64 bit Product information: Product version: 10.0.0.567 Updater: C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe 10.0.0.29 Update resource: C:\Program Files (x86)\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0 Library: C:\Program Files (x86)\Avira\AntiVir Desktop\update.dll 0.1.0.44 Plugin: C:\Program Files (x86)\Avira\AntiVir Desktop\updext.dll 10.0.0.8 GUI: C:\Program Files (x86)\Avira\AntiVir Desktop\updgui.dll 10.0.2.0 Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\ Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\ Installation Directory: C:\Program Files (x86)\Avira\AntiVir Desktop\ Updater folder: C:\Program Files (x86)\Avira\AntiVir Desktop\ AppData folder: C:\ProgramData\Avira\AntiVir Desktop\ Proxy settings: System settings used 12:32:29 [uPD] [iNFO] Checking whether newer files are available. 12:32:29 [uPD] [iNFO] Select update server 'http://80.190.143.236/update'. 12:32:29 [uPD] [iNFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. 12:32:30 [uPD] [iNFO] The installation is up to date. An update of the program files, the engine or the virus definitions is therefore unnecessary. Summary: ******** 0 Files downloaded 0 Files installed Fri Oct 29 12:32:30 2010 The update was carried out successfully! 2010/10/29 10:08:20.0632 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49 2010/10/29 10:08:20.0632 ================================================================================ 2010/10/29 10:08:20.0632 SystemInfo: 2010/10/29 10:08:20.0632 2010/10/29 10:08:20.0632 OS Version: 6.0.6002 ServicePack: 2.0 2010/10/29 10:08:20.0632 Product type: Workstation 2010/10/29 10:08:20.0632 ComputerName: BEDIGANDMARY-PC 2010/10/29 10:08:20.0632 UserName: BedigandMary 2010/10/29 10:08:20.0632 Windows directory: C:\Windows 2010/10/29 10:08:20.0632 System windows directory: C:\Windows 2010/10/29 10:08:20.0632 Running under WOW64 2010/10/29 10:08:20.0632 Processor architecture: Intel x64 2010/10/29 10:08:20.0632 Number of processors: 2 2010/10/29 10:08:20.0632 Page size: 0x1000 2010/10/29 10:08:20.0632 Boot type: Normal boot 2010/10/29 10:08:20.0632 ================================================================================ 2010/10/29 10:08:20.0632 Utility is running under WOW64 2010/10/29 10:08:21.0146 Initialize success 2010/10/29 10:08:44.0515 ================================================================================ 2010/10/29 10:08:44.0515 Scan started 2010/10/29 10:08:44.0515 Mode: Manual; 2010/10/29 10:08:44.0515 ================================================================================ 2010/10/29 10:08:45.0311 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys 2010/10/29 10:08:45.0467 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 2010/10/29 10:08:45.0607 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 2010/10/29 10:08:45.0670 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 2010/10/29 10:08:45.0732 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 2010/10/29 10:08:45.0810 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 2010/10/29 10:08:45.0919 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys 2010/10/29 10:08:46.0184 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys 2010/10/29 10:08:46.0340 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 2010/10/29 10:08:46.0403 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 2010/10/29 10:08:46.0450 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys 2010/10/29 10:08:46.0465 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 2010/10/29 10:08:46.0528 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys 2010/10/29 10:08:46.0606 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys 2010/10/29 10:08:46.0652 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys 2010/10/29 10:08:46.0730 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys 2010/10/29 10:08:46.0840 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 2010/10/29 10:08:46.0902 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 2010/10/29 10:08:46.0964 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/10/29 10:08:47.0027 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 2010/10/29 10:08:47.0089 avgntflt (ed2b23707f19ccc1b2a4382b05d31481) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/10/29 10:08:47.0183 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2010/10/29 10:08:47.0308 BCM43XV (3ddc2d2fc52948357ab622b308574d33) C:\Windows\system32\DRIVERS\bcmwl664.sys 2010/10/29 10:08:47.0386 BCM43XX (3ddc2d2fc52948357ab622b308574d33) C:\Windows\system32\DRIVERS\bcmwl664.sys 2010/10/29 10:08:47.0510 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 2010/10/29 10:08:47.0573 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys 2010/10/29 10:08:47.0651 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 2010/10/29 10:08:47.0682 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 2010/10/29 10:08:47.0744 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 2010/10/29 10:08:47.0807 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 2010/10/29 10:08:47.0854 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 2010/10/29 10:08:47.0947 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 2010/10/29 10:08:48.0010 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys 2010/10/29 10:08:48.0056 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 2010/10/29 10:08:48.0134 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys 2010/10/29 10:08:48.0197 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys 2010/10/29 10:08:48.0259 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys 2010/10/29 10:08:48.0322 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 2010/10/29 10:08:48.0400 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 2010/10/29 10:08:48.0446 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys 2010/10/29 10:08:48.0602 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 2010/10/29 10:08:48.0727 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/10/29 10:08:48.0743 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 2010/10/29 10:08:48.0805 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys 2010/10/29 10:08:48.0852 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 2010/10/29 10:08:48.0946 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys 2010/10/29 10:08:49.0055 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 2010/10/29 10:08:49.0148 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 2010/10/29 10:08:49.0242 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys 2010/10/29 10:08:49.0367 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 2010/10/29 10:08:49.0507 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 2010/10/29 10:08:49.0616 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 2010/10/29 10:08:49.0726 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys 2010/10/29 10:08:49.0866 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 2010/10/29 10:08:49.0991 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 2010/10/29 10:08:50.0100 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 2010/10/29 10:08:50.0162 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 2010/10/29 10:08:50.0256 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 2010/10/29 10:08:50.0334 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 2010/10/29 10:08:50.0412 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/10/29 10:08:50.0537 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 2010/10/29 10:08:50.0662 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 2010/10/29 10:08:50.0740 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 2010/10/29 10:08:50.0849 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/10/29 10:08:50.0989 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 2010/10/29 10:08:51.0130 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/10/29 10:08:51.0208 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 2010/10/29 10:08:51.0301 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys 2010/10/29 10:08:51.0426 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 2010/10/29 10:08:51.0504 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 2010/10/29 10:08:51.0566 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys 2010/10/29 10:08:51.0660 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 2010/10/29 10:08:51.0800 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 2010/10/29 10:08:51.0988 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 2010/10/29 10:08:52.0159 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 2010/10/29 10:08:52.0284 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 2010/10/29 10:08:52.0346 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/10/29 10:08:52.0424 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 2010/10/29 10:08:52.0861 igfx (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys 2010/10/29 10:08:53.0314 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 2010/10/29 10:08:53.0532 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\Windows\system32\drivers\IntcHdmi.sys 2010/10/29 10:08:53.0610 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 2010/10/29 10:08:53.0704 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 2010/10/29 10:08:53.0828 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/10/29 10:08:54.0016 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 2010/10/29 10:08:54.0094 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 2010/10/29 10:08:54.0187 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 2010/10/29 10:08:54.0250 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 2010/10/29 10:08:54.0374 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/10/29 10:08:54.0452 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 2010/10/29 10:08:54.0499 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 2010/10/29 10:08:54.0577 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys 2010/10/29 10:08:54.0640 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/10/29 10:08:54.0718 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/10/29 10:08:54.0842 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys 2010/10/29 10:08:54.0936 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 2010/10/29 10:08:55.0108 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 2010/10/29 10:08:55.0217 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 2010/10/29 10:08:55.0264 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 2010/10/29 10:08:55.0310 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 2010/10/29 10:08:55.0326 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 2010/10/29 10:08:55.0435 MBAMProtector (e330051cce41eb4522e5dcebc15adcea) C:\Windows\system32\drivers\mbam.sys 2010/10/29 10:08:55.0498 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 2010/10/29 10:08:55.0560 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 2010/10/29 10:08:55.0622 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 2010/10/29 10:08:55.0654 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 2010/10/29 10:08:55.0685 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 2010/10/29 10:08:55.0747 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 2010/10/29 10:08:55.0763 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 2010/10/29 10:08:55.0810 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 2010/10/29 10:08:55.0856 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 2010/10/29 10:08:55.0888 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 2010/10/29 10:08:55.0950 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 2010/10/29 10:08:56.0044 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/10/29 10:08:56.0200 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/10/29 10:08:56.0324 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/10/29 10:08:56.0449 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys 2010/10/29 10:08:56.0543 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 2010/10/29 10:08:56.0636 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 2010/10/29 10:08:56.0714 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 2010/10/29 10:08:56.0808 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 2010/10/29 10:08:56.0824 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/10/29 10:08:56.0855 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 2010/10/29 10:08:56.0933 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 2010/10/29 10:08:56.0980 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/10/29 10:08:57.0011 