Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pretty sure I got a virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pretty sure I got a virus

Unread postby KillerJoe » August 13th, 2010, 12:38 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:57 PM, on 8/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9214124734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9214106781
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-qt2009 - {03947252-2355-4E9B-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
KillerJoe
Active Member
 
Posts: 4
Joined: August 13th, 2010, 12:34 am
Advertisement
Register to Remove

Re: Pretty sure I got a virus

Unread postby deltalima » August 15th, 2010, 1:20 pm

Hi KillerJoe,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Please also tell me what makes you think that you have a virus.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Unread postby KillerJoe » August 16th, 2010, 3:24 am

Spoolv i don't trust the program. Just kinda worried its allowing problem files to infect. I have a printer but the program ijpvmsvc or whatever it is doesn't sound like a legit program other than that I don't know to much about computers and wanted some insight. this website peaked my curiosity.
KillerJoe
Active Member
 
Posts: 4
Joined: August 13th, 2010, 12:34 am

Re: Pretty sure I got a virus

Unread postby deltalima » August 16th, 2010, 3:53 am

Please post the uninstall list.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Pretty sure I got a virus

Unread postby KillerJoe » August 17th, 2010, 10:12 pm

sorry, here it is.

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Ask Toolbar
Baldur's Gate(TM) II - Throne of Bhaal (TM)
BitTorrent
Canon MP Navigator EX 1.0
Canon MP210 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Diablo II
DivX Setup
Eusing Free Registry Cleaner
GameSpy Arcade
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
League of Legends
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neverwinter Nights
Norton AntiVirus
Norton Security Scan
NVIDIA Drivers
Pando Media Booster
PIXMA Extended Survey Program
QuickTax 2009
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
StarCraft
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
Warcraft III
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
KillerJoe
Active Member
 
Posts: 4
Joined: August 13th, 2010, 12:34 am

Re: Pretty sure I got a virus

Unread postby deltalima » August 18th, 2010, 3:48 am

Hi KillerJoe,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    BitTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Pretty sure I got a virus

Unread postby KillerJoe » August 20th, 2010, 1:13 am

OTL logfile created on: 8/19/2010 10:52:59 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 29.69 Gb Free Space | 39.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-KH6ISDX5E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100810.004\BHDrvx86.sys (Symantec Corporation)
DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100818.006\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100818.006\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100816.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1844237615-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2010/07/14 21:39:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/16 20:24:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/16 20:24:27 | 000,000,000 | ---D | M]

[2010/03/23 19:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/08/17 19:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejj5v28e.default\extensions
[2010/08/17 19:55:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejj5v28e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/12 22:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejj5v28e.default\extensions\toolbar@ask.com
[2010/03/23 19:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2003/03/31 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1844237615-261478967-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 9214124734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9214106781 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/21 18:16:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\baldur.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/12 22:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/03 23:38:31 | 000,068,968 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/08/03 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/08/02 15:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\MumboJumbo
[2010/07/24 18:31:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/24 18:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2010/07/24 17:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Black Isle
[2010/07/24 17:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/07/24 17:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/07/24 17:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/19 23:01:04 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/19 22:44:42 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/19 22:43:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/19 22:43:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/19 22:43:31 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 14:26:21 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/19 14:26:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/19 14:07:41 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/18 19:43:29 | 004,273,492 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/18 17:08:18 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[2010/08/13 19:30:10 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 19:13:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 19:10:07 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 19:10:07 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 19:10:07 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 22:31:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/08/07 00:32:08 | 000,000,487 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/07 00:32:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/07 00:32:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/03 23:38:31 | 000,068,968 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/08/03 23:38:06 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/27 00:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/22 20:29:08 | 000,018,544 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/22 20:27:56 | 000,077,849 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\38621_446573615756_117533210756_6037763_6038584_n.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/12 22:31:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/08/03 23:38:06 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/22 20:28:30 | 000,077,849 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\38621_446573615756_117533210756_6037763_6038584_n.jpg
[2010/07/04 17:49:21 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/01 12:31:36 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/06/28 19:08:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/07 23:45:41 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/07 23:45:41 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/07 23:45:41 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/02 22:43:50 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\ovstw2k.dll
[2010/03/25 22:45:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
< End of report >

OTL Extras logfile created on: 8/19/2010 10:52:59 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 29.69 Gb Free Space | 39.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-KH6ISDX5E
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1844237615-261478967-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58068:TCP" = 58068:TCP:*:Enabled:Pando Media Booster
"58068:UDP" = 58068:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"58068:TCP" = 58068:TCP:*:Enabled:Pando Media Booster
"58068:UDP" = 58068:UDP:*:Enabled:Pando Media Booster
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6906:TCP" = 6906:TCP:*:Enabled:League of Legends Launcher
"6906:UDP" = 6906:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\NeverwinterNights\NWN\nwmain.exe" = C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights -- (BioWare)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 1.01 -- (IGN Entertainment, Inc.)
"C:\Program Files\Black Isle\BGII - SoA\BGMain.exe" = C:\Program Files\Black Isle\BGII - SoA\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- (BioWare Corp.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- (Solid State Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NAV" = Norton AntiVirus
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"StarCraft" = StarCraft
"Warcraft III" = Warcraft III
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2010 11:56:14 PM | Computer Name = OWNER-KH6ISDX5E | Source = Application Hang | ID = 1002
Description = Hanging application DTPro.exe, version 4.36.309.160, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2010 12:23:47 PM | Computer Name = OWNER-KH6ISDX5E | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.

