1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browswer Hijacker / Program Files "LP" folder keep reappearing...

Discussion in 'Virus & Other Malware Removal' started by dave07060033, Nov 10, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. dave07060033

    dave07060033 Thread Starter

    Joined:
    Nov 10, 2011
    Messages:
    17
    I got a message from Symantec Anti Virus a couple days ago when I was on a veteran job board about to post a resume. It said it was blocking some suspicious activity. Shortly after that, I noticed when I did a google search for about anything, the links were not going to what I was selecting. I also noticed a lot of strange processes running in task manager. I went to msconfig and deleted the startup processes and there was a folder named "LP" in program files that was not previously there. I deleted it but it keeps regenerating when I reboot. The cryptic processes seem to have stopped for the time being but I am still getting the browser hijacks at random times. Other issues have been strange Internet Explorer messages when I am not even using Internet Explorer, it changed my Firefox and IE settings to use a proxy server, and a couple of random pop up windows. Symantec has something in quarantine called Trojan.FakeAV with an exe file named 02692471103690665.exe. Here is a copy of my HijackThis log file:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:40:33 AM, on 11/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\xxx\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52505
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303912342156
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1303928978968
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    --
    End of file - 6926 bytes

    Thanks in advance for any assistance you can provide.
     
  2. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi dave07060033 and welcome..

    I'm DFW and I am going to try and help you with your Malware problem. Please observe the following points and rules while we work:
    • The fixes are specific to your problem and should only be used for this issue on this machine!.
    • The clean up process can take time. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Some of the Logs we ask for can take some time to Analise, so please be patient
    • This may or may not, solve other issues you have with your machine.
      Note: No Reply Within 3 Days Will Result In Your Topic Being Closed.


    Before we start:
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer.
    However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system.
    It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.


    Going over your log, be back as soon as possible
     
  3. dave07060033

    dave07060033 Thread Starter

    Joined:
    Nov 10, 2011
    Messages:
    17
    Thank you!
     
  4. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi dave07060033

    You welcome


    Download to your desktop DDS from one of the links below:

    Link
    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finish it will open 2 reports.
    • Copy/paste both reports back here and remove DDS from your desktop.



    Gmer
    Download GMER Rootkit Scanner from here.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

      [​IMG]
      Click the image to enlarge it

    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Note: Do not run any programs while Gmer is running.



    Please post back with

    Both DDS Logs and the GMER Log.
     
  5. dave07060033

    dave07060033 Thread Starter

    Joined:
    Nov 10, 2011
    Messages:
    17
    DDS ran and put a notepad file of garbage on the screen. GMER will not run, getting an error message that says LoadDriver(C:"Docum~.... Temp/fxddqpog.sys) error 0xC000010E: Cannot create a stable key under a volatile parent key. Also got a Symantec notification about Trojan.Gen.2 Access Denied.
     
  6. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi dave07060033


    That's probably the infection stopping the tools working, try these below



    1st Post

    Download TDSSKiller.zip and extract it to your Desktop.
    • Double click on TDSSKiller.exe to launch it.
      • If using Vista or Windows7, when prompted by UAC allow the prompt.
    • Click on Start Scan
    • The scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • Post the contents in your next reply please.
    • DO NOT TRY TO FIX ANYTHING AT THIS POINT




    Please download OTL by Old Timer and save it to your Desktop.
    • Double click on OTL.exe to run it.
    • Under Output, ensure that Standard Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.



    Post back

    TDSSKiller Log
    Both OTL Logs
     
  7. dave07060033

    dave07060033 Thread Starter

    Joined:
    Nov 10, 2011
    Messages:
    17
    TDSKILLER came up with one thing, I accidentally hit continue, it says it will cure after reboot. It found rootkit.boot.sst.b. I am not rebooting the computer.