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 2010/10/29 10:08:57.0089 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 2010/10/29 10:08:57.0214 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 2010/10/29 10:08:57.0354 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 2010/10/29 10:08:57.0448 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/10/29 10:08:57.0510 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/10/29 10:08:57.0604 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/10/29 10:08:57.0666 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 2010/10/29 10:08:57.0744 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 2010/10/29 10:08:57.0838 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 2010/10/29 10:08:57.0962 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 2010/10/29 10:08:58.0103 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 2010/10/29 10:08:58.0181 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 2010/10/29 10:08:58.0352 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 2010/10/29 10:08:58.0540 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 2010/10/29 10:08:58.0633 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys 2010/10/29 10:08:58.0742 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 2010/10/29 10:08:58.0805 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 2010/10/29 10:08:58.0867 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 2010/10/29 10:08:59.0070 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys 2010/10/29 10:08:59.0117 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 2010/10/29 10:08:59.0179 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 2010/10/29 10:08:59.0273 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 2010/10/29 10:08:59.0335 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys 2010/10/29 10:08:59.0398 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 2010/10/29 10:08:59.0569 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 2010/10/29 10:08:59.0803 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 2010/10/29 10:08:59.0959 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 2010/10/29 10:09:00.0193 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 2010/10/29 10:09:00.0318 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 2010/10/29 10:09:00.0427 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 2010/10/29 10:09:00.0599 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 2010/10/29 10:09:00.0661 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 2010/10/29 10:09:00.0724 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/10/29 10:09:00.0848 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/10/29 10:09:00.0926 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 2010/10/29 10:09:01.0036 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 2010/10/29 10:09:01.0067 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/10/29 10:09:01.0223 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 2010/10/29 10:09:01.0270 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 2010/10/29 10:09:01.0426 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys 2010/10/29 10:09:01.0566 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys 2010/10/29 10:09:01.0660 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 2010/10/29 10:09:01.0722 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 2010/10/29 10:09:01.0816 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys 2010/10/29 10:09:01.0862 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 2010/10/29 10:09:01.0940 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys 2010/10/29 10:09:02.0003 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2010/10/29 10:09:02.0050 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 2010/10/29 10:09:02.0096 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 2010/10/29 10:09:02.0159 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 2010/10/29 10:09:02.0237 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 2010/10/29 10:09:02.0315 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 2010/10/29 10:09:02.0377 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 2010/10/29 10:09:02.0440 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 2010/10/29 10:09:02.0533 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 2010/10/29 10:09:02.0642 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 2010/10/29 10:09:02.0830 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 2010/10/29 10:09:03.0266 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 2010/10/29 10:09:03.0454 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys 2010/10/29 10:09:03.0703 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys 2010/10/29 10:09:03.0797 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys 2010/10/29 10:09:04.0062 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\Windows\system32\DRIVERS\stwrt64.sys 2010/10/29 10:09:04.0327 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 2010/10/29 10:09:04.0405 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 2010/10/29 10:09:04.0702 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 2010/10/29 10:09:04.0920 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 2010/10/29 10:09:05.0326 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys 2010/10/29 10:09:05.0560 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys 2010/10/29 10:09:05.0684 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 2010/10/29 10:09:05.0825 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 2010/10/29 10:09:05.0996 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 2010/10/29 10:09:06.0184 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 2010/10/29 10:09:06.0324 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 2010/10/29 10:09:06.0527 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/10/29 10:09:06.0605 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 2010/10/29 10:09:06.0730 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 2010/10/29 10:09:06.0792 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 2010/10/29 10:09:07.0057 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 2010/10/29 10:09:07.0151 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 2010/10/29 10:09:07.0198 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 2010/10/29 10:09:07.0244 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 2010/10/29 10:09:07.0276 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 2010/10/29 10:09:07.0354 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 2010/10/29 10:09:07.0463 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/10/29 10:09:07.0525 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 2010/10/29 10:09:07.0634 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 2010/10/29 10:09:07.0697 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 2010/10/29 10:09:07.0744 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys 2010/10/29 10:09:07.0822 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 2010/10/29 10:09:07.0900 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 2010/10/29 10:09:07.0993 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/10/29 10:09:08.0040 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/10/29 10:09:08.0149 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys 2010/10/29 10:09:08.0243 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/10/29 10:09:08.0274 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 2010/10/29 10:09:08.0305 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 2010/10/29 10:09:08.0383 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 2010/10/29 10:09:08.0477 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 2010/10/29 10:09:08.0586 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 2010/10/29 10:09:08.0680 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 2010/10/29 10:09:08.0758 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 2010/10/29 10:09:08.0851 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 2010/10/29 10:09:08.0867 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 2010/10/29 10:09:08.0945 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 2010/10/29 10:09:09.0116 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 2010/10/29 10:09:09.0397 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 2010/10/29 10:09:09.0647 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/10/29 10:09:09.0740 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 2010/10/29 10:09:09.0834 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/10/29 10:09:09.0881 ================================================================================ 2010/10/29 10:09:09.0881 Scan finished 2010/10/29 10:09:09.0881 ================================================================================ 2010/10/29 10:09:57.0426 Deinitialize success ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK Results of screen317's Security Check version 0.99.5 Windows Vista (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Java 6 Update 5 Out of date Java installed! Adobe Flash Player 10.1.82.76 ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe windows defender MpCmdRun.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log````````````
  12. thank you its saved as DDS2.txt on my desktop(i've ran it a few times) DDS (Ver_10-10-21.02) - NTFS_AMD64 Run by BedigandMary at 19:32:07.47 on Tue 10/26/2010 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21 Microsoft
  13. hello, 1st off thank you for helping! i had a major infection a few months back on my hp laptop. took some work but Elise helped me get rid of it(thanks Elise!) i dont know what i have now though, similar to before, but more noticable. desktop.ini keeps adding 1kb txt files everywhere! i can not delete, it will just restrict my access to files/pics until its done, then i can access those files again and find this txt again. its hidden in c: desktop, everywhere. my wallpaper is gone today, cant run defogger; i see a black window pop up for a split second right before the defogger window, but no restart after completing. tryed r click admin and double click. nothing. IP blocks, windows defender wont update, etc etc. i can sit and list off for hours but i dont think that will help. these might though... hp laptop, Vista, Avira, Mbam, moz. sorry i've been on this stupid computer all day... thank you for your time and help! it is greatly appreciated!!! defogger_disable.log defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:40 on 24/10/2010 (BedigandMary) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4939 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 10/24/2010 7:21:11 PM mbam-log-2010-10-24 (19-21-11).txt Scan type: Quick scan Objects scanned: 140189 Time elapsed: 5 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-10-24 20:07:00 Windows 6.0.6002 Service Pack 2 Running: kydnc9g2.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186312a50 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186312a50 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- vira AntiVir Personal Report file date: Saturday, October 23, 2010 21:37 Scanning for 2963178 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista x64 Windows version : (Service Pack 2) [6.0.6002] Boot mode : Normally booted Username : SYSTEM Computer name : BEDIGANDMARY-PC Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 16:44:47 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 16:44:57 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 16:45:23 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 16:45:44 VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 16:45:44 VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 16:45:44 VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 16:45:44 VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 16:45:45 VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 16:45:46 VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 16:45:47 VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 16:45:48 VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 16:45:50 VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 16:45:52 VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 16:45:53 VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 16:45:55 VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 16:45:57 VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 18:49:58 VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 17:50:07 VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 