Like some kind of MORON I failed to follow my own advice, clicked a link in Facebook and found Bill103 running as a process in Process Explorer. I killed the process, followed the instructions from some posts I was able to look at from another computer, removed the Bill103 file from registry, deleted all temp. internet files (here is the link if you want exact specifics of what instructions I followed: http://www.wilderssecurity.com/showthread.php?p=1632221 )... I also ran a script with Avenger from another post ( http://www.myantispyware.com/2009/11/22 ... face-worm/ ) to remove all occurrence of Koobace worm. I tried to follow the instructions to run Malwarebyte's Anti-Malware program, & although it did install, it will not update. My AVG Anti-virus will not update either, gives me the message "the update control file is missing ". If that is not enough, Any search or attempt to load web-pages w/Firefox are an exercise in futility... I am continuously redirected to random pages.
Sorry if this is too much info, I just wanted to let you know the specifics.
Here are the new logs requested, in two posts as there are too many characters for one post:
HIJACKTHIS - 03.30.2010:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:10 PM, on 3/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\PROCESS EXPLORER V.11.33\PROCEXP V.11.33.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Create 5\pdfcreate5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Create 5\RegistryController.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Directory Opus.lnk = C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\WINDOWS\system32\\AstSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
--
End of file - 12389 bytes
1st UNINSTALL LIST - 03.30.2010
µTorrent
ACDSee
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advertising Center
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ASCOM Platform 4.1
ASUS Features
ASUS Probe V2.19.00
AsusUpdate
Avance AC'97 Audio
AVG Free 9.0
Belkin Bulldog Plus
Brother HL-5040
C-Dilla Licence Management System
CFA's DizNfo
ClassicPro© v1.14
Copernic Agent Professional
Corel Applications
CPUID CPU-Z 1.53.1
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
DFX for Winamp
Diskeeper 2010 Pro Premier
DolbyFiles
Dragon NaturallySpeaking 10
GPSoftware Directory Opus
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Photo Printing Software
HP Precisionscan Pro 3.1
ID3-TagIT 3
Intel Application Accelerator
Java(TM) 6 Update 18
Learning Essentials for Microsoft Office
Lernout & Hauspie TruVoice American English TTS Engine
Libronix Digital Library System
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Math
Microsoft Office 2003 Proofing Tools
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Morris Proctor Seminars Quick Files for Libronix
Movie Templates - Starter Kit
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
NetObjects Fusion 5.0
Nuance OmniPage 17
Nuance PDF Create! 5
NVIDIA Drivers
O&O Defrag Professional
Oxford English Dictionary
Quicken 2010
QuickTime
QuickTime
SATARaid
ScanSoft PaperPort 11
Scripture Memory System
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SiSoftware Sandra Professional Business 2010
Snagit 9.1.2
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Starry Night Pro Plus 6
System Requirements Lab
TreeSize Professional 5.3.1
True Internet Color
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB973687)
UPS Power Management for Windows 2000
Visual C++ Runtime for Dragon NaturallySpeaking
Voice Editor
WhiteCap
Winamp
Winamp Essentials Pack
Winamp Remote
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
WinZip 14.0
ZENcast Organizer
1st DDS LOG - 03.30.2010
DDS (Ver_10-03-17.01) - NTFSx86
Run by J. Anthony Hansen at 19:13:50.85 on Tue 03/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.688 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\svchost.exe -k tapisrvs
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\PROCESS EXPLORER V.11.33\PROCEXP V.11.33.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\J. Anthony Hansen\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = res://c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files\copernic agent\CopernicAgentExt.dll
EB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf create 5\pdfcreate5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create 5\RegistryController.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UPS-Status] c:\program files\belkin bulldog plus\UPS-Status.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\direct~1.lnk - c:\program files\gpsoftware\directory opus\dopus.exe
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truein~1.lnk - c:\program files\e-color\true internet color\TICIcon.exe
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
IFEO: taskmgr.exe - "c:\program files\process explorer v.11.33\PROCEXP V.11.33.EXE"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\j6884~1.ant\applic~1\mozilla\firefox\profiles\qb9fynsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [2010-1-27 84529]
