Free Malware Removal Forum

by **halladay1234** » October 17th, 2010, 7:23 pm

Hello, any help you can provide will be greatly appreciated!

My problem includes the following symptoms.

When I start IE a window opens that goes to my home page. After some delay, a second window opens referencing a website cptgt.com. I immediately close this window while opening. Links returned by search engines open apparently random websites. If I open the link using 'open in new tab' etc. they often work.

I have tried using some registry diagnosis tools (xpmedic, registry patrol) but they appear to hang up without returning any results (Regcure did run successfully)

here is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:36 PM, on 10/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\winmine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080403
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080403
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1039
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [qfheuwqtisd] c:\documents and settings\john\local settings\application data\drwvccryv\gnoyicb.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [snpr] "C:\Program Files\Snooper\snpr.exe"
O4 - HKCU\..\Run: [qfheuwqtisd] c:\documents and settings\john\local settings\application data\drwvccryv\gnoyicb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hpzsetup.LNK = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Slide and Negative Scanner.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8583116328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 12180 bytes

Here is the Uninstall log.

32 Bit HP CIO Components Installer
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 8.2.5
Amazon MP3 Downloader 1.0.3
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
Audacity 1.2.6
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Bonjour
Browser Address Error Redirector
Canon Camera Window for ZoomBrowser EX
Canon EOS 10D WIA Driver
Canon EOS Kiss REBEL 300D WIA Driver
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
C-Dilla Licence Management System
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
DATA BECKER Instant Photo Scanner
DeductionPro 2008
DeductionPro 2009
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Documentation & Support Launcher
Dragon Age: Origins
EZ Vinyl Converter by MixMeister 1.0.6
Games, Music, & Photos Launcher
Google Desktop
Google Earth
Google SketchUp 8
Google Update Helper
Google Updater
H&R Block Deluxe + Efile 2009
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
HP Photosmart All-In-One Software 9.0
HP Software Update
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 2
LeapFrog Connect
LeapFrog Connect
LeapFrog Tag Plugin
Malwarebytes' Anti-Malware
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MixPad Audio Mixer
MobileMe Control Panel
Modem Diagnostic Tool
MSN
MSN Toolbar
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetLimiter 2 Monitor (remove only)
NetWaiting
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
ordrumbox-0.8.04
Photosmart 140,240,7200,7600,7700,7900 Series
PhotoStage Slideshow Producer
Picasa
Picasa 3
PokerStars.net
PowerDVD
Presto! ImageFolio 4
QuickTime
Realtek High Definition Audio Driver
RegCure
Registry Patrol
Replay Converter 3
Replay Director
Replay Media Catcher 3.0
Replay Media Catcher 3.11
Replay Media Catcher 4
Replay Media Splitter 1.7
Rosetta Stone 2.1.5.3A
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SigmaLookup
SigmaXL
SigmaXL (Shared Components)
Slide and Negative Scanner
Spybot - Search & Destroy
TaxCut Premium + Efile 2008
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
TurboTax Deluxe 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Video Padlock
VideoPad Video Editor
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Sound Editor
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Service Pack 3
XPMedic

Thanks again for any help you can provide!

JT

by **deltalima** » October 20th, 2010, 3:51 pm

Checking your log - back soon.

by **deltalima** » October 20th, 2010, 4:11 pm

Hi halladay1234,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

I have tried using some registry diagnosis tools

I strongly recommend that you avoid registry tools such as these, they do far more harm than good, I would remove them from your system.

You have too may antimalware tools, they will interfere with our scans and fixes, please remove
Ad-Aware
Spybot - Search & Destroy

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

by **halladay1234** » October 21st, 2010, 10:31 pm

I removed the AdAware and Spybot programs, as well as the registry diagnoss tools.

I ran OTL program without any problems.

The GMER program resulted in consecutive blue screens. I unchecked the device option in the GMER selection criteria and it ran successfully.

The log files are presented below.