    Here are the 2 OTL logs:

    OTL Extras logfile created on: 11/11/2011 3:12:05 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\dave\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.16 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 72.70% Memory free
    5.00 Gb Paging File | 4.51 Gb Available in Paging File | 90.20% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 201.18 Gb Free Space | 86.39% Space Free | Partition Type: NTFS

    Computer Name: 10R0MQ1 | User Name: | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Opera.HTML] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-504249514-2004877394-1847928074-225766\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
    "AllowOutboundDestinationUnreachable" = 1
    "AllowOutboundSourceQuench" = 1
    "AllowRedirect" = 1
    "AllowInboundEchoRequest" = 1
    "AllowInboundRouterRequest" = 1
    "AllowOutboundTimeExceeded" = 1
    "AllowOutboundParameterProblem" = 1
    "AllowInboundTimestampRequest" = 1
    "AllowInboundMaskRequest" = 1
    "AllowOutboundPacketTooBig" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
    "Enabled" = 1
    "RemoteAddresses" =

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
    "C:\Documents and Settings\dave\Desktop\msgr11us.exe" = C:\Documents and Settings\dave\Desktop\msgr11us.exe:*:Enabled:msgr11us


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03E67C27-BE46-4A44-89E9-D7961542E8D9}" = HP Officejet 7500 E910 Basic Device Software
    "{05F5D4C6-D6E5-4E2A-AE47-6514250870A8}" = AutoCAD Civil 3D 2012 32 Bit Object Enabler on Autodesk® Storm and Sanitary Analysis 2012 - Language Neutral
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{203E564A-51E6-44E5-9DF9-8D0AD66E401D}" = DJ_SF_05_D2600_Software_Min
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}" = HP Officejet 7500 E910 Help
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{5783F2D7-9001-0409-0002-0060B0CE6BBA}" = AutoCAD 2011 - English
    "{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
    "{5783F2D7-A000-0409-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012
    "{5783F2D7-A000-0409-1002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012 Language Pack - English
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{775290AD-C54E-418C-9564-A10836F42C1C}" = D2600
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
    "{800D0D43-5097-470D-9A03-7D6108A43C3E}" = AutoCAD Civil 3D 2012 32 Bit Object Enabler on Autodesk Content Service - Language Neutral
    "{80D3CFFD-4CB5-47A1-8779-11A720A9ADB2}" = HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
    "{84B70C16-7032-41EE-965C-3C8D9D566CBB}" = Symantec Endpoint Protection
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
    "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{20601BE5-6E56-49E5-A6CD-B558A279288B}" =
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{95761B4F-5940-4908-921E-B71B1B183699}" = Intel(R) PROSet/Wireless WiFi Software
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D7926497-E476-489B-B4E9-DBFCA45483A2}" = Autodesk® Storm and Sanitary Analysis 2012
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AutoCAD 2011 - English" = AutoCAD 2011 - English
    "AutoCAD 2011 - English Version 2.1" = AutoCAD 2011 - English Version 2.1
    "AutoCAD Civil 3D 2012" = AutoCAD Civil 3D 2012
    "CCleaner" = CCleaner
    "DriveScrubber 3_is1" = iolo technologies' DriveScrubber 3
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "Just BASIC v1.01" = Just BASIC v1.01
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
    "Office14.STANDARD" = Microsoft Office Standard 2010
    "PDF Report Writer_is1" = PDF Report Writer (novaPDF 6.4 printer)
    "pdfFactory" = pdfFactory
    "ProInst" = Intel PROSet Wireless
    "RealPlayer 12.0" = RealPlayer
    "Shop for HP Supplies" = Shop for HP Supplies
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-504249514-2004877394-1847928074-225766\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/11/2011 8:16:15 AM | Computer Name = 10R0MQ1 | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 11/11/2011 8:16:17 AM | Computer Name = 10R0MQ1 | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 11/11/2011 9:28:16 AM | Computer Name = 10R0MQ1 | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    Error - 11/11/2011 11:24:55 AM | Computer Name = 10R0MQ1 | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Tracking Cookies in File: Cookie:[email protected]/
    by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description:
    The file was deleted successfully.

    Error - 11/11/2011 11:53:29 AM | Computer Name = 10R0MQ1 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.