Error - 7/17/2010 12:29:39 PM | Computer Name = OWNER-KH6ISDX5E | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.

Error - 7/17/2010 8:01:27 PM | Computer Name = OWNER-KH6ISDX5E | Source = Application Error | ID = 1000
Description = Faulting application nwmain.exe, version 1.6.9.0, faulting module
nwmain.exe, version 1.6.9.0, fault address 0x001cb870.

Error - 7/17/2010 9:01:55 PM | Computer Name = OWNER-KH6ISDX5E | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.

Error - 7/17/2010 9:02:58 PM | Computer Name = OWNER-KH6ISDX5E | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 1704.
An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

Error - 7/17/2010 9:08:24 PM | Computer Name = OWNER-KH6ISDX5E | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb977354,
P2 1033, P3 1604, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 7/18/2010 9:35:37 PM | Computer Name = OWNER-KH6ISDX5E | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.

Error - 7/21/2010 1:18:39 PM | Computer Name = OWNER-KH6ISDX5E | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module iertutil.dll, version 8.0.6001.18923, fault address 0x0015e37e.

Error - 7/21/2010 10:02:40 PM | Computer Name = OWNER-KH6ISDX5E | Source = Application Error | ID = 1001
Description = Fault bucket 1965183114.

[ System Events ]
Error - 8/7/2010 2:13:39 AM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/7/2010 2:13:39 AM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/7/2010 2:13:39 AM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/7/2010 2:15:12 AM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/10/2010 11:01:20 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 8/10/2010 11:04:39 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/10/2010 11:04:42 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7034
Description = The PIXMA Extended Survey Program service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/10/2010 11:04:51 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/10/2010 11:06:04 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/10/2010 11:09:11 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-19 23:11:32
Windows 5.1.2600 Service Pack 3
Running: qc411m25.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxpcqpoc.sys


---- System - GMER 1.0.15 ----

SSDT 82AD5F10 ZwAlertResumeThread
SSDT 82AD5FD0 ZwAlertThread
SSDT 82B5B100 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xF67CEA00]
SSDT 82B04E90 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF6BA8210]
SSDT 829DAB78 ZwCreateMutant
SSDT 82AE1618 ZwCreateSymbolicLinkObject
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xF67CEA50]
SSDT 82A25B18 ZwDebugActiveProcess
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xF67CE720]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xF67CE7E0]
SSDT 82DEC098 ZwDuplicateObject
SSDT spzt.sys ZwEnumerateKey [0xF8636E4C]
SSDT spzt.sys ZwEnumerateValueKey [0xF86371DA]
SSDT 82B41080 ZwFreeVirtualMemory
SSDT 82AD5658 ZwImpersonateAnonymousToken
SSDT 82AD5738 ZwImpersonateThread
SSDT 82B65350 ZwLoadDriver
SSDT 82B2D1A0 ZwMapViewOfSection
SSDT 829DAAB8 ZwOpenEvent
SSDT spzt.sys ZwOpenKey [0xF861C0C0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xF67CEE10]
SSDT 82B3D0C8 ZwOpenProcessToken
SSDT 82B763B8 ZwOpenSection
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xF67CECA0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xF67CEAF0]
SSDT spzt.sys ZwQueryKey [0xF86372B2]
SSDT spzt.sys ZwQueryValueKey [0xF8637132]
SSDT 82AEA338 ZwResumeThread
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xF67CE9B0]
SSDT 8294AF60 ZwSetInformationProcess
SSDT 82B005C8 ZwSetSystemInformation
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xF67CE8C0]
SSDT 82B76498 ZwSuspendProcess
SSDT 82947A50 ZwSuspendThread
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xF67CEFB0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xF67CEB90]
SSDT 82B24A58 ZwUnmapViewOfSection
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xF67CEBE0]