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-21 18:38:43
Windows 5.1.2600 Service Pack 3
Running: lqqfeku0.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\pwldypow.sys

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\iaStor.sys entry point in ".rsrc" section [0xB7F2E014]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6C1C380, 0x3DF295, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10002150 C:\Documents and Settings\John\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] kernel32.dll!GetTempFileNameW 7C8359E7 5 Bytes JMP 100018E0 C:\Documents and Settings\John\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01459315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0152DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0152DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01534832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01491CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0164E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0164DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0164DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0164DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0164DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0164E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0164DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[256] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0153488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[2808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[2808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EE000A
.text C:\WINDOWS\System32\svchost.exe[2808] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0086000C
.text C:\WINDOWS\System32\svchost.exe[2808] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[2808] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03A9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 03B2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 03A8000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01459315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01534832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0164E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0164DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0164DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0164DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0164DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0164E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0164DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[3600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0173000A
.text C:\WINDOWS\Explorer.EXE[3600] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 017C000A
.text C:\WINDOWS\Explorer.EXE[3600] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FE000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00B318FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 976772912 (+254): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\John\Local Settings\Temp\~DF8C6.tmp 0 bytes
File C:\Documents and Settings\John\Local Settings\Temp\~DF8D4.tmp 16384 bytes
File C:\Documents and Settings\John\Local Settings\Temp\~DF927.tmp 16384 bytes
File C:\Documents and Settings\John\Local Settings\Temp\~DF933.tmp 512 bytes
File C:\Documents and Settings\John\Local Settings\Temp\~DFE086.tmp 0 bytes
File C:\Documents and Settings\John\Local Settings\Temp\~DFE092.tmp 0 bytes
File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

OTL

OTL logfile created on: 10/21/2010 6:41:21 PM - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 353.62 Gb Free Space | 76.48% Space Free | Partition Type: NTFS

Computer Name: JTH-DESKTOP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\NetLimiter 2 Monitor\NLClient.exe (Locktime Software)
PRC - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (Locktime Software)
PRC - C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision )
PRC - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Picasa\PicasaMediaDetector.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
PRC - C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\John\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)
MOD - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (nlsvc) -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (Locktime Software)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (InstallShield Licensing Service) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision )
SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.)
SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.)
SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (appliandMP) -- C:\WINDOWS\system32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (appliand) -- C:\WINDOWS\system32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (nltdi) -- C:\WINDOWS\system32\drivers\nltdi.sys (Locktime Software)
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (C-Dilla) -- C:\WINDOWS\system32\drivers\CDANT.SYS (Macrovision)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=1080403
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/ ... channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=1080403

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=1080403
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=1080403
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=1080403
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=1080403
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=1080403
IE - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/ ... channel=us
IE - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1039

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [qfheuwqtisd] c:\documents and settings\john\local settings\application data\drwvccryv\gnoyicb.exe File not found
O4 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006..\Run: [qfheuwqtisd] c:\documents and settings\john\local settings\application data\drwvccryv\gnoyicb.exe File not found
O4 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006..\Run: [snpr] C:\Program Files\Snooper\snpr.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpzsetup.LNK = C:\Program Files\HP\Temp\{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}\hpzstub.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Slide and Negative Scanner.lnk = C:\Program Files\Silde and Negative Scanner\FotoLite.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8583116328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eabc2b30-069f-11dd-bb89-001d098b62ed}\Shell - "" = AutoRun
O33 - MountPoints2\{eabc2b30-069f-11dd-bb89-001d098b62ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eabc2b30-069f-11dd-bb89-001d098b62ed}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/20 21:07:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/10/18 23:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/10/15 08:56:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/10/14 13:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Powder coat building photos
[2010/10/13 23:31:45 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/10/13 23:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/13 23:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/13 23:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/10/13 23:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/13 23:06:00 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\John\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/10/13 22:05:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\Copy of Favorites
[2010/10/10 22:31:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Registry Patrol
[2010/10/10 22:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Patrol
[2010/10/10 01:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/09 23:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/09/26 23:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\Downloads
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/21 18:25:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-89541700-4281478900-3346534810-1006UA.job
[2010/10/21 18:18:20 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{09B84133-2E27-4DCF-9533-F4FB640FCFB4}.job
[2010/10/21 18:00:00 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/21 14:57:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/21 06:31:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6d24faf2bb7b.job
[2010/10/20 23:25:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-89541700-4281478900-3346534810-1006Core.job
[2010/10/20 22:15:43 | 000,248,739 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/10/20 22:13:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/20 22:13:51 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/20 21:23:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/20 21:19:50 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\John\Desktop\lqqfeku0.exe
[2010/10/20 21:07:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/10/20 20:59:37 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 07:08:47 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/10/18 02:12:59 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/10/15 20:07:36 | 000,058,955 | ---- | M] () -- C:\Documents and Settings\John\Desktop\10mmu0044_copy.jpg
[2010/10/15 18:52:56 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2010/10/15 18:27:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/14 07:16:41 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/10/13 23:37:51 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2010/10/13 22:17:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 11:00:08 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\John\Desktop\IE8-WindowsXP-x86-ENU.exe
[2010/10/09 21:57:43 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\John\My Documents\house oct.xls
[2010/09/28 23:13:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2010/09/27 15:16:41 | 000,001,310 | ---- | M] () -- C:\Documents and Settings\John\My Documents\Thank you for your order! pool cover.mht
[2010/09/26 23:19:03 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Google Chrome.lnk
[2010/09/26 23:19:03 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/26 16:41:55 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 21:19:50 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\John\Desktop\lqqfeku0.exe
[2010/10/18 07:21:30 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{09B84133-2E27-4DCF-9533-F4FB640FCFB4}.job
[2010/10/16 06:26:30 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6d24faf2bb7b.job
[2010/10/15 20:23:44 | 000,058,955 | ---- | C] () -- C:\Documents and Settings\John\Desktop\10mmu0044_copy.jpg
[2010/10/13 23:37:51 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HijackThis.lnk
[2010/10/11 17:06:29 | 2145,566,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/09 20:18:41 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\John\My Documents\house oct.xls
[2010/09/28 23:13:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2010/09/27 15:16:37 | 000,001,310 | ---- | C] () -- C:\Documents and Settings\John\My Documents\Thank you for your order! pool cover.mht
[2010/09/26 23:19:03 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Google Chrome.lnk
[2010/09/26 23:19:03 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/26 23:15:46 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-89541700-4281478900-3346534810-1006UA.job
[2010/09/26 23:15:45 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-89541700-4281478900-3346534810-1006Core.job
[2010/09/26 16:41:54 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/09 00:17:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\sstools.ini
[2009/12/25 10:00:47 | 000,001,701 | ---- | C] () -- C:\WINDOWS\if42le.ini
[2009/12/25 10:00:47 | 000,000,272 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2009/12/25 09:59:07 | 000,015,360 | R--- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2009/12/25 09:55:56 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL
[2009/11/11 09:36:42 | 000,125,654 | ---- | C] () -- C:\Documents and Settings\John\Application Data\ReplayConverterLog.log
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll
[2008/11/07 19:54:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/22 22:10:48 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\John\Application Data\wklnhst.dat
[2008/08/31 23:41:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/06/10 19:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 17:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/03 16:45:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/05/03 15:59:52 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2008/05/03 15:59:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2008/05/03 15:59:34 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2008/05/03 15:59:34 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2008/05/03 15:59:34 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2008/05/03 15:59:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2008/05/03 15:59:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2008/05/03 15:59:21 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2008/04/06 09:54:43 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/06 00:12:38 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/05 22:05:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/03 10:22:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/03 09:53:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/04/03 09:51:34 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

OTL EXTRAS

OTL Extras logfile created on: 10/21/2010 6:41:22 PM - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.40 Gb Total Space | 353.62 Gb Free Space | 76.48% Space Free | Partition Type: NTFS