    Error - 11/11/2011 12:10:52 PM | Computer Name = 10R0MQ1 | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Trojan.Gen.2 in File: c:\System Volume Information\_restore{75798BF8-5303-4F8D-A03A-831C2FD2E049}\RP65\A0018596.exe
    by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
    quarantined successfully.

    Error - 11/11/2011 12:10:56 PM | Computer Name = 10R0MQ1 | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Trojan.Gen.2 in File: c:\System Volume Information\_restore{75798BF8-5303-4F8D-A03A-831C2FD2E049}\RP65\A0018597.exe
    by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
    quarantined successfully.

    Error - 11/11/2011 12:10:58 PM | Computer Name = 10R0MQ1 | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Trojan.Gen.2 in File: c:\System Volume Information\_restore{75798BF8-5303-4F8D-A03A-831C2FD2E049}\RP65\A0018598.exe
    by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
    quarantined successfully.

    Error - 11/11/2011 4:10:12 PM | Computer Name = 10R0MQ1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 11/11/2011 4:10:12 PM | Computer Name = 10R0MQ1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    [ System Events ]
    Error - 11/11/2011 11:57:47 AM | Computer Name = 10R0MQ1 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 15 minutes. NtpClient has no source of accurate
    time.

    Error - 11/11/2011 11:58:33 AM | Computer Name = 10R0MQ1 | Source = Service Control Manager | ID = 7034
    Description = The DNS Client service terminated unexpectedly. It has done this
    1 time(s).

    Error - 11/11/2011 12:22:21 PM | Computer Name = 10R0MQ1 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain CORP due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 11/11/2011 12:25:05 PM | Computer Name = 10R0MQ1 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain CORP due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 11/11/2011 12:30:52 PM | Computer Name = 10R0MQ1 | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain CORP due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 11/11/2011 1:00:24 PM | Computer Name = 10R0MQ1 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 11/11/2011 1:15:27 PM | Computer Name = 10R0MQ1 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 29 minutes. NtpClient has no source of accurate
    time.

    Error - 11/11/2011 2:04:16 PM | Computer Name = 10R0MQ1 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 15 minutes. NtpClient has no source of accurate
    time.

    Error - 11/11/2011 4:06:09 PM | Computer Name = 10R0MQ1 | Source = Dhcp | ID = 1002
    Description = The IP address lease 10.138.47.213 for the Network Card with network
    address A088B487A478 has been denied by the DHCP server 192.168.1.254 (The DHCP
    Server sent a DHCPNACK message).

    Error - 11/11/2011 4:06:14 PM | Computer Name = 10R0MQ1 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 15 minutes. NtpClient has no source of accurate
    time.


    < End of report >


    2nd one:

    OTL logfile created on: 11/11/2011 3:11:56 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\dave\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.16 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 72.70% Memory free
    5.00 Gb Paging File | 4.51 Gb Available in Paging File | 90.20% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 201.18 Gb Free Space | 86.39% Space Free | Partition Type: NTFS

    Computer Name: 10R0MQ1 | User Name: dave | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/11 15:10:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
    PRC - [2011/11/11 15:09:57 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\dave\Desktop\tdsskiller\TDSSKiller.exe
    PRC - [2011/10/07 20:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/01/10 13:18:09 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2011/01/10 13:18:08 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2011/01/10 13:18:08 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2011/01/10 13:18:08 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2011/01/05 13:09:24 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/22 07:43:14 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/10/07 20:09:46 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/08/28 13:52:20 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/06/14 00:43:32 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
    SRV - [2011/01/25 01:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
    SRV - [2011/01/12 07:59:46 | 000,375,056 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2011/01/12 07:59:42 | 000,915,728 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2011/01/10 13:18:09 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2011/01/10 13:18:09 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2011/01/10 13:18:08 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2011/01/10 13:18:08 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2011/01/10 13:18:08 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2011/01/05 13:22:50 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2011/01/05 13:09:24 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2010/12/03 15:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/03 15:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/09/17 11:37:36 | 000,539,944 | ---- | M] (Altiris Inc.) [Disabled | Stopped] -- C:\WINDOWS\AltirisAgentInstSvc.exe -- (Altiris Agent Installation Service)
    SRV - [2010/09/07 16:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2010/02/10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (o2flash)
    SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (O2SDIOAssist)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/09/15 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111110.035\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/09/15 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111110.035\NAVENG.SYS -- (NAVENG)
    DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
    DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/04/26 13:22:12 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/03/23 13:51:56 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sdjxp.sys -- (O2SDJRDR)
    DRV - [2011/02/04 07:38:44 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2011/02/04 07:38:42 | 000,229,416 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2011/02/04 07:38:38 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2011/01/27 14:43:20 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\NTIOLib.sys -- (NTIOLib_1_0_8)
    DRV - [2011/01/25 01:57:18 | 001,660,547 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2011/01/10 13:18:09 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2011/01/10 13:18:09 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2011/01/10 13:18:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2011/01/10 13:18:06 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2011/01/04 11:14:38 | 007,391,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel(R)
    DRV - [2011/01/04 02:58:42 | 000,061,728 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdrxp.sys -- (O2MDRRDR)
    DRV - [2010/12/13 09:33:36 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
    DRV - [2010/10/19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) Intel(R)
    DRV - [2010/10/15 08:29:16 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2010/08/20 11:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stdcfltn.sys -- (stdcfltn)
    DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2010/05/10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
    DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    IE - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/login.asp
    IE - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60283

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 60283
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/24 17:46:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/08 07:05:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 20:09:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/24 17:46:23 | 000,000,000 | ---D | M]

    [2011/08/24 17:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dave\Application Data\Mozilla\Extensions
    [2011/08/24 17:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/08 07:05:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2011/04/26 12:13:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/04/27 13:00:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/10/07 20:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/07 20:09:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2008/04/14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Policies\Microsoft\Internet Explorer\New Windows present
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Policies\Microsoft\Internet Explorer\Privacy present
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Policies\Microsoft\Internet Explorer\SQM present
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
    O7 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1303912342156 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1303928978968 (MUWebControl Class)
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab (WebSDev Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.atc.int
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D5055C3-AF5F-4ACD-91B2-33C0322E466B}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-504249514-2004877394-1847928074-225766 Winlogon: Shell - (C:\Documents and Settings\dave\Application Data\623A1\423E8.exe) -C:\Documents and Settings\dave\Application Data\623A1\423E8.exe ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/08/29 18:29:27 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
    O32 - AutoRun File - [2011/04/26 12:01:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/11 15:10:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
    [2011/11/11 15:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Desktop\tdsskiller
    [2011/11/11 12:25:24 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\dave\Desktop\dds(1).scr
    [2011/11/11 11:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\LP
    [2011/11/11 03:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BhoScanner
    [2011/11/10 03:39:50 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\dave\Desktop\HijackThis.exe
    [2011/11/09 11:52:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dave\Recent
    [2011/11/09 07:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\A1E73
    [2011/11/07 18:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/11/07 18:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/11/07 18:38:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2011/11/07 17:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/11/06 12:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\623A1
    [2011/10/22 07:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\ApplicationHistory
    [2011/10/15 11:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\My Documents\Time & Expenses
    [2011/10/13 18:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\Apple Computer
    [2011/10/13 18:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/10/13 18:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/10/13 18:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2011/10/13 18:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/10/13 18:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Apple
    [2011/10/13 18:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/10/13 18:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2011/10/13 18:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Local Settings\Application Data\Apple Computer
    [2011/10/12 18:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dave\Application Data\SystemRequirementsLab
    [2011/04/27 03:17:14 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/11/11 15:10:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dave\Desktop\OTL.exe
    [2011/11/11 15:09:44 | 001,545,878 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\tdsskiller.zip
    [2011/11/11 12:26:10 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\dave\Desktop\hnzodu44.exe
    [2011/11/11 12:25:24 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\dave\Desktop\dds(1).scr
    [2011/11/11 12:03:00 | 000,507,176 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/11 12:03:00 | 000,090,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/11 11:31:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/11 11:31:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-504249514-2004877394-1847928074-225766.job
    [2011/11/11 11:30:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/11 11:26:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini
    [2011/11/10 04:43:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-504249514-2004877394-1847928074-225766.job
    [2011/11/10 03:39:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\dave\Desktop\HijackThis.exe
    [2011/11/08 04:15:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2011/11/07 18:20:36 | 000,000,127 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2011/10/22 08:00:27 | 000,352,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/22 07:43:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

    ========== Files Created - No Company Name ==========

    [2011/11/11 15:09:43 | 001,545,878 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\tdsskiller.zip
    [2011/11/11 12:26:10 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\dave\Desktop\hnzodu44.exe
    [2011/11/07 18:05:43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/10/13 18:13:16 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2011/08/31 18:31:52 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2011/08/30 03:26:21 | 000,836,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/08/29 03:28:53 | 001,017,662 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-504249514-2004877394-1847928074-225766-0.dat
    [2011/08/29 03:28:52 | 000,339,510 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/08/26 06:18:51 | 000,167,519 | ---- | C] () -- C:\WINDOWS\hphins32.dat.temp
    [2011/08/26 06:18:51 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat.temp
    [2011/08/24 17:36:20 | 000,162,218 | ---- | C] () -- C:\WINDOWS\hphins32.dat
    [2011/08/24 17:36:20 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
    [2011/08/19 04:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
    [2011/08/19 04:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
    [2011/08/19 04:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
    [2011/07/26 01:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2011/04/28 11:39:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2011/04/27 10:51:58 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\instsrv.exe
    [2011/04/27 10:51:58 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
    [2011/04/27 05:22:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
    [2011/04/27 03:17:14 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
    [2011/04/27 03:17:13 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
    [2011/04/27 03:17:12 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
    [2011/04/27 03:17:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
    [2011/04/26 14:51:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2011/04/26 14:51:29 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2011/04/26 14:51:29 | 000,507,176 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/26 14:51:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2011/04/26 14:51:29 | 000,090,186 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/26 14:51:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2011/04/26 14:51:29 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2011/04/26 14:51:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2011/04/26 14:51:27 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2011/04/26 14:51:27 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2011/04/26 14:51:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2011/04/26 14:51:25 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2011/04/26 12:14:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/26 12:04:32 | 000,000,051 | ---- | C] () -- C:\WINDOWS\smsts.ini
    [2011/04/26 12:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/04/26 12:00:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/04/26 12:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2011/04/26 06:56:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/04/26 06:55:30 | 000,352,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/09/17 11:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AeXNSC.exe
    [2010/06/30 22:37:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lpng.dll

    < End of report >
     
  8. dave07060033

    dave07060033 Thread Starter

    Joined:
    Nov 10, 2011
    Messages:
    17
  9. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Good Morning dave07060033


    If you have not done already please reboot your system and let TDSSKiller remove the file, please make sure you post
    the TDSSKiller log along with the others from this post, it will be on your C Drive.





    We need to run an OTL Fix

    • Right-click OTL.exe and select " Run as administrator " to run it.
    • Copy and Paste the following code into the [​IMG] textbox. Do not include the word Code
      Code:
      :processes
      killallprocesses
      
      :OTL
      IE - HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60283
      FF - prefs.js..network.proxy.http: "127.0.0.1"
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      
      
      :files
      C:\Documents and Settings\dave\Application Data\623A1
      C:\WINDOWS\System32\drivers\lvuvc.hs
      ipconfig /flushdns /c
      
      :commands
      [emptyflash]
      [emptytemp]
      [resethosts]
      [clearallrestorepoints]
      [REBOOT]
      
    • Then click the Run Fix button at the top.
    • Click [​IMG].
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.




    Next

    Please download aswMBR and save it to your Desktop.

    • Double click aswMBR.exe to run it.
    • Click the Scan button.
    • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
    • Click OK > Exit.
    • Note: Do not attempt to fix anything at this stage!
    • Two files will be created, aswMBR.txt & a file named MBR.dat.
    • MBR.dat is a backup of the MBR(master boot record), do not delete it..
    • I strongly suggest you keep a copy of this backup stored on an external device.
    • Copy & Paste the contents of aswMBR.txt into your next reply.

    Please post back

    OTL Log
    TDSSKiller Log
    aswMBR Log

     
  10. dave07060033

    dave07060033 Thread Starter

    Joined:
    Nov 10, 2011
    Messages:
    17
    OTL Log

    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    HKU\S-1-5-21-504249514-2004877394-1847928074-225766\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Prefs.js: "127.0.0.1" removed from network.proxy.http
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
    C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    ========== FILES ==========
    File\Folder C:\Documents and Settings\dave\Application Data\623A1 not found.
    C:\WINDOWS\System32\drivers\lvuvc.hs moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\dave\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\dave\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: dave
    ->Flash cache emptied: 2130 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 42347992 bytes
    ->Temporary Internet Files folder emptied: 2417129 bytes
    ->Java cache emptied: 0 bytes

    User: All Users

    User: dave
    ->Temp folder emptied: 33298245 bytes
    ->Temporary Internet Files folder emptied: 26638623 bytes
    ->Java cache emptied: 378784 bytes
    ->FireFox cache emptied: 42478989 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 127493 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2709984 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1313 bytes

    Total Files Cleaned = 144.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 11122011_061400

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    TDSSKILLER Log

    15:10:14.0359 2512 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
    15:10:15.0390 2512 ============================================================
    15:10:15.0390 2512 Current date / time: 2011/11/11 15:10:15.0390
    15:10:15.0390 2512 SystemInfo:
    15:10:15.0390 2512
    15:10:15.0390 2512 OS Version: 5.1.2600 ServicePack: 3.0
    15:10:15.0390 2512 Product type: Workstation
    15:10:15.0390 2512 ComputerName: 10R0MQ1
    15:10:15.0390 2512 UserName: dave
    15:10:15.0390 2512 Windows directory: C:\WINDOWS
    15:10:15.0390 2512 System windows directory: C:\WINDOWS
    15:10:15.0390 2512 Processor architecture: Intel x86
    15:10:15.0390 2512 Number of processors: 4
    15:10:15.0390 2512 Page size: 0x1000
    15:10:15.0390 2512 Boot type: Normal boot
    15:10:15.0390 2512 ============================================================
    15:10:16.0843 2512 Initialize success
    15:10:18.0687 2260 ============================================================
    15:10:18.0687 2260 Scan started
    15:10:18.0687 2260 Mode: Manual;
    15:10:18.0687 2260 ============================================================
    15:10:19.0609 2260 Abiosdsk - ok
    15:10:19.0656 2260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    15:10:19.0656 2260 abp480n5 - ok
    15:10:19.0703 2260 Acceler (3e58933198689f24cfa6ed4b93a80deb) C:\WINDOWS\system32\DRIVERS\Accelern.sys
    15:10:19.0703 2260 Acceler - ok
    15:10:19.0734 2260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    15:10:19.0734 2260 ACPI - ok
    15:10:19.0734 2260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    15:10:19.0734 2260 ACPIEC - ok
    15:10:19.0750 2260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    15:10:19.0750 2260 adpu160m - ok
    15:10:19.0781 2260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    15:10:19.0781 2260 aec - ok
    15:10:19.0828 2260 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
    15:10:19.0828 2260 AESTAud - ok
    15:10:19.0875 2260 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    15:10:19.0875 2260 AFD - ok
    15:10:19.0875 2260 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    15:10:19.0890 2260 agp440 - ok
    15:10:19.0890 2260 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    15:10:19.0890 2260 agpCPQ - ok
    15:10:19.0890 2260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    15:10:19.0890 2260 Aha154x - ok
    15:10:19.0906 2260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    15:10:19.0906 2260 aic78u2 - ok
    15:10:19.0921 2260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    15:10:19.0921 2260 aic78xx - ok
    15:10:19.0921 2260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    15:10:19.0921 2260 AliIde - ok
    15:10:19.0937 2260 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    15:10:19.0937 2260 alim1541 - ok
    15:10:19.0953 2260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    15:10:19.0953 2260 amdagp - ok
    15:10:19.0953 2260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    15:10:19.0953 2260 amsint - ok
    15:10:19.0968 2260 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    15:10:19.0984 2260 ApfiltrService - ok
    15:10:19.0984 2260 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    15:10:20.0000 2260 Arp1394 - ok
    15:10:20.0000 2260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    15:10:20.0000 2260 asc - ok
    15:10:20.0015 2260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    15:10:20.0015 2260 asc3350p - ok
    15:10:20.0015 2260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    15:10:20.0015 2260 asc3550 - ok
    15:10:20.0046 2260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    15:10:20.0046 2260 AsyncMac - ok
    15:10:20.0062 2260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    15:10:20.0062 2260 atapi - ok
    15:10:20.0062 2260 Atdisk - ok
    15:10:20.0093 2260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    15:10:20.0093 2260 Atmarpc - ok
    15:10:20.0109 2260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    15:10:20.0109 2260 audstub - ok
    15:10:20.0156 2260 b57w2k (b45e2ef91664a9ddbfe5bb1534ffd89c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    15:10:20.0156 2260 b57w2k - ok
    15:10:20.0171 2260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    15:10:20.0171 2260 Beep - ok
    15:10:20.0203 2260 BTWUSB (083497b731aa32288a9a84b49757307c) C:\WINDOWS\system32\Drivers\btwusb.sys
    15:10:20.0203 2260 BTWUSB - ok
    15:10:20.0218 2260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    15:10:20.0218 2260 cbidf - ok
    15:10:20.0218 2260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    15:10:20.0218 2260 cbidf2k - ok
    15:10:20.0265 2260 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    15:10:20.0265 2260 CCDECODE - ok
    15:10:20.0281 2260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    15:10:20.0281 2260 cd20xrnt - ok
    15:10:20.0281 2260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    15:10:20.0281 2260 Cdaudio - ok
    15:10:20.0296 2260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    15:10:20.0296 2260 Cdfs - ok
    15:10:20.0328 2260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    15:10:20.0328 2260 Cdrom - ok
    15:10:20.0328 2260 Changer - ok
    15:10:20.0343 2260 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    15:10:20.0343 2260 CmBatt - ok
    15:10:20.0359 2260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    15:10:20.0359 2260 CmdIde - ok
    15:10:20.0375 2260 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    15:10:20.0375 2260 Compbatt - ok
    15:10:20.0390 2260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    15:10:20.0390 2260 Cpqarray - ok
    15:10:20.0421 2260 cpudrv - ok
    15:10:20.0437 2260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    15:10:20.0437 2260 dac2w2k - ok