INT 0x62 ? 82F70C88
INT 0x63 ? 82D10C88
INT 0x82 ? 82F70C88
INT 0xB4 ? 82D10C88

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 98 804E2704 4 Bytes JMP 2CC4F67C
.text ntoskrnl.exe!_abnormal_termination + 270 804E28DC 4 Bytes JMP B12CF67C
.text ntoskrnl.exe!_abnormal_termination + 3A0 804E2A0C 4 Bytes JMP 51AD208D
? spzt.sys The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7FD5360, 0x24BB1D, 0xE8000020]
.text USBPORT.SYS!DllUnload F7FB58AC 5 Bytes JMP 82D101D8
.text amafpl4w.SYS F7F33306 50 Bytes [00, 00, 00, 48, 03, 00, F0, ...]
.text amafpl4w.SYS F7F33339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text amafpl4w.SYS F7F33351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text amafpl4w.SYS F7F333A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text amafpl4w.SYS F7F333B4 12 Bytes [40, 00, 00, C8, 50, 41, 47, ...] {INC EAX; ADD [EAX], AL; ENTER 0x4150, 0x47; INC EBP; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 022F003A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F73308
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F864AECE] spzt.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F864AF22] spzt.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F861D3E6] spzt.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F861D90E] spzt.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F861DF9C] spzt.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F861D90E] spzt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F861D1D4] spzt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F861D116] spzt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F861E178] spzt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F861DF9C] spzt.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82D10308
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F862E976] spzt.sys
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoCreateDevice] 000AB0B6
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoDetachDevice] 09E85300
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!ExFreePoolWithTag] 850001F5
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoFreeWorkItem] EBD474C0
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoDeleteDevice] 0C75FF97
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeWaitForSingleObject] 2C57FF57
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeSetEvent] 8B55C9EB
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!ObfReferenceObject] 0C458BEC
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 2B34488B
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 00982DC1
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 99560000
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000D28BE
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlInitAnsiString] 50FEF700
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlInitUnicodeString] FED0E851
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!sprintf] 5D5EFFFF
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoFreeIrp] CC0008C2
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoCancelIrp] 51EC8B55
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAllocateIrp] FC458D56
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeInitializeEvent] 68106A50
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] 4F525044
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoInitializeTimer] F6331C6A
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IofCallDriver] 2DE85656
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] F70001F4
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoSetStartIoAttributes] F7C01BD8
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoStartPacket] FC4523D0
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!PoRequestPowerIrp] 2274C63B
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoStopTimer] 56084D8B
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoStartTimer] 40C75650
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAllocateWorkItem] F5C2D408
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] 0C4089F7
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] 89107089
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoQueueWorkItem] 30891470
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoFreeMdl] E8184889
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001F3EC
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAllocateMdl] 75FF08EB
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] FCB2E808
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!memmove] C95EFFFF
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] CC0004C2
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] FFEC8B55
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoBuildPartialMdl] 9DE80C75
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] 5DFFFFFF
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeTickCount] CC0008C2
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeBugCheckEx] 53EC8B55
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IofCompleteRequest] 08758B56
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoStartNextPacket] 5E39DB33
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 39517574
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!PoCallDriver] 4C750C5D
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 3C7E8D57
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 8B40C033
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeInitializeSpinLock] 850187CF
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!ZwClose] 333C75C0
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!MmHighestUserAddress] 40468DC9
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] C10FF041
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KeGetCurrentIrql] 5E0001F4
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KfAcquireSpinLock] C2C95B5F
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KfReleaseSpinLock] 5F380008
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KfRaiseIrql] 56227411
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KfLowerIrql] F3563A68
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] F7C31352

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F6F1F8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 82D0F1F8
Device \Driver\PCI_PNP5668 \Device\00000044 spzt.sys
Device \Driver\usbuhci \Device\USBPDO-1 82D0F1F8
Device \Driver\usbuhci \Device\USBPDO-2 82D0F1F8
Device \Driver\usbuhci \Device\USBPDO-3 82D0F1F8
Device \Driver\usbehci \Device\USBPDO-4 82CF81F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Cdrom \Device\CdRom0 82C691F8
Device \Driver\Cdrom \Device\CdRom1 82C691F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{415CC194-602D-4E4D-8081-C80EDEB86D6B} 8294A1F8
Device \Driver\Cdrom \Device\CdRom2 82C691F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8294A1F8
Device \Driver\NetBT \Device\NetbiosSmb 8294A1F8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 82D0F1F8
Device \Driver\usbuhci \Device\USBFDO-1 82D0F1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82ADE470
Device \Driver\usbehci \Device\USBFDO-2 82CF81F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82ADE470
Device \Driver\usbuhci \Device\USBFDO-3 82D0F1F8
Device \Driver\usbuhci \Device\USBFDO-4 82D0F1F8
Device \Driver\sptd \Device\842524418 spzt.sys
Device \Driver\Ftdisk \Device\FtControl 82FDE1F8
Device \Driver\amafpl4w \Device\Scsi\amafpl4w1 82CDF470
Device \Driver\amafpl4w \Device\Scsi\amafpl4w1Port2Path0Target0Lun0 82CDF470
Device \FileSystem\Cdfs \Cdfs 82116470

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFB 0x50 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x03 0xE7 0x1A 0xD1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFB 0x50 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xE0 0x11 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x50 0x7A 0x05 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x48 0x15 0xA2 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFB 0x50 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xE0 0x11 0xB8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x50 0x7A 0x05 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x48 0x15 0xA2 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
KillerJoe
Active Member
 
Posts: 4
Joined: August 13th, 2010, 12:34 am

Re: Pretty sure I got a virus

Unread postby deltalima » August 20th, 2010, 3:36 am

Hi KillerJoe,

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Ask Toolbar
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Spoolv i don't trust the program.


The program spoolsv.exe is a legitimate part of the Windows operating system.

If you still have concerns then please -

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\system32\spoolsv.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Pretty sure I got a virus

Unread postby jmw3 » August 23rd, 2010, 5:21 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware