Malware problems: Smitfraud-C.gp & W3i.IQ5.fraud

[jimjul9804]

Have scanned and spybot search & destroy found both problems on my PC. Trying to get it removed for weeks now. Took PC to Office Depot and they did a scan to see what the problem was and said it was malware. Tried Malwarebytes and no luck. I've attached the attach.txt file from the dds report and the dds report below.

Thanks,
Julie

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jim at 21:54:44 on 2012-02-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1661 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\GManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\U2VSvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\MTri1+.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Util] c:\windows\system32\Util.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{650CF2D8-0700-43D9-832D-08377C6334BC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{71EBFABE-60B5-4F98-A8C1-B4D2B14418DC} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{F8B80838-1662-451D-8A63-80D784C4917F} : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\quflwt9q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464113&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z152&install_date=20110823
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\quflwt9q.default\extensions\{495efdc3-a12c-48db-9377-c368f4cb4257}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\quflwt9q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\quflwt9q.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\jim\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-2 905336]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-8-10 11264]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-2 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-2 149624]
R2 GManager;GManager;c:\windows\system32\GManager.exe [2011-12-31 214392]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-12-25 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-18 652360]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-2 138248]
R2 U2VSvr;U2VSvr;c:\windows\system32\U2VSvr.exe [2012-1-29 199296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-16 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120217.003\IDSXpx86.sys [2012-2-17 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-18 20464]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120217.036\NAVENG.SYS [2012-2-18 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120217.036\NAVEX15.SYS [2012-2-18 1576312]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-8-21 57320]
R3 T1PExGrp;T1PExGrp;c:\windows\system32\drivers\T1PExGrp.sys [2011-12-31 30080]
R3 T1PMrGrp;T1PMrGrp;c:\windows\system32\drivers\T1PMrGrp.sys [2011-12-31 30720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-21 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-21 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 t1pusb;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb.sys [2012-1-29 141824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-18 20:13:29 -------- d-----w- c:\documents and settings\jim\application data\Malwarebytes
2012-02-18 20:13:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-18 20:13:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 20:13:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 19:03:30 -------- d-----w- c:\documents and settings\jim\application data\QuickScan
2012-02-18 19:03:05 -------- d-----w- C:\temp
2012-02-18 19:02:32 -------- d-----w- c:\program files\Office Depot PC Support Agent
2012-02-18 19:02:32 -------- d-----w- c:\program files\common files\supportsoft
2012-02-18 04:09:44 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-15 11:44:35 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 11:44:35 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 03:24:38 -------- d-----w- c:\windows\system32\msmq
2012-02-15 03:24:37 -------- d-----w- C:\Inetpub
2012-02-13 02:36:20 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-13 02:36:20 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-13 02:36:20 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-13 02:36:20 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-03 03:02:49 388216 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdi.sys
2012-02-03 03:02:49 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
2012-02-03 03:02:48 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
2012-02-03 03:02:47 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
2012-02-03 03:02:46 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
2012-02-03 03:02:46 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
2012-02-03 03:02:45 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
2012-02-03 03:02:45 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
2012-02-03 03:02:44 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
2012-02-03 03:01:16 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
2012-02-03 03:01:16 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
2012-01-30 02:45:43 -------- d-----w- c:\program files\MCT Corp
2012-01-30 01:40:52 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2012-02-03 03:03:30 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-03 03:03:30 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 21:55:31.64 ===============

[diver79]

Hi and welcome to Safer-Networking, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.

• The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
• Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?

Looking into your logs now. Will post instructions soon...

diver79.

[diver79]

Hi jimjul9804,

Re: Microsoft Office Professional Plus 2010
Can you tell me how this came to be installed on your computer?

Looking into your logs, will post instructions after I receive your reply.

diver79.

[jimjul9804]

I work for Dr Pepper Snapple Group and we had the option of purchasing the software at a discount for home use. I received my copy and installed it.

[jimjul9804]

Since I'm not concerned about the actual computer I didn't do a backup like you said. I just wanted to save my files on my computer in case I lost them. That's all I'm concerned about and that's been done. If what we do doesn't fix it I'll probably just format the hard drive anyway and re install everything. So, now the balls in your court.

[jimjul9804]

Let me correct myself........I do care about the computer and it working. This computer was built from scratch and we don't have the disk for the operating system. If I end up reformating the hard drive I will have to go purchase an operating system. So, if I can save the computer I would rather do that than go purchase the operating system. Hope that makes better sense.

[diver79]

Hi jimjul9804,

Not to worry, I will do everything I can to try and remove the infection.


aswMBR Scan
Please download aswMBR and save it to your Desktop.

• Right click aswMBR.exe & choose "Run as Administrator" to run it.
• Click Yes to the prompt to download Avast! virus definitions.
  (Please be patient whilst the virus definitions download)
• With the AVscan set to Quick Scan, click the Scan button.
  (Please be patient whilst your computer is scanned.)
• After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
• Click OK > Exit.
• Note: Do not attempt to fix anything at this stage!
• Two files will be created, aswMBR.txt & a file named MBR.dat.
• MBR.dat is a backup of the MBR(master boot record), do not delete it..
• I strongly suggest you keep a copy of this backup stored on an external device.
• Copy & Paste the contents of aswMBR.txt into your next reply.

TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.

• Right click on TDSSKiller.exe and select Run as Administrator to launch it.
• Click on Start Scan, the scan will run.
• When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
• Now click on Report to open the log file created by TDSSKiller in your root directory C:\
• To find the log go to Start > Computer > C:
• Post the contents of that log in your next reply please.
• DO NOT TRY TO FIX ANYTHING AT THIS POINT

[jimjul9804]

I don't remember the administrator password to my computer but it also shows me as the administrator. I ran the scan under that profile.




aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 18:39:38
-----------------------------
18:39:38.171 OS Version: Windows 5.1.2600 Service Pack 3
18:39:38.171 Number of processors: 2 586 0x605
18:39:38.171 ComputerName: WICKED UserName: Jim
18:39:39.578 Initialize success
18:41:45.078 AVAST engine defs: 12022301
18:42:02.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
18:42:02.296 Disk 0 Vendor: WDC_WD5000AACS-00G8B1 05.04C05 Size: 476940MB BusType: 3
18:42:02.328 Disk 0 MBR read successfully
18:42:02.328 Disk 0 MBR scan
18:42:02.328 Disk 0 Windows XP default MBR code
18:42:02.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
18:42:02.343 Disk 0 scanning sectors +976768065
18:42:02.406 Disk 0 scanning C:\WINDOWS\system32\drivers
18:42:09.593 Service scanning
18:42:25.078 Modules scanning
18:42:34.968 Disk 0 trace - called modules:
18:42:34.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
18:42:34.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab0aab8]
18:42:34.984 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x8ab5c358]
18:42:34.984 5 xfilt.sys[b8341026] -> nt!IofCallDriver -> \Device\00000079[0x8ab1fe20]
18:42:34.984 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8aaa9d98]
18:42:35.812 AVAST engine scan C:\WINDOWS
18:42:45.312 AVAST engine scan C:\WINDOWS\system32
18:45:39.796 AVAST engine scan C:\WINDOWS\system32\drivers
18:46:10.500 AVAST engine scan C:\Documents and Settings\Jim
18:56:15.781 AVAST engine scan C:\Documents and Settings\All Users
19:00:30.187 Scan finished successfully
19:01:01.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jim\Desktop\MBR.dat"
19:01:01.515 The log file has been saved successfully to "C:\Documents and Settings\Jim\Desktop\aswMBR.txt"

[jimjul9804]

Here's the other scan you requested.




