Hi Deltalima,
Hope this is what you wanted . I had to d/l them on a diff PC to a cd , then open and run them on the infected PC, etc,etc. In this reply I will post the DDS.txt and the attach.txt. I will paste the GMER scan in my next reply. Thanks
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/23/2009 2:13:55 PM
System Uptime: 12/14/2009 2:48:54 PM (1 hours ago)
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1994/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 288 GiB total, 269.072 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP55: 9/13/2009 6:49:45 PM - System Checkpoint
RP56: 9/15/2009 9:44:00 AM - System Checkpoint
RP57: 9/16/2009 7:17:36 PM - System Checkpoint
RP58: 9/18/2009 4:52:02 PM - System Checkpoint
RP59: 9/19/2009 6:11:29 PM - System Checkpoint
RP60: 9/21/2009 1:24:15 PM - System Checkpoint
RP61: 9/22/2009 7:42:47 PM - System Checkpoint
RP62: 9/24/2009 6:54:52 AM - System Checkpoint
RP63: 9/25/2009 9:46:14 AM - System Checkpoint
RP64: 9/26/2009 5:21:35 PM - System Checkpoint
RP65: 9/27/2009 5:34:23 PM - System Checkpoint
RP66: 9/29/2009 11:00:36 AM - System Checkpoint
RP67: 10/1/2009 7:37:34 AM - System Checkpoint
RP68: 10/2/2009 11:44:55 AM - System Checkpoint
RP69: 10/3/2009 3:29:24 PM - System Checkpoint
RP70: 10/4/2009 6:36:48 PM - System Checkpoint
RP71: 10/6/2009 2:26:16 PM - System Checkpoint
RP72: 10/7/2009 5:18:48 PM - System Checkpoint
RP73: 10/8/2009 6:22:12 PM - System Checkpoint
RP74: 10/10/2009 1:34:47 PM - System Checkpoint
RP75: 10/11/2009 5:49:51 PM - System Checkpoint
RP76: 10/12/2009 6:51:28 PM - System Checkpoint
RP77: 10/13/2009 7:11:16 PM - System Checkpoint
RP78: 10/15/2009 5:02:48 AM - Software Distribution Service 3.0
RP79: 10/17/2009 3:41:15 AM - System Checkpoint
RP80: 10/19/2009 11:16:50 AM - System Checkpoint
RP81: 10/21/2009 7:20:55 AM - System Checkpoint
RP82: 10/22/2009 7:26:24 AM - System Checkpoint
RP83: 10/23/2009 9:05:12 AM - System Checkpoint
RP84: 10/24/2009 9:34:33 AM - System Checkpoint
RP85: 10/25/2009 7:53:47 PM - System Checkpoint
RP86: 10/25/2009 8:25:49 PM - Installed HP Smart Web Printing
RP87: 10/26/2009 5:38:43 AM - Software Distribution Service 3.0
RP88: 10/27/2009 8:23:13 AM - System Checkpoint
RP89: 10/28/2009 7:00:11 PM - System Checkpoint
RP90: 10/30/2009 8:33:08 AM - Installed Windows XP KB915865.
RP91: 10/30/2009 8:33:36 AM - Installed Windows NLSDownlevelMapping.
RP92: 10/30/2009 8:33:54 AM - Installed Windows IDNMitigationAPIs.
RP93: 10/30/2009 8:34:15 AM - Installed Windows Internet Explorer 7.
RP94: 10/30/2009 8:34:37 AM - Software Distribution Service 3.0
RP95: 10/31/2009 12:21:13 PM - Software Distribution Service 3.0
RP96: 11/1/2009 3:50:58 PM - System Checkpoint
RP97: 11/3/2009 9:53:08 AM - System Checkpoint
RP98: 11/4/2009 1:50:06 PM - System Checkpoint
RP99: 11/7/2009 9:16:45 AM - System Checkpoint
RP100: 11/9/2009 8:52:13 AM - System Checkpoint
RP101: 11/10/2009 10:09:24 AM - System Checkpoint
RP102: 11/11/2009 10:46:59 AM - System Checkpoint
RP103: 11/13/2009 9:34:50 AM - System Checkpoint
RP104: 11/14/2009 8:30:02 PM - System Checkpoint
RP105: 11/16/2009 10:14:55 AM - System Checkpoint
RP106: 11/18/2009 10:14:18 AM - System Checkpoint
RP107: 11/20/2009 10:28:47 AM - System Checkpoint
RP108: 11/21/2009 8:45:56 PM - System Checkpoint
RP109: 11/22/2009 3:15:18 PM - Restore Operation
RP110: 11/22/2009 5:35:58 PM - Restore Operation
RP111: 11/22/2009 7:28:48 PM - Restore Operation
RP112: 11/26/2009 11:09:40 AM - System Checkpoint
RP113: 11/28/2009 12:00:47 PM - System Checkpoint
RP114: 11/29/2009 12:15:10 PM - System Checkpoint
RP115: 12/6/2009 10:23:18 AM - System Checkpoint
RP116: 12/6/2009 1:37:44 PM - Before fixing registry with Registry Cleaner
RP117: 12/11/2009 6:14:26 AM - System Checkpoint
RP118: 12/12/2009 10:35:23 PM - System Checkpoint
==== Hosts File Hijack ======================
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100
www.getantivirusplusnow.comHosts: 74.125.45.100
www.secure-plus-payments.comHosts: 74.125.45.100
www.getavplusnow.comHosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100
www.securesoftwarebill.comHosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 93.174.89.9 google.ae
Hosts: 93.174.89.9 google.as
Hosts: 93.174.89.9 google.at
Hosts: 93.174.89.9 google.az
Hosts: 93.174.89.9 google.ba
Hosts: 93.174.89.9 google.be
Hosts: 93.174.89.9 google.bg
Hosts: 93.174.89.9 google.bs
Hosts: 93.174.89.9 google.ca
Hosts: 93.174.89.9 google.cd
Hosts: 93.174.89.9 google.com.gh
Hosts: 93.174.89.9 google.com.hk
Hosts: 93.174.89.9 google.com.jm
Hosts: 93.174.89.9 google.com.mx
Hosts: 93.174.89.9 google.com.my
Hosts: 93.174.89.9 google.com.na
Hosts: 93.174.89.9 google.com.nf
Hosts: 93.174.89.9 google.com.ng
Hosts: 93.174.89.9 google.ch
Hosts: 93.174.89.9 google.com.np
Hosts: 93.174.89.9 google.com.pr
Hosts: 93.174.89.9 google.com.qa
Hosts: 93.174.89.9 google.com.sg
Hosts: 93.174.89.9 google.com.tj
Hosts: 93.174.89.9 google.com.tw
Hosts: 93.174.89.9 google.dj
Hosts: 93.174.89.9 google.de
Hosts: 93.174.89.9 google.dk
Hosts: 93.174.89.9 google.dm
Hosts: 93.174.89.9 google.ee
Hosts: 93.174.89.9 google.fi
Hosts: 93.174.89.9 google.fm
Hosts: 93.174.89.9 google.fr
Hosts: 93.174.89.9 google.ge
Hosts: 93.174.89.9 google.gg
Hosts: 93.174.89.9 google.gm
Hosts: 93.174.89.9 google.gr
Hosts: 93.174.89.9 google.ht
Hosts: 93.174.89.9 google.ie
Hosts: 93.174.89.9 google.im
Hosts: 93.174.89.9 google.in
Hosts: 93.174.89.9 google.it
Hosts: 93.174.89.9 google.ki
Hosts: 93.174.89.9 google.la
Hosts: 93.174.89.9 google.li
Hosts: 93.174.89.9 google.lv
Hosts: 93.174.89.9 google.ma
Hosts: 93.174.89.9 google.ms
Hosts: 93.174.89.9 google.mu
Hosts: 93.174.89.9 google.mw
Hosts: 93.174.89.9 google.nl
Hosts: 93.174.89.9 google.no
Hosts: 93.174.89.9 google.nr
Hosts: 93.174.89.9 google.nu
Hosts: 93.174.89.9 google.pl
Hosts: 93.174.89.9 google.pn
Hosts: 93.174.89.9 google.pt
Hosts: 93.174.89.9 google.ro
Hosts: 93.174.89.9 google.ru
Hosts: 93.174.89.9 google.rw
Hosts: 93.174.89.9 google.se
Hosts: 93.174.89.9 google.sh
Hosts: 93.174.89.9 google.sm
Hosts: 93.174.89.9 google.sn
Hosts: 93.174.89.9 google.st
Hosts: 93.174.89.9 google.tl
Hosts: 93.174.89.9 google.tm
Hosts: 93.174.89.9 google.tt
Hosts: 93.174.89.9 google.us
Hosts: 93.174.89.9 google.vu
Hosts: 93.174.89.9 google.ws
Hosts: 93.174.89.9 google.co.ck
Hosts: 93.174.89.9 google.co.id
Hosts: 93.174.89.9 google.co.il
Hosts: 93.174.89.9 google.co.in
Hosts: 93.174.89.9 google.co.jp
Hosts: 93.174.89.9 google.co.kr
Hosts: 93.174.89.9 google.co.ls
Hosts: 93.174.89.9 google.co.ma
Hosts: 93.174.89.9 google.co.nz
Hosts: 93.174.89.9 google.co.tz
Hosts: 93.174.89.9 google.co.ug
Hosts: 93.174.89.9 google.co.uk
Hosts: 93.174.89.9 google.co.za
Hosts: 93.174.89.9 google.co.zm
Hosts: 93.174.89.9 google.com
Hosts: 93.174.89.9 google.com.af
Hosts: 93.174.89.9 google.com.ag
Hosts: 93.174.89.9 google.com.ar
Hosts: 93.174.89.9 google.com.au
Hosts: 93.174.89.9 google.com.bn
Hosts: 93.174.89.9 google.com.br
Hosts: 93.174.89.9 google.com.by
Hosts: 93.174.89.9 google.com.bz
Hosts: 93.174.89.9 google.com.cu
Hosts: 93.174.89.9 google.com.ec
Hosts: 93.174.89.9 google.com.fj
Hosts: 93.174.89.9
www.google.aeHosts: 93.174.89.9
www.google.asHosts: 93.174.89.9
www.google.atHosts: 93.174.89.9
www.google.azHosts: 93.174.89.9
www.google.baHosts: 93.174.89.9
www.google.beHosts: 93.174.89.9
www.google.bgHosts: 93.174.89.9
www.google.bsHosts: 93.174.89.9
www.google.caHosts: 93.174.89.9
www.google.cdHosts: 93.174.89.9
www.google.com.ghHosts: 93.174.89.9
www.google.com.hkHosts: 93.174.89.9
www.google.com.jmHosts: 93.174.89.9
www.google.com.mxHosts: 93.174.89.9
www.google.com.myHosts: 93.174.89.9
www.google.com.naHosts: 93.174.89.9
www.google.com.nfHosts: 93.174.89.9
www.google.com.ngHosts: 93.174.89.9
www.google.chHosts: 93.174.89.9
www.google.com.npHosts: 93.174.89.9
www.google.com.prHosts: 93.174.89.9
www.google.com.qaHosts: 93.174.89.9
www.google.com.sgHosts: 93.174.89.9
www.google.com.tjHosts: 93.174.89.9
www.google.com.twHosts: 93.174.89.9
www.google.djHosts: 93.174.89.9
www.google.deHosts: 93.174.89.9
www.google.dkHosts: 93.174.89.9
www.google.dmHosts: 93.174.89.9
www.google.eeHosts: 93.174.89.9
www.google.fiHosts: 93.174.89.9
www.google.fmHosts: 93.174.89.9
www.google.frHosts: 93.174.89.9
www.google.geHosts: 93.174.89.9
www.google.ggHosts: 93.174.89.9
www.google.gmHosts: 93.174.89.9
www.google.grHosts: 93.174.89.9
www.google.htHosts: 93.174.89.9
www.google.ieHosts: 93.174.89.9
www.google.imHosts: 93.174.89.9
www.google.laHosts: 93.174.89.9
www.google.liHosts: 93.174.89.9
www.google.lvHosts: 93.174.89.9
www.google.maHosts: 93.174.89.9
www.google.msHosts: 93.174.89.9
www.google.muHosts: 93.174.89.9
www.google.mwHosts: 93.174.89.9
www.google.nlHosts: 93.174.89.9
www.google.noHosts: 93.174.89.9
www.google.nrHosts: 93.174.89.9
www.google.nuHosts: 93.174.89.9
www.google.plHosts: 93.174.89.9
www.google.pnHosts: 93.174.89.9
www.google.ptHosts: 93.174.89.9
www.google.roHosts: 93.174.89.9
www.google.ruHosts: 93.174.89.9
www.google.rwHosts: 93.174.89.9
www.google.scHosts: 93.174.89.9
www.google.seHosts: 93.174.89.9
www.google.shHosts: 93.174.89.9
www.google.siHosts: 93.174.89.9
www.google.smHosts: 93.174.89.9
www.google.snHosts: 93.174.89.9
www.google.stHosts: 93.174.89.9
www.google.tlHosts: 93.174.89.9
www.google.tmHosts: 93.174.89.9
www.google.ttHosts: 93.174.89.9
www.google.usHosts: 93.174.89.9
www.google.vuHosts: 93.174.89.9
www.google.wsHosts: 93.174.89.9
www.google.co.ckHosts: 93.174.89.9
www.google.co.idHosts: 93.174.89.9
www.google.co.ilHosts: 93.174.89.9
www.google.co.inHosts: 93.174.89.9
www.google.co.jpHosts: 93.174.89.9
www.google.co.krHosts: 93.174.89.9
www.google.co.lsHosts: 93.174.89.9
www.google.co.maHosts: 93.174.89.9
www.google.co.nzHosts: 93.174.89.9
www.google.co.tzHosts: 93.174.89.9
www.google.co.ugHosts: 93.174.89.9
www.google.co.ukHosts: 93.174.89.9
www.google.co.zaHosts: 93.174.89.9
www.google.co.zmHosts: 93.174.89.9
www.google.comHosts: 93.174.89.9
www.google.com.afHosts: 93.174.89.9
www.google.com.agHosts: 93.174.89.9
www.google.com.arHosts: 93.174.89.9
www.google.com.auHosts: 93.174.89.9
www.google.com.bnHosts: 93.174.89.9
www.google.com.brHosts: 93.174.89.9
www.google.com.byHosts: 93.174.89.9
www.google.com.bzHosts: 93.174.89.9
www.google.com.cuHosts: 93.174.89.9
www.google.com.ecHosts: 93.174.89.9
www.google.com.fjHosts: 93.174.89.9 google.com
Hosts: 93.174.89.9
www.google.comHosts: 93.174.89.9 bing.com
Hosts: 93.174.89.9
www.bing.comHosts: 93.174.89.9 search.yahoo.com
Hosts: 93.174.89.9
www.search.yahoo.comHosts: 93.174.89.9 search.live.com
Hosts: 93.174.89.9 search.msn.com
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
AT&T Communication Manager
Banctec Service Agreement
Choice Guard
Compatibility Pack for the 2007 Office system
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Documentation & Support Launcher
Driver Installer
Games, Music, & Photos Launcher
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Service Offers Launcher
Java(TM) 6 Update 11
Junk Mail filter update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 6.0 Parser (KB927977)
NinjaTrader 6.5
PC Tools AntiVirus 6.0
PowerDVD
QuickSet
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Secure Viewer 2.7
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
12/11/2009 5:43:08 AM, error: Service Control Manager [7000] - The Sierra Wireless MUX NDIS Driver (UMTS80) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/11/2009 5:43:08 AM, error: Service Control Manager [7000] - The RT73 USB Wireless LAN Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
==== End Of File ===========================
DDS (Ver_09-12-01.01) - NTFSx86
Run by Thomas Hugh Pean at 15:04:15.59 on Mon 12/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3167 [GMT -7:00]
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://google.com/uSearch Page =
hxxp://www.live.comBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabNotify: igfxcui - igfxdev.dll
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-24 130936]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-4-24 21904]
R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-4-24 826600]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-17 108160]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-4-24 28560]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-4-17 157696]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
=============== Created Last 30 ================
2009-12-06 20:28:48 0 d-----w- c:\docume~1\thomas~1\applic~1\Registry Cleaner
2009-11-29 18:01:32 0 d-----w- c:\program files\Trend Micro
2009-11-23 04:06:21 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-23 04:04:32 0 d-----w- c:\program files\Skyhook Wireless
2009-11-23 04:01:20 0 d-----w- c:\program files\MSXML 4.0
2009-11-23 04:01:15 0 d-----w- c:\windows\Downloaded Installations
2009-11-23 04:01:15 0 d-----w- c:\program files\Yahoo!
2009-11-23 04:00:47 0 d-----w- c:\program files\common files\HP
2009-11-23 01:18:25 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools(3)
2009-11-22 22:17:42 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-22 18:15:34 0 d-----w- c:\windows\system32\NtmsData
2009-11-22 18:11:38 0 d-----w- c:\program files\Uniblue
2009-11-22 17:33:50 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-22 17:33:50 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-22 17:33:50 767952 ----a-w- c:\windows\BDTSupport(2).dll
2009-11-22 17:33:50 131 ----a-w- c:\windows\IDB.zip
2009-11-22 17:33:50 1152470 ----a-w- c:\windows\UDB.zip
2009-11-22 17:31:52 0 d-----w- c:\program files\Spyware Doctor
==================== Find3M ====================
2009-12-07 03:02:21 144 ----a-w- c:\docume~1\thomas~1\applic~1\wklnhst.dat
2009-11-03 05:33:06 2143744 ----a-w- C:\1277496.dll
2009-11-03 05:33:06 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-10-25 06:42:16 166369 ----a-w- c:\windows\hpoins28.dat
============= FINISH: 15:04:34.50 ===============
DDS (Ver_09-12-01.01) - NTFSx86
Run by Thomas Hugh Pean at 15:04:15.59 on Mon 12/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3167 [GMT -7:00]
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r203425\STacSV.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://google.com/uSearch Page =
hxxp://www.live.comBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabNotify: igfxcui - igfxdev.dll
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-24 130936]
R2 AVFilter;AVFilter;c:\windows\system32\drivers\AVFilter.sys [2009-4-24 21904]
R2 PCTAVSvc;PC Tools AntiVirus Engine;c:\program files\pc tools antivirus\PCTAVSvc.exe [2009-4-24 826600]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-17 108160]
R3 AVHook;AVHook;c:\windows\system32\drivers\AVHook.sys [2009-4-24 28560]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-4-17 157696]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-11-20 113152]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
=============== Created Last 30 ================
2009-12-06 20:28:48 0 d-----w- c:\docume~1\thomas~1\applic~1\Registry Cleaner
2009-11-29 18:01:32 0 d-----w- c:\program files\Trend Micro
2009-11-23 04:06:21 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-23 04:04:32 0 d-----w- c:\program files\Skyhook Wireless
2009-11-23 04:01:20 0 d-----w- c:\program files\MSXML 4.0
2009-11-23 04:01:15 0 d-----w- c:\windows\Downloaded Installations
2009-11-23 04:01:15 0 d-----w- c:\program files\Yahoo!
2009-11-23 04:00:47 0 d-----w- c:\program files\common files\HP
2009-11-23 01:18:25 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools(3)
2009-11-22 22:17:42 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-22 18:15:34 0 d-----w- c:\windows\system32\NtmsData
2009-11-22 18:11:38 0 d-----w- c:\program files\Uniblue
2009-11-22 17:33:50 882 ----a-w- c:\windows\RegSDImport.xml
2009-11-22 17:33:50 880 ----a-w- c:\windows\RegISSImport.xml
2009-11-22 17:33:50 767952 ----a-w- c:\windows\BDTSupport(2).dll
2009-11-22 17:33:50 131 ----a-w- c:\windows\IDB.zip
2009-11-22 17:33:50 1152470 ----a-w- c:\windows\UDB.zip
2009-11-22 17:31:52 0 d-----w- c:\program files\Spyware Doctor
==================== Find3M ====================
2009-12-07 03:02:21 144 ----a-w- c:\docume~1\thomas~1\applic~1\wklnhst.dat
2009-11-03 05:33:06 2143744 ----a-w- C:\1277496.dll
2009-11-03 05:33:06 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-10-25 06:42:16 166369 ----a-w- c:\windows\hpoins28.dat
============= FINISH: 15:04:34.50 ===============