R1 apto6ko;BIOS Service PostAgent;c:\windows\system32\drivers\imapioko.sys [2009-4-22 32768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-16 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-16 242696]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2010-1-28 57344]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 cpqoko6;Mass Driver Sentinel Service Call Browser Device Packet;c:\windows\system32\svchost.exe -k tapisrvs [2008-4-14 14336]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-10 12672]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-2-3 41120]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2010\RpcAgentSrv.exe [2010-2-1 93336]
============== File Associations ===============
scrfile="%1" /S "%3"
.txt=Text
=============== Created Last 30 ================
2010-03-31 02:07:09 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\AVG9
2010-03-18 21:12:24 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-03-14 23:23:19 0 d-----w- c:\program files\Trend Micro
2010-03-14 22:36:10 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\Malwarebytes
2010-03-14 22:36:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 22:36:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 22:36:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 22:36:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-14 22:30:05 15470 ----a-w- C:\backup.reg
2010-03-14 20:46:46 1 ----a-w- c:\windows\ligh
2010-03-12 16:53:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 05:05:31 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-11 05:05:30 0 d-----w- c:\program files\CPUID
2010-03-04 01:45:31 0 d-----w- c:\program files\uTorrent
2010-03-04 01:45:06 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\uTorrent
==================== Find3M ====================
2010-03-12 16:53:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 16:52:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-11 05:35:32 180222 ----a-w- c:\windows\Morris Proctor Seminars Quick Files for Libronix Uninstaller.exe
2010-01-28 02:03:32 876803 ----a-w- c:\windows\system32\ASUS Features.scr
2010-01-27 22:54:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 11:02:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-14 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 12:00:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:00:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 12:00:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 12:00:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 12:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
============= FINISH: 19:14:30.03 ===============
1st ATTACH LOG - 03.30.2010
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2010 3:08:20 AM
System Uptime: 3/30/2010 11:22:08 AM (8 hours ago)
Motherboard: ASUSTeK Computer INC. | | P4G8X
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | PGA 478 | 2533/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 74.522 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 29.456 GiB free.
E: is FIXED (NTFS) - 56 GiB total, 55.478 GiB free.
F: is FIXED (NTFS) - 112 GiB total, 24.07 GiB free.
Y: is CDROM ()
Z: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP89: 2/16/2010 2:04:15 PM - Avg8 Update
RP90: 2/18/2010 11:05:50 AM - System Checkpoint
RP91: 2/19/2010 11:51:53 AM - System Checkpoint
RP92: 2/19/2010 6:35:31 PM - Installed Creative ZEN Vision M Series
RP93: 2/19/2010 7:09:37 PM - Installed Creative MediaSource 5
RP94: 2/19/2010 7:35:07 PM - Installed Windows Media Player 11
RP95: 2/19/2010 7:35:29 PM - Installed Windows XP Wudf01000.
RP96: 2/19/2010 7:37:18 PM - Installed Windows XP MSCompPackV1.
RP97: 2/20/2010 7:28:36 PM - Software Distribution Service 3.0
RP98: 2/21/2010 8:14:19 PM - System Checkpoint
RP99: 2/22/2010 8:46:45 PM - System Checkpoint
RP100: 2/23/2010 10:42:04 PM - System Checkpoint
RP101: 2/24/2010 9:39:16 PM - Software Distribution Service 3.0
RP102: 2/25/2010 10:45:50 PM - System Checkpoint
RP103: 2/26/2010 11:29:23 PM - System Checkpoint
RP104: 2/28/2010 12:29:23 AM - System Checkpoint
RP105: 3/1/2010 12:30:28 AM - System Checkpoint
RP106: 3/2/2010 10:57:32 AM - System Checkpoint
RP107: 3/3/2010 7:28:52 PM - System Checkpoint
RP108: 3/4/2010 8:32:10 PM - System Checkpoint
RP109: 3/5/2010 9:03:36 PM - System Checkpoint
RP110: 3/6/2010 9:27:40 PM - System Checkpoint
RP111: 3/7/2010 9:37:36 PM - System Checkpoint
RP112: 3/8/2010 9:52:05 PM - System Checkpoint
RP113: 3/9/2010 11:49:14 PM - System Checkpoint
RP114: 3/11/2010 12:38:51 AM - System Checkpoint
RP115: 3/11/2010 7:24:23 AM - Software Distribution Service 3.0
RP116: 3/12/2010 7:53:22 AM - System Checkpoint
RP117: 3/12/2010 8:51:08 AM - Avg8 Update
RP118: 3/12/2010 8:53:20 AM - Avg Update
RP119: 3/13/2010 9:28:46 AM - System Checkpoint
RP120: 3/14/2010 11:28:46 AM - System Checkpoint
RP121: 3/15/2010 11:38:41 AM - System Checkpoint
RP122: 3/16/2010 8:01:17 PM - System Checkpoint
RP123: 3/17/2010 8:40:36 PM - System Checkpoint
RP124: 3/18/2010 8:42:44 PM - System Checkpoint
RP125: 3/19/2010 9:11:20 PM - System Checkpoint
RP126: 3/20/2010 9:33:26 PM - System Checkpoint
RP127: 3/21/2010 10:53:04 PM - System Checkpoint
RP128: 3/22/2010 11:49:57 PM - System Checkpoint
RP129: 3/24/2010 1:06:33 AM - System Checkpoint
RP130: 3/25/2010 1:15:42 AM - System Checkpoint
RP131: 3/26/2010 1:25:48 AM - System Checkpoint
RP132: 3/27/2010 1:40:24 AM - System Checkpoint
RP133: 3/28/2010 2:25:47 AM - System Checkpoint
RP134: 3/29/2010 2:47:48 AM - System Checkpoint
RP135: 3/30/2010 3:39:15 AM - System Checkpoint
==== Installed Programs ======================
µTorrent
ACDSee
ACT!
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advertising Center
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ASCOM Platform 4.1
ASUS Features
ASUS Probe V2.19.00
AsusUpdate
Avance AC'97 Audio
AVG Free 9.0
Batch Update
Belkin Bulldog Plus
Bible Data Type System Files
Brother HL-5040
C-Dilla Licence Management System
CFA's DizNfo
ClassicPro© v1.14
Clause Visualizer
Common System Files
Copernic Agent Professional
Corel Applications
CPUID CPU-Z 1.53.1
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
DFX for Winamp
Diskeeper 2010 Pro Premier
DolbyFiles
Dragon NaturallySpeaking 10
GPSoftware Directory Opus
Graphical Query Editor
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Photo Printing Software
HP Precisionscan Pro 3.1
ID3-TagIT 3
ImagXpress
Intel Application Accelerator
Java Auto Updater
Java(TM) 6 Update 18
Learning Essentials for Microsoft Office
Lernout & Hauspie TruVoice American English TTS Engine
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LLS Resource Driver
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
MetaStock 11.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Math
Microsoft Office 2003 Proofing Tools
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Morris Proctor Seminars Quick Files for Libronix
Movie Templates - Starter Kit
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
NetObjects Fusion 5.0
Nuance OmniPage 17
Nuance PDF Create! 5
NVIDIA Drivers
O&O Defrag Professional
OEB Resource Driver
Oxford English Dictionary
PDF Resource Driver
Quicken 2010
QuickTime
SATARaid
ScanSoft PaperPort 11
Scansoft PDF Create
Scripture Memory System
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sentence Diagramming
SiSoftware Sandra Professional Business 2010
Snagit 9.1.2
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Starry Night Pro Plus 6
System Requirements Lab
TreeSize Professional 5.3.1
True Internet Color
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB973687)
UPS Power Management for Windows 2000
Video Resource Driver
Visual C++ Runtime for Dragon NaturallySpeaking
Voice Editor
WebFldrs XP
WhiteCap
Winamp
Winamp Application Detect
Winamp Essentials Pack
Winamp Remote
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip 14.0
Z 39.50 Library
ZENcast Organizer
==== Event Viewer Messages From Past Week ========
3/30/2010 7:40:07 AM, error: PlugPlayManager [12] - The device 'Maxtor 4G120J6' (IDE\DiskMaxtor_4G120J6__________________________GAK819K0\5&e088e23&0&0.0.0) disappeared from the system without first being prepared for removal.
3/24/2010 4:01:15 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
3/24/2010 3:58:19 PM, error: Service Control Manager [7031] - The Mass Driver Sentinel Service Call Browser Device Packet service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2010 3:02:11 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
3/24/2010 3:02:04 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
3/24/2010 3:02:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/24/2010 12:32:16 AM, error: IdeChnDr [9] - The device, \Device\Ide\IdeDeviceP1T0L0, did not respond within the timeout period.