Computer Name: JTH-DESKTOP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-89541700-4281478900-3346534810-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{061F7D1F-A74E-4262-A835-AF4DF0F91F02}" = Rosetta Stone 2.1.5.3A
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon Camera WIA Driver
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F3C436-65C1-487A-BFCE-1873C700C2D2}" = Slide and Negative Scanner
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20292BBB-C7D7-4526-9E38-42C4A5C2A3A6}" = H&R Block Deluxe + Efile 2009
"{251ADA98-330E-483C-875E-3E3B7AC16B8B}" = Replay Media Catcher 4
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37811B39-35FC-4C99-B804-6B9DC9A09C2D}" = PS7900
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4B222C8E-8DEB-4DBC-B57A-78BEB72ABD3A}" = LeapFrog Connect
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcuts
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}" = HP Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = File Viewer Utility 1.3.1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{783033B0-D8E6-11D5-9293-0050BA073EEC}" = Presto! ImageFolio 4
"{79207BEE-6CD3-483C-824C-944663BACAC4}" = TaxCut Premium + Efile 2008
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904A0552-1649-4407-9048-840CC2C97085}" = SigmaXL
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE4997B5-55AD-4878-97A7-C9FA84FE23C7}" = PSUsage
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 14
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF91B23E-3819-43A1-AE47-043E1900EB2B}" = RemoteCapture 2.7.4
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F330293A-DB6A-4495-BE34-8DC9453CBFE1}" = LeapFrog Tag Plugin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"0E5906722E3ECA13747F1633D3F55E9F47120424" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Applian Director2.0" = Applian Director
"Audacity_is1" = Audacity 1.2.6
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DATA BECKER Instant Photo Scanner" = DATA BECKER Instant Photo Scanner
"EZ Vinyl Converter by MixMeister_is1" = EZ Vinyl Converter by MixMeister 1.0.6
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{061F7D1F-A74E-4262-A835-AF4DF0F91F02}" = Rosetta Stone 2.1.5.3A
"InstallShield_{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon EOS 10D WIA Driver
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA Driver
"InstallShield_{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{EF91B23E-3819-43A1-AE47-043E1900EB2B}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PRISM_V3_0" = MGI PhotoSuite III SE (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"MSNINST" = MSN
"NetLimiter 2 Monitor" = NetLimiter 2 Monitor (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ordrumbox_is1" = ordrumbox-0.8.04
"PhotoRecord" = Canon PhotoRecord
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa" = Picasa
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"PROSet" = Intel(R) PRO Network Connections Drivers
"Replay Converter 3" = Replay Converter 3
"Replay Director1.0" = Replay Director
"Replay Media Catcher 3.0" = Replay Media Catcher 3.0
"Replay Media Catcher 3.11" = Replay Media Catcher 3.11
"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.7
"SearchAssist" = SearchAssist
"ST5UNST #1" = SigmaLookup
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"TmPcc" = Trend Micro PC-cillin Internet Security 14
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Uninstaller_60003E10_SigmaXL" = SigmaXL (Shared Components)
"UPCShell" = LeapFrog Connect
"Video Padlock1.12" = Video Padlock
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-89541700-4281478900-3346534810-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/21/2010 6:36:04 AM | Computer Name = JTH-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.window*up*date.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/21/2010 7:58:46 AM | Computer Name = JTH-DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 10/21/2010 7:59:54 AM | Computer Name = JTH-DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 10/21/2010 1:07:52 PM | Computer Name = JTH-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.window*up*date.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/21/2010 1:34:16 PM | Computer Name = JTH-DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 10/21/2010 1:34:19 PM | Computer Name = JTH-DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 10/21/2010 1:34:21 PM | Computer Name = JTH-DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 10/21/2010 5:18:09 PM | Computer Name = JTH-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.window*up*date.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/21/2010 6:57:27 PM | Computer Name = JTH-DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 10/21/2010 7:06:48 PM | Computer Name = JTH-DESKTOP | Source = Bonjour Service | ID = 100
Description = 320: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 10/20/2010 10:01:51 PM | Computer Name = JTH-DESKTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/20/2010 10:01:51 PM | Computer Name = JTH-DESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/20/2010 10:33:33 PM | Computer Name = JTH-DESKTOP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/20/2010 10:59:11 PM | Computer Name = JTH-DESKTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/20/2010 10:59:11 PM | Computer Name = JTH-DESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/20/2010 11:12:40 PM | Computer Name = JTH-DESKTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/20/2010 11:12:40 PM | Computer Name = JTH-DESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/20/2010 11:14:17 PM | Computer Name = JTH-DESKTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 10/20/2010 11:14:17 PM | Computer Name = JTH-DESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 10/21/2010 7:21:49 PM | Computer Name = JTH-DESKTOP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

< End of report >

Note I had to modify a string in the system events area of the Extras log file for 3 events. The phrase windows+update would not load. I used asterisks to break up the phrase -- very strange.

by **deltalima** » October 22nd, 2010, 3:48 am

Hi halladay1234,

TDSSKiller

Please Download TDSSKiller.zip and save it on your desktop.
Extract (unzip) its contents to your Desktop.
Double-click the TDSSKiller Folder on your desktop.
Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
Important!: Run this fix once and once only.
Double click the TDSSKiller icon on you're desktop then click Start scan.
A box will appear saying System scan completed.
If any Malicious objects are found click Cure > Continue > Reboot now.
A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
To find the log click Start > Computer > C:.
Please post the contents of that log in your next reply.

by **halladay1234** » October 22nd, 2010, 8:28 am

Ran the TDSSKiller application

Logfile contents below;

2010/10/22 07:17:24.0609 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/22 07:17:24.0609 ================================================================================
2010/10/22 07:17:24.0609 SystemInfo:
2010/10/22 07:17:24.0609
2010/10/22 07:17:24.0609 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/22 07:17:24.0609 Product type: Workstation
2010/10/22 07:17:24.0609 ComputerName: JTH-DESKTOP
2010/10/22 07:17:24.0609 UserName: John
2010/10/22 07:17:24.0609 Windows directory: C:\WINDOWS
2010/10/22 07:17:24.0609 System windows directory: C:\WINDOWS
2010/10/22 07:17:24.0609 Processor architecture: Intel x86
2010/10/22 07:17:24.0609 Number of processors: 2
2010/10/22 07:17:24.0609 Page size: 0x1000
2010/10/22 07:17:24.0609 Boot type: Normal boot
2010/10/22 07:17:24.0609 ================================================================================
2010/10/22 07:17:24.0828 Initialize success
2010/10/22 07:19:18.0609 ================================================================================
2010/10/22 07:19:18.0609 Scan started
2010/10/22 07:19:18.0609 Mode: Manual;
2010/10/22 07:19:18.0609 ================================================================================
2010/10/22 07:19:19.0062 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/22 07:19:19.0093 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/22 07:19:19.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/22 07:19:19.0156 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/22 07:19:19.0187 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/22 07:19:19.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/22 07:19:19.0312 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/10/22 07:19:19.0343 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/22 07:19:19.0375 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/22 07:19:19.0406 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/22 07:19:19.0406 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/22 07:19:19.0437 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/22 07:19:19.0453 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/22 07:19:19.0484 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/22 07:19:19.0500 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/22 07:19:19.0515 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/22 07:19:19.0562 appliand (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
2010/10/22 07:19:19.0578 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
2010/10/22 07:19:19.0593 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/22 07:19:19.0609 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/22 07:19:19.0640 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/22 07:19:19.0671 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/22 07:19:19.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/22 07:19:19.0750 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/22 07:19:19.0765 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/22 07:19:19.0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/22 07:19:19.0875 C-Dilla (4ff76600b4ca68376b80af1683799c60) C:\WINDOWS\system32\drivers\CDANT.SYS
2010/10/22 07:19:19.0906 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/22 07:19:19.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/22 07:19:19.0921 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/22 07:19:19.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/22 07:19:19.0968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/22 07:19:19.0984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/22 07:19:20.0015 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/22 07:19:20.0031 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/22 07:19:20.0078 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/22 07:19:20.0078 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/22 07:19:20.0109 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/22 07:19:20.0156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/22 07:19:20.0187 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/22 07:19:20.0203 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/22 07:19:20.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/22 07:19:20.0281 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/22 07:19:20.0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/22 07:19:20.0328 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/22 07:19:20.0359 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/10/22 07:19:20.0390 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/22 07:19:20.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/22 07:19:20.0437 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/22 07:19:20.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/22 07:19:20.0484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/22 07:19:20.0531 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2010/10/22 07:19:20.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/22 07:19:20.0593 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/22 07:19:20.0656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/22 07:19:20.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/22 07:19:20.0734 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/22 07:19:20.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/22 07:19:20.0812 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/22 07:19:20.0859 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/22 07:19:20.0875 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/22 07:19:20.0890 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/22 07:19:20.0906 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/10/22 07:19:20.0968 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/22 07:19:21.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/22 07:19:21.0109 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/22 07:19:21.0140 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/22 07:19:21.0156 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/22 07:19:21.0296 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/22 07:19:21.0375 iaStor (538b7e8fd6bdc34bdbb25b5657ea7308) C:\WINDOWS\system32\drivers\iaStor.sys
2010/10/22 07:19:21.0375 Suspicious file (Forged): C:\WINDOWS\system32\drivers\iaStor.sys. Real md5: 538b7e8fd6bdc34bdbb25b5657ea7308, Fake md5: 997e8f5939f2d12cd9f2e6b395724c16
2010/10/22 07:19:21.0390 iaStor - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/22 07:19:21.0453 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/22 07:19:21.0484 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/22 07:19:21.0656 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/22 07:19:21.0750 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/22 07:19:21.0828 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/22 07:19:21.0875 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/22 07:19:21.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/22 07:19:21.0906 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/22 07:19:21.0953 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/22 07:19:21.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/22 07:19:22.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/22 07:19:22.0031 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/22 07:19:22.0078 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/22 07:19:22.0078 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/22 07:19:22.0109 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/22 07:19:22.0140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/22 07:19:22.0203 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/22 07:19:22.0250 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/22 07:19:22.0296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/22 07:19:22.0312 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/22 07:19:22.0328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/22 07:19:22.0375 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/22 07:19:22.0390 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/22 07:19:22.0421 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/22 07:19:22.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/22 07:19:22.0484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/22 07:19:22.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/22 07:19:22.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/22 07:19:22.0562 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/22 07:19:22.0578 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/22 07:19:22.0593 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/22 07:19:22.0609 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/22 07:19:22.0656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/22 07:19:22.0671 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/22 07:19:22.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/22 07:19:22.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/22 07:19:22.0718 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/22 07:19:22.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/22 07:19:22.0750 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/22 07:19:22.0843 nltdi (015ce611f7acf34afdff58a581ec6904) C:\WINDOWS\system32\drivers\nltdi.sys
2010/10/22 07:19:22.0859 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/22 07:19:22.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/22 07:19:22.0937 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/22 07:19:23.0140 nv (cf49346faeffbd046b4dcaf29673e02a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/22 07:19:23.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/22 07:19:23.0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/22 07:19:23.0343 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/22 07:19:23.0343 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/22 07:19:23.0375 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/22 07:19:23.0390 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/22 07:19:23.0421 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/22 07:19:23.0453 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/22 07:19:23.0531 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/22 07:19:23.0546 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/22 07:19:23.0609 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/22 07:19:23.0625 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/22 07:19:23.0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/22 07:19:23.0656 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/22 07:19:23.0687 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/22 07:19:23.0703 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/22 07:19:23.0718 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/22 07:19:23.0718 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/22 07:19:23.0750 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/22 07:19:23.0765 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/22 07:19:23.0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/22 07:19:23.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/22 07:19:23.0828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/22 07:19:23.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/22 07:19:23.0843 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/22 07:19:23.0890 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/22 07:19:23.0921 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/22 07:19:23.0953 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/22 07:19:24.0031 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/22 07:19:24.0062 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/22 07:19:24.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/22 07:19:24.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/22 07:19:24.0171 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/22 07:19:24.0203 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/22 07:19:24.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/22 07:19:24.0250 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/22 07:19:24.0312 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/22 07:19:24.0343 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/22 07:19:24.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/22 07:19:24.0406 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/22 07:19:24.0406 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/22 07:19:24.0421 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/22 07:19:24.0437 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/22 07:19:24.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/22 07:19:24.0546 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/22 07:19:24.0593 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/22 07:19:24.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/22 07:19:24.0625 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/22 07:19:24.0671 tmcfw (3929c6784db38788d76a88d9c4043dee) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2010/10/22 07:19:24.0750 tmpreflt (0c89809f1df614bd42093a446b222a32) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2010/10/22 07:19:24.0765 tmtdi (264ea39fdebd0b5e9d49d79923ed91ad) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2010/10/22 07:19:24.0828 tmxpflt (3d473e97ff805dab903aa66f08286c90) C:\WINDOWS\system32\drivers\TmXPFlt.sys
2010/10/22 07:19:24.0875 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/22 07:19:24.0890 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/22 07:19:24.0906 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/22 07:19:24.0937 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/22 07:19:25.0000 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/22 07:19:25.0031 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/22 07:19:25.0046 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/22 07:19:25.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/22 07:19:25.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/22 07:19:25.0156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/22 07:19:25.0218 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/22 07:19:25.0218 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/22 07:19:25.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/22 07:19:25.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/22 07:19:25.0328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/22 07:19:25.0359 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/22 07:19:25.0390 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/22 07:19:25.0468 vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2010/10/22 07:19:25.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/22 07:19:25.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/22 07:19:25.0609 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/22 07:19:25.0687 WinDriver6 (032793a8e6288c4c60ff30542eeab22b) C:\WINDOWS\system32\drivers\windrvr6.sys
2010/10/22 07:19:25.0781 ================================================================================
2010/10/22 07:19:25.0781 Scan finished
2010/10/22 07:19:25.0781 ================================================================================
2010/10/22 07:19:25.0781 Detected object count: 1
2010/10/22 07:19:46.0953 iaStor (538b7e8fd6bdc34bdbb25b5657ea7308) C:\WINDOWS\system32\drivers\iaStor.sys
2010/10/22 07:19:46.0953 Suspicious file (Forged): C:\WINDOWS\system32\drivers\iaStor.sys. Real md5: 538b7e8fd6bdc34bdbb25b5657ea7308, Fake md5: 997e8f5939f2d12cd9f2e6b395724c16
2010/10/22 07:19:47.0125 Backup copy found, using it..
2010/10/22 07:19:47.0140 C:\WINDOWS\system32\drivers\iaStor.sys - will be cured after reboot
2010/10/22 07:19:47.0140 Rootkit.Win32.TDSS.tdl3(iaStor) - User select action: Cure
2010/10/22 07:19:53.0390 Deinitialize success

by **deltalima** » October 22nd, 2010, 8:31 am

Hi halladay1234,

Rootkit Warning
Your computer has multiple infections, including a rootkit.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords
(Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of Trojan,
the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...

We can attempt to clean this machine but we will not guarantee that it won't still be compromised, afterwards.
Please let me know how you wish to proceed.

by **halladay1234** » October 22nd, 2010, 9:24 am

Thanks for your help!

I understand the risks, but would like to give cleaning the system a try.

Thanks

by **deltalima** » October 22nd, 2010, 9:28 am

Hi halladay1234,

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code: Select all

:otl
O4 - HKU\S-1-5-21-89541700-4281478900-3346534810-1006..\Run: [qfheuwqtisd] c:\documents and settings\john\local settings\application data\drwvccryv\gnoyicb.exe File not found
O4 - HKLM..\Run: [qfheuwqtisd] c:\documents and settings\john\local settings\application data\drwvccryv\gnoyicb.exe File not found
:commands
[REBOOT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now run a quick scan with Malwarebytes. remove any infections found and post the log in your next reply.

Please let me know how the computer is running now.

by **muppy03** » October 25th, 2010, 4:08 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum, include a fresh HijackThis log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal

Free Malware Removal Forum

Browser Redirects and Secondary IE window opens

Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Re: Browser Redirects and Secondary IE window opens

Who is online