19:08:05.0703 1008 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
19:08:06.0843 1008 ============================================================
19:08:06.0843 1008 Current date / time: 2012/02/23 19:08:06.0843
19:08:06.0843 1008 SystemInfo:
19:08:06.0843 1008
19:08:06.0843 1008 OS Version: 5.1.2600 ServicePack: 3.0
19:08:06.0843 1008 Product type: Workstation
19:08:06.0843 1008 ComputerName: WICKED
19:08:06.0843 1008 UserName: Jim
19:08:06.0843 1008 Windows directory: C:\WINDOWS
19:08:06.0843 1008 System windows directory: C:\WINDOWS
19:08:06.0843 1008 Processor architecture: Intel x86
19:08:06.0843 1008 Number of processors: 2
19:08:06.0843 1008 Page size: 0x1000
19:08:06.0843 1008 Boot type: Normal boot
19:08:06.0843 1008 ============================================================
19:08:10.0062 1008 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:08:10.0078 1008 Drive \Device\Harddisk1\DR2 - Size: 0x3F580000 (0.99 Gb), SectorSize: 0x200, Cylinders: 0x81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:08:10.0078 1008 \Device\Harddisk0\DR0:
19:08:10.0078 1008 MBR used
19:08:10.0078 1008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:08:10.0078 1008 \Device\Harddisk1\DR2:
19:08:10.0078 1008 MBR used
19:08:10.0078 1008 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1FA721
19:08:10.0109 1008 Initialize success
19:08:10.0109 1008 ============================================================
19:08:27.0828 2440 ============================================================
19:08:27.0828 2440 Scan started
19:08:27.0828 2440 Mode: Manual;
19:08:27.0828 2440 ============================================================
19:08:28.0421 2440 Abiosdsk - ok
19:08:28.0453 2440 abp480n5 - ok
19:08:28.0515 2440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:08:28.0515 2440 ACPI - ok
19:08:28.0546 2440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:08:28.0546 2440 ACPIEC - ok
19:08:28.0578 2440 adpu160m - ok
19:08:28.0640 2440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:08:28.0640 2440 aec - ok
19:08:28.0687 2440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:08:28.0687 2440 AFD - ok
19:08:28.0703 2440 Aha154x - ok
19:08:28.0734 2440 aic78u2 - ok
19:08:28.0765 2440 aic78xx - ok
19:08:28.0906 2440 ALCXWDM (fcb505a7fa9dd4b8b98064792fd038a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:08:28.0984 2440 ALCXWDM - ok
19:08:29.0046 2440 AliIde - ok
19:08:29.0062 2440 amsint - ok
19:08:29.0109 2440 asc - ok
19:08:29.0140 2440 asc3350p - ok
19:08:29.0171 2440 asc3550 - ok
19:08:29.0250 2440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:08:29.0250 2440 AsyncMac - ok
19:08:29.0281 2440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:08:29.0281 2440 atapi - ok
19:08:29.0296 2440 Atdisk - ok
19:08:29.0328 2440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:08:29.0343 2440 Atmarpc - ok
19:08:29.0390 2440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:08:29.0390 2440 audstub - ok
19:08:29.0453 2440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:08:29.0453 2440 Beep - ok
19:08:29.0546 2440 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
19:08:29.0578 2440 BHDrvx86 - ok
19:08:29.0640 2440 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
19:08:29.0656 2440 BLKWGU(Belkin) - ok
19:08:29.0718 2440 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\WINDOWS\system32\Drivers\SPCA561.SYS
19:08:29.0718 2440 CA561 - ok
19:08:29.0750 2440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:08:29.0750 2440 cbidf2k - ok
19:08:29.0781 2440 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:08:29.0781 2440 CCDECODE - ok
19:08:29.0843 2440 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys
19:08:29.0843 2440 ccSet_NIS - ok
19:08:29.0859 2440 cd20xrnt - ok
19:08:29.0906 2440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:08:29.0906 2440 Cdaudio - ok
19:08:29.0953 2440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:08:29.0953 2440 Cdfs - ok
19:08:29.0984 2440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:08:29.0984 2440 Cdrom - ok
19:08:30.0000 2440 Changer - ok
19:08:30.0093 2440 CmdIde - ok
19:08:30.0156 2440 Cpqarray - ok
19:08:30.0203 2440 dac2w2k - ok
19:08:30.0234 2440 dac960nt - ok
19:08:30.0296 2440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:08:30.0296 2440 Disk - ok
19:08:30.0375 2440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:08:30.0406 2440 dmboot - ok
19:08:30.0421 2440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:08:30.0421 2440 dmio - ok
19:08:30.0453 2440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:08:30.0453 2440 dmload - ok
19:08:30.0515 2440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:08:30.0531 2440 DMusic - ok
19:08:30.0562 2440 dpti2o - ok
19:08:30.0593 2440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:08:30.0593 2440 drmkaud - ok
19:08:30.0671 2440 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:08:30.0687 2440 eeCtrl - ok
19:08:30.0734 2440 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:08:30.0734 2440 EraserUtilRebootDrv - ok
19:08:30.0796 2440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:08:30.0812 2440 Fastfat - ok
19:08:30.0843 2440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:08:30.0843 2440 Fdc - ok
19:08:30.0875 2440 FET5X86V (263f2507788917ab54c4ab8bc740f290) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
19:08:30.0875 2440 FET5X86V - ok
19:08:30.0921 2440 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
19:08:30.0921 2440 FETNDIS - ok
19:08:30.0953 2440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:08:30.0953 2440 Fips - ok
19:08:30.0968 2440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:08:30.0968 2440 Flpydisk - ok
19:08:31.0015 2440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:08:31.0015 2440 FltMgr - ok
19:08:31.0062 2440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:08:31.0062 2440 Fs_Rec - ok
19:08:31.0093 2440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:08:31.0093 2440 Ftdisk - ok
19:08:31.0140 2440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:08:31.0140 2440 Gpc - ok
19:08:31.0203 2440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:08:31.0203 2440 HDAudBus - ok
19:08:31.0265 2440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:08:31.0265 2440 HidUsb - ok
19:08:31.0296 2440 hpn - ok
19:08:31.0343 2440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:08:31.0359 2440 HTTP - ok
19:08:31.0390 2440 i2omgmt - ok
19:08:31.0406 2440 i2omp - ok
19:08:31.0468 2440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:08:31.0468 2440 i8042prt - ok
19:08:31.0578 2440 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120222.002\IDSxpx86.sys
19:08:31.0578 2440 IDSxpx86 - ok
19:08:31.0609 2440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:08:31.0609 2440 Imapi - ok
19:08:31.0656 2440 ini910u - ok
19:08:31.0703 2440 IntelIde - ok
19:08:31.0750 2440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:08:31.0750 2440 intelppm - ok
19:08:31.0765 2440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:08:31.0765 2440 Ip6Fw - ok
19:08:31.0796 2440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:08:31.0812 2440 IpFilterDriver - ok
19:08:31.0828 2440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:08:31.0828 2440 IpInIp - ok
19:08:31.0859 2440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:08:31.0875 2440 IpNat - ok
19:08:31.0906 2440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:08:31.0906 2440 IPSec - ok
19:08:31.0968 2440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:08:31.0968 2440 IRENUM - ok
19:08:32.0031 2440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:08:32.0031 2440 isapnp - ok
19:08:32.0078 2440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:08:32.0078 2440 Kbdclass - ok
19:08:32.0109 2440 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:08:32.0109 2440 kbdhid - ok
19:08:32.0156 2440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:08:32.0156 2440 kmixer - ok
19:08:32.0187 2440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:08:32.0187 2440 KSecDD - ok
19:08:32.0250 2440 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:08:32.0250 2440 LBeepKE - ok
19:08:32.0281 2440 lbrtfdc - ok
19:08:32.0343 2440 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:08:32.0343 2440 LHidFilt - ok
19:08:32.0421 2440 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:08:32.0421 2440 MBAMProtector - ok
19:08:32.0484 2440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:08:32.0484 2440 mnmdd - ok
19:08:32.0546 2440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:08:32.0546 2440 Modem - ok
19:08:32.0562 2440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:08:32.0562 2440 Mouclass - ok
19:08:32.0609 2440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:08:32.0609 2440 mouhid - ok
19:08:32.0640 2440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:08:32.0640 2440 MountMgr - ok
19:08:32.0656 2440 mraid35x - ok
19:08:32.0703 2440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:08:32.0703 2440 MRxDAV - ok
19:08:32.0765 2440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:08:32.0781 2440 MRxSmb - ok
19:08:32.0843 2440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:08:32.0843 2440 Msfs - ok
19:08:32.0906 2440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:08:32.0906 2440 MSKSSRV - ok
19:08:32.0953 2440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:08:32.0953 2440 MSPCLOCK - ok
19:08:32.0984 2440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:08:32.0984 2440 MSPQM - ok
19:08:33.0015 2440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:08:33.0015 2440 mssmbios - ok
19:08:33.0046 2440 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:08:33.0062 2440 MSTEE - ok
19:08:33.0078 2440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:08:33.0078 2440 Mup - ok
19:08:33.0125 2440 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:08:33.0125 2440 NABTSFEC - ok
19:08:33.0234 2440 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120223.001\NAVENG.SYS
19:08:33.0250 2440 NAVENG - ok
19:08:33.0296 2440 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120223.001\NAVEX15.SYS
19:08:33.0343 2440 NAVEX15 - ok
19:08:33.0390 2440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:08:33.0390 2440 NDIS - ok
19:08:33.0437 2440 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:08:33.0437 2440 NdisIP - ok
19:08:33.0468 2440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:08:33.0468 2440 NdisTapi - ok
19:08:33.0500 2440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:08:33.0500 2440 Ndisuio - ok
19:08:33.0531 2440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:08:33.0531 2440 NdisWan - ok
19:08:33.0562 2440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:08:33.0562 2440 NDProxy - ok
19:08:33.0593 2440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:08:33.0593 2440 NetBIOS - ok
19:08:33.0656 2440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:08:33.0656 2440 NetBT - ok
19:08:33.0765 2440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:08:33.0765 2440 Npfs - ok
19:08:33.0828 2440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:08:33.0843 2440 Ntfs - ok
19:08:33.0906 2440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:08:33.0906 2440 Null - ok
19:08:34.0171 2440 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:08:34.0359 2440 nv - ok
19:08:34.0406 2440 NVHDA (93187e98df4b8fe95d1c058601764c75) C:\WINDOWS\system32\drivers\nvhda32.sys
19:08:34.0406 2440 NVHDA - ok
19:08:34.0453 2440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:08:34.0453 2440 NwlnkFlt - ok
19:08:34.0468 2440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:08:34.0468 2440 NwlnkFwd - ok
19:08:34.0562 2440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:08:34.0562 2440 Parport - ok
19:08:34.0578 2440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:08:34.0593 2440 PartMgr - ok
19:08:34.0625 2440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:08:34.0625 2440 ParVdm - ok
19:08:34.0640 2440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:08:34.0640 2440 PCI - ok
19:08:34.0671 2440 PCIDump - ok
19:08:34.0703 2440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:08:34.0703 2440 PCIIde - ok
19:08:34.0750 2440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:08:34.0750 2440 Pcmcia - ok
19:08:34.0765 2440 PDCOMP - ok
19:08:34.0796 2440 PDFRAME - ok
19:08:34.0828 2440 PDRELI - ok
19:08:34.0859 2440 PDRFRAME - ok
19:08:34.0890 2440 perc2 - ok
19:08:34.0921 2440 perc2hib - ok
19:08:35.0046 2440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:08:35.0046 2440 PptpMiniport - ok
19:08:35.0109 2440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:08:35.0109 2440 PSched - ok
19:08:35.0140 2440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:08:35.0140 2440 Ptilink - ok
19:08:35.0156 2440 ql1080 - ok
19:08:35.0187 2440 Ql10wnt - ok
19:08:35.0218 2440 ql12160 - ok
19:08:35.0250 2440 ql1240 - ok
19:08:35.0265 2440 ql1280 - ok
19:08:35.0312 2440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:08:35.0312 2440 RasAcd - ok
19:08:35.0359 2440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:08:35.0359 2440 Rasl2tp - ok
19:08:35.0390 2440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:08:35.0406 2440 RasPppoe - ok
19:08:35.0421 2440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:08:35.0421 2440 Raspti - ok
19:08:35.0468 2440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:08:35.0468 2440 Rdbss - ok
19:08:35.0500 2440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:08:35.0500 2440 RDPCDD - ok
19:08:35.0578 2440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:08:35.0593 2440 rdpdr - ok
19:08:35.0656 2440 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:08:35.0656 2440 RDPWD - ok
19:08:35.0703 2440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:08:35.0703 2440 redbook - ok
19:08:35.0843 2440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:08:35.0843 2440 Secdrv - ok
19:08:35.0906 2440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:08:35.0906 2440 serenum - ok
19:08:35.0937 2440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:08:35.0937 2440 Serial - ok
19:08:36.0046 2440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:08:36.0046 2440 Sfloppy - ok
19:08:36.0093 2440 Simbad - ok
19:08:36.0125 2440 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:08:36.0125 2440 SLIP - ok
19:08:36.0171 2440 Sparrow - ok
19:08:36.0218 2440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:08:36.0218 2440 splitter - ok
19:08:36.0281 2440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:08:36.0296 2440 sr - ok
19:08:36.0390 2440 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NIS\1305000.091\SRTSP.SYS
19:08:36.0390 2440 SRTSP - ok
19:08:36.0421 2440 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS
19:08:36.0421 2440 SRTSPX - ok
19:08:36.0453 2440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:08:36.0468 2440 Srv - ok
19:08:36.0531 2440 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:08:36.0531 2440 streamip - ok
19:08:36.0562 2440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:08:36.0562 2440 swenum - ok
19:08:36.0578 2440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:08:36.0593 2440 swmidi - ok
19:08:36.0625 2440 symc810 - ok
19:08:36.0656 2440 symc8xx - ok
19:08:36.0703 2440 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS
19:08:36.0718 2440 SymDS - ok
19:08:36.0750 2440 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS
19:08:36.0781 2440 SymEFA - ok
19:08:36.0812 2440 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:08:36.0812 2440 SymEvent - ok
19:08:36.0843 2440 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS
19:08:36.0859 2440 SymIRON - ok
19:08:36.0906 2440 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1305000.091\SYMTDI.SYS
19:08:36.0906 2440 SYMTDI - ok
19:08:36.0921 2440 sym_hi - ok
19:08:36.0953 2440 sym_u3 - ok
19:08:37.0000 2440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:08:37.0000 2440 sysaudio - ok
19:08:37.0046 2440 T1PExGrp (cb587873fb4f91c192806a602fe35227) C:\WINDOWS\system32\drivers\T1PExGrp.sys
19:08:37.0046 2440 T1PExGrp - ok
19:08:37.0078 2440 T1PMrGrp (ac930b97ed3e46f09ef83bfb6944e8c9) C:\WINDOWS\system32\drivers\T1PMrGrp.sys
19:08:37.0078 2440 T1PMrGrp - ok
19:08:37.0109 2440 t1pusb (00605ccf9e51ff2e2fca7d17278e6411) C:\WINDOWS\system32\drivers\t1pusb.sys
19:08:37.0125 2440 t1pusb - ok
19:08:37.0156 2440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:08:37.0171 2440 Tcpip - ok
19:08:37.0203 2440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:08:37.0203 2440 TDPIPE - ok
19:08:37.0234 2440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:08:37.0234 2440 TDTCP - ok
19:08:37.0265 2440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:08:37.0265 2440 TermDD - ok
19:08:37.0328 2440 TosIde - ok
19:08:37.0421 2440 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
19:08:37.0421 2440 uagp35 - ok
19:08:37.0453 2440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:08:37.0453 2440 Udfs - ok
19:08:37.0484 2440 ultra - ok
19:08:37.0515 2440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:08:37.0531 2440 Update - ok
19:08:37.0593 2440 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:08:37.0593 2440 usbaudio - ok
19:08:37.0625 2440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:08:37.0625 2440 usbccgp - ok
19:08:37.0640 2440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:08:37.0640 2440 usbehci - ok
19:08:37.0671 2440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:08:37.0687 2440 usbhub - ok
19:08:37.0718 2440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:08:37.0718 2440 usbprint - ok
19:08:37.0765 2440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:08:37.0765 2440 usbscan - ok
19:08:37.0796 2440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:08:37.0796 2440 USBSTOR - ok
19:08:37.0828 2440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:08:37.0828 2440 usbuhci - ok
19:08:37.0843 2440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:08:37.0843 2440 VgaSave - ok
19:08:37.0890 2440 viagfx (72f4ba0dd4081a0f86c6a1f3d7bb9417) C:\WINDOWS\system32\DRIVERS\vtmini.sys
19:08:37.0906 2440 viagfx - ok
19:08:37.0921 2440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:08:37.0921 2440 ViaIde - ok
19:08:37.0953 2440 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
19:08:37.0953 2440 videX32 - ok
19:08:37.0984 2440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:08:37.0984 2440 VolSnap - ok
19:08:38.0062 2440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:08:38.0062 2440 Wanarp - ok
19:08:38.0109 2440 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:08:38.0109 2440 Wdf01000 - ok
19:08:38.0125 2440 WDICA - ok
19:08:38.0187 2440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:08:38.0187 2440 wdmaud - ok
19:08:38.0406 2440 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:08:38.0406 2440 WSTCODEC - ok
19:08:38.0453 2440 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys
19:08:38.0453 2440 xfilt - ok
19:08:38.0515 2440 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
19:08:38.0531 2440 ZDPSp50 - ok
19:08:38.0640 2440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:08:38.0781 2440 \Device\Harddisk0\DR0 - ok
19:08:38.0796 2440 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
19:08:38.0796 2440 \Device\Harddisk1\DR2 - ok
19:08:38.0828 2440 Boot (0x1200) (60045179ffcc6776ff893dae2edc55eb) \Device\Harddisk0\DR0\Partition0
19:08:38.0828 2440 \Device\Harddisk0\DR0\Partition0 - ok
19:08:38.0843 2440 Boot (0x1200) (c0c2a2003df0ff2503fa11852d3cc57d) \Device\Harddisk1\DR2\Partition0
19:08:38.0843 2440 \Device\Harddisk1\DR2\Partition0 - ok
19:08:38.0859 2440 ============================================================
19:08:38.0859 2440 Scan finished
19:08:38.0859 2440 ============================================================
19:08:38.0906 0836 Detected object count: 0
19:08:38.0906 0836 Actual detected object count: 0

[diver79]

Hi Julie,

don't remember the administrator password to my computer but it also shows me as the administrator. I ran the scan under that profile.

My apologies, those instructions relate to Windows 7 which you do not have.

Both scans came back clear, so it does not look like you have a rootkit.

Apart from the Spybot scan have you had any other symptoms of infection (search redirects etc.)?

Lets see what OTL finds.

OTL Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.