==== End Of File ===========================
GMER LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-30 21:34:58
Windows 5.1.2600 Service Pack 3
Running: GMER v 1.0.15.15281.exe; Driver: C:\DOCUME~1\J6884~1.ANT\LOCALS~1\Temp\awrdipob.sys
---- System - GMER 1.0.15 ----
SSDT spha.sys ZwCreateKey [0xF771B0E0]
SSDT spha.sys ZwEnumerateKey [0xF7733DA4]
SSDT spha.sys ZwEnumerateValueKey [0xF7734132]
SSDT spha.sys ZwOpenKey [0xF771B0C0]
SSDT spha.sys ZwQueryKey [0xF773420A]
SSDT spha.sys ZwQueryValueKey [0xF773408A]
SSDT spha.sys ZwSetValueKey [0xF773429C]
INT 0x62 ? 8676CBF8
INT 0x63 ? 867DBBF8
INT 0x73 ? 867DBBF8
INT 0x82 ? 8676CBF8
INT 0x84 ? 85D7ABF8
INT 0x94 ? 85D7ABF8
INT 0xA4 ? 85D7ABF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 169 804E27D5 3 Bytes [3D, 73, F7]
? spha.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6E698AC 5 Bytes JMP 85D7A1D8
.text a3afir6q.SYS F6984386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a3afir6q.SYS F69843AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a3afir6q.SYS F69843C4 3 Bytes [00, 80, 02]
.text a3afir6q.SYS F69843C9 1 Byte [30]
.text a3afir6q.SYS F69843C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 867DB2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7746DDC] spha.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7746E30] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F771C042] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F771C13E] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F771C0C0] spha.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F771C800] spha.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F771C6D6] spha.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 85D7A2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F772BB90] spha.sys
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 867D61F8
Device \FileSystem\Fastfat \FatCdrom 85A37500
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip imapioko.sys (Filter Audio/Belarc, Inc.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9246BC11-7EAB-4CA2-A31A-04F55AB57E62} 85A43500
Device \Driver\usbuhci \Device\USBPDO-0 85D9D1F8
Device \Driver\usbuhci \Device\USBPDO-1 85D9D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8676D1F8
Device \Driver\usbuhci \Device\USBPDO-2 85D9D1F8
Device \Driver\usbehci \Device\USBPDO-3 85D731F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp imapioko.sys (Filter Audio/Belarc, Inc.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{68A115AD-FCEC-41FF-AD45-416004020009} 85A43500
Device \Driver\PCI_PNP0456 \Device\00000049 spha.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 867D91F8
Device \Driver\Cdrom \Device\CdRom0 85A941F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 867D91F8
Device \Driver\Cdrom \Device\CdRom1 85A941F8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 8676C1F8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 8676C1F8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 8676C1F8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 8676C1F8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 8676C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 867D91F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85A43500
Device \Driver\NetBT \Device\NetbiosSmb 85A43500
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp imapioko.sys (Filter Audio/Belarc, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp imapioko.sys (Filter Audio/Belarc, Inc.)
Device \Driver\sptd \Device\3928737956 spha.sys
Device \Driver\usbuhci \Device\USBFDO-0 85D9D1F8
Device \Driver\USBSTOR \Device\0000007a 85D3A500
Device \Driver\usbuhci \Device\USBFDO-1 85D9D1F8
Device \Driver\USBSTOR \Device\0000007b 85D3A500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85B7A360
Device \Driver\usbuhci \Device\USBFDO-2 85D9D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85B7A360
Device \Driver\usbehci \Device\USBFDO-3 85D731F8
Device \Driver\Ftdisk \Device\FtControl 867D91F8
Device \Driver\a3afir6q \Device\Scsi\a3afir6q1Port3Path0Target0Lun0 85A921F8
Device \Driver\a3afir6q \Device\Scsi\a3afir6q1 85A921F8
Device \Driver\Si3112r \Device\Scsi\Si3112r1 867D71F8
Device \FileSystem\Fastfat \Fat 85A37500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 85943500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xE4 0xC6 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA1 0x2E 0xA5 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0x59 0x81 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xE4 0xC6 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA1 0x2E 0xA5 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0x59 0x81 0xEF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL F5941F57B699619505531C3FD6DCB4B221EC126648C8C632C99B27E792C7D66DACA42B74C4C1EE703617DE788E48743A3EDACEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A9C6AECB7A5D1407FCDCE23BB4CC8A2DAADBFC31EB10D61AC5E82FA3B90DD84AB52599A9671C519B0320244FF94014857471292773CB12F207E961687099B82F28D72D270DD01B5E49CAAD149F3CF10A3DF91ECD3E33E438EEB010479B0CA91BDA4C71352CA5EF456149D9959FFB9AF8ECE434BCA9D0D1025ACBB3FE9ADEDB1D3D52165C48264AF672CBB745C4BAF6337CE2F86EE6B05088B60BF53426917369D4FC83083F621E42B3C50B782EB8E6BFF968ACC079E4492C0906B16CC4258758B9A253893DEC4E1873F04C69D1BB3AC709AEC3F5BB041E706717FA9456A124661860D393C5DE358B13C7A634758CB89ADE33673459A7227A7DDC967A8A90C9B130948841B0529ED7088BF9DAB5761B28C537730753EB99970A38FC536A02EC7ED561A70C2869CBD8DAC0D843024B10071DBF77DCFE7442B4E1CF5DB5CC08F4B6712F9A572A44728E282E8AB59E5F3A7255953906056649E46A0F181DE0B8BDE3002801E58A8DBB9F24E08BE1A30BAEC5F545B13A616AD3DF20A1C3E7282E9837913CADDF6
---- EOF - GMER 1.0.15 ----