15:48:52 VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 16:35:25 VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 16:40:19 VBASE026.VDF : 7.10.12.254 129536 Bytes 10/20/2010 18:57:08 VBASE027.VDF : 7.10.13.22 137728 Bytes 10/22/2010 19:58:47 VBASE028.VDF : 7.10.13.23 2048 Bytes 10/22/2010 19:58:47 VBASE029.VDF : 7.10.13.24 2048 Bytes 10/22/2010 19:58:47 VBASE030.VDF : 7.10.13.25 2048 Bytes 10/22/2010 19:58:47 VBASE031.VDF : 7.10.13.27 12288 Bytes 10/22/2010 19:58:47 Engineversion : 8.2.4.84 AEVDF.DLL : 8.1.2.1 106868 Bytes 10/5/2010 16:46:31 AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/5/2010 16:46:30 AESCN.DLL : 8.1.6.1 127347 Bytes 10/5/2010 16:46:26 AESBX.DLL : 8.1.3.1 254324 Bytes 10/5/2010 16:46:33 AERDL.DLL : 8.1.9.2 635252 Bytes 10/5/2010 16:46:26 AEPACK.DLL : 8.2.3.11 471416 Bytes 10/11/2010 17:52:28 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/5/2010 16:46:19 AEHEUR.DLL : 8.1.2.36 2974072 Bytes 10/20/2010 18:57:23 AEHELP.DLL : 8.1.14.0 246134 Bytes 10/11/2010 17:50:35 AEGEN.DLL : 8.1.3.23 401779 Bytes 10/5/2010 16:46:06 AEEMU.DLL : 8.1.2.0 393588 Bytes 10/5/2010 16:46:04 AECORE.DLL : 8.1.17.0 196982 Bytes 10/5/2010 16:46:03 AEBB.DLL : 8.1.1.0 53618 Bytes 10/5/2010 16:46:01 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: on Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: Saturday, October 23, 2010 21:37 Starting search for hidden objects. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\eula [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\8.0\AdobeViewer\launched [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\Recent Movies\mov04863 [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Cyberlink\Common\EvoParser\QuickPlay\3.7\autocheckperiod [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Cyberlink\Common\EvoParser\YouCam\2.00\autocheckperiod [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Full Tilt Poker\version [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\fdwsupport [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\cformattags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\aformattagcache [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3codecp\cfiltertags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\name [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\name [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\id [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\last [NOTE] The registry entry is invisible. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RFC1156Agent\CurrentVersion\Parameters\trappolltimemillisecs [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring C:\Windows\system32\unregmp2.exe /ShowWMP C:\Windows\system32\unregmp2.exe /ShowWMP [NOTE] The registry entry is invisible. C:\Program Files\Windows Media Player C:\Program Files\Windows Media Player [NOTE] The registry entry is invisible. C:\Program Files\Windows Media Player C:\Windows\system32\wbem\Logs\WMITracing.log C:\Windows\system32\wbem\Logs\WMITracing.log [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e [NOTE] The registry entry is invisible. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Get Online.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Get Online.lnk [NOTE] The registry entry is invisible. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype) [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'avscan.exe' - '79' Module(s) have been scanned Scan process 'avscan.exe' - '30' Module(s) have been scanned Scan process 'avcenter.exe' - '92' Module(s) have been scanned Scan process 'mbamservice.exe' - '44' Module(s) have been scanned Scan process 'Com4QLBEx.exe' - '19' Module(s) have been scanned Scan process 'hpqWmiEx.exe' - '32' Module(s) have been scanned Scan process 'avgnt.exe' - '49' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '73' Module(s) have been scanned Scan process 'mbamgui.exe' - '17' Module(s) have been scanned Scan process 'QLBCTRL.exe' - '44' Module(s) have been scanned Scan process 'QPService.exe' - '90' Module(s) have been scanned Scan process 'ViewpointService.exe' - '31' Module(s) have been scanned Scan process 'RichVideo.exe' - '22' Module(s) have been scanned Scan process 'BLService.exe' - '27' Module(s) have been scanned Scan process 'QPSched.exe' - '39' Module(s) have been scanned Scan process 'QPCapSvc.exe' - '76' Module(s) have been scanned Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned Scan process 'sched.exe' - '56' Module(s) have been scanned Scan process 'avguard.exe' - '67' Module(s) have been scanned Initiating scan of system files: Signed -> 'C:\Windows\system32\svchost.exe' Signed -> 'C:\Windows\system32\winlogon.exe' Signed -> 'C:\Windows\explorer.exe' Signed -> 'C:\Windows\system32\smss.exe' Signed -> 'C:\Windows\system32\wininet.DLL' Signed -> 'C:\Windows\system32\wsock32.DLL' Signed -> 'C:\Windows\system32\ws2_32.DLL' Signed -> 'C:\Windows\system32\services.exe' Signed -> 'C:\Windows\system32\lsass.exe' Signed -> 'C:\Windows\system32\csrss.exe' Signed -> 'C:\Windows\system32\drivers\kbdclass.sys' Signed -> 'C:\Windows\system32\spoolsv.exe' Signed -> 'C:\Windows\system32\alg.exe' Signed -> 'C:\Windows\system32\wuauclt.exe' Signed -> 'C:\Windows\system32\advapi32.DLL' Signed -> 'C:\Windows\system32\user32.DLL' Signed -> 'C:\Windows\system32\gdi32.DLL' Signed -> 'C:\Windows\system32\kernel32.DLL' Signed -> 'C:\Windows\system32\ntdll.DLL' Signed -> 'C:\Windows\system32\ntoskrnl.exe' Signed -> 'C:\Windows\system32\ctfmon.exe' The system files were scanned ('21' files) Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1229' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'D:\' <HP_RECOVERY> End of the scan: Sunday, October 24, 2010 00:07 Used time: 2:29:46 Hour(s) The scan has been done completely. 75263 Scanned directories 737111 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 737111 Files not concerned 3524 Archives were scanned 0 Warnings 0 Notes 768532 Objects were scanned with rootkit scan 52 Hidden objects were found i did do an update today w Avira before the scan... shows yesterday. I have the DDS logs as well. please let me know how to proceed. thank you!
  14. no more questions, you nailed them all! "CASE CLOSED" thanks again!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.