    15:10:20.0453 2260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    15:10:20.0453 2260 dac960nt - ok
    15:10:20.0468 2260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    15:10:20.0468 2260 Disk - ok
    15:10:20.0531 2260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    15:10:20.0562 2260 dmboot - ok
    15:10:20.0593 2260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    15:10:20.0593 2260 dmio - ok
    15:10:20.0593 2260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    15:10:20.0593 2260 dmload - ok
    15:10:20.0625 2260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    15:10:20.0625 2260 DMusic - ok
    15:10:20.0640 2260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    15:10:20.0640 2260 dpti2o - ok
    15:10:20.0656 2260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    15:10:20.0656 2260 drmkaud - ok
    15:10:20.0718 2260 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    15:10:20.0718 2260 eeCtrl - ok
    15:10:20.0750 2260 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    15:10:20.0750 2260 EraserUtilRebootDrv - ok
    15:10:20.0781 2260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    15:10:20.0796 2260 Fastfat - ok
    15:10:20.0843 2260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    15:10:20.0843 2260 Fdc - ok
    15:10:20.0859 2260 FilterService - ok
    15:10:20.0875 2260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    15:10:20.0875 2260 Fips - ok
    15:10:20.0890 2260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    15:10:20.0890 2260 Flpydisk - ok
    15:10:20.0890 2260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    15:10:20.0906 2260 FltMgr - ok
    15:10:20.0921 2260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    15:10:20.0921 2260 Fs_Rec - ok
    15:10:20.0921 2260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    15:10:20.0937 2260 Ftdisk - ok
    15:10:20.0953 2260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    15:10:20.0953 2260 Gpc - ok
    15:10:20.0968 2260 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    15:10:20.0968 2260 HDAudBus - ok
    15:10:21.0000 2260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    15:10:21.0000 2260 HidUsb - ok
    15:10:21.0015 2260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    15:10:21.0015 2260 hpn - ok
    15:10:21.0046 2260 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    15:10:21.0046 2260 HPZid412 - ok
    15:10:21.0046 2260 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    15:10:21.0046 2260 HPZipr12 - ok
    15:10:21.0093 2260 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    15:10:21.0093 2260 HPZius12 - ok
    15:10:21.0140 2260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    15:10:21.0140 2260 HTTP - ok
    15:10:21.0171 2260 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    15:10:21.0187 2260 i2omgmt - ok
    15:10:21.0203 2260 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    15:10:21.0203 2260 i2omp - ok
    15:10:21.0234 2260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    15:10:21.0234 2260 i8042prt - ok
    15:10:21.0343 2260 ialm (70faf4239ea830b12952a8cd665d4dca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    15:10:21.0390 2260 ialm - ok
    15:10:21.0453 2260 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    15:10:21.0453 2260 iaStor - ok
    15:10:21.0500 2260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    15:10:21.0500 2260 Imapi - ok
    15:10:21.0546 2260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    15:10:21.0546 2260 ini910u - ok
    15:10:21.0578 2260 IntcDAud (34ee48d11c584eedb59fd0d537ac2296) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
    15:10:21.0593 2260 IntcDAud - ok
    15:10:21.0656 2260 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    15:10:21.0656 2260 IntelIde - ok
    15:10:21.0734 2260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    15:10:21.0734 2260 intelppm - ok
    15:10:21.0843 2260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    15:10:21.0843 2260 Ip6Fw - ok
    15:10:21.0859 2260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    15:10:21.0859 2260 IpFilterDriver - ok
    15:10:21.0875 2260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    15:10:21.0875 2260 IpInIp - ok
    15:10:21.0906 2260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    15:10:21.0906 2260 IpNat - ok
    15:10:21.0921 2260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    15:10:21.0921 2260 IPSec - ok
    15:10:21.0953 2260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    15:10:21.0953 2260 IRENUM - ok
    15:10:21.0968 2260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    15:10:21.0968 2260 isapnp - ok
    15:10:22.0000 2260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    15:10:22.0000 2260 Kbdclass - ok
    15:10:22.0015 2260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    15:10:22.0015 2260 kmixer - ok
    15:10:22.0031 2260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    15:10:22.0031 2260 KSecDD - ok
    15:10:22.0046 2260 lbrtfdc - ok
    15:10:22.0109 2260 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    15:10:22.0125 2260 LVRS - ok
    15:10:22.0250 2260 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    15:10:22.0375 2260 LVUVC - ok
    15:10:22.0421 2260 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\WINDOWS\system32\DRIVERS\HECI.sys
    15:10:22.0421 2260 MEI - ok
    15:10:22.0437 2260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    15:10:22.0437 2260 mnmdd - ok
    15:10:22.0500 2260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    15:10:22.0500 2260 Modem - ok
    15:10:22.0531 2260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    15:10:22.0531 2260 Mouclass - ok
    15:10:22.0562 2260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    15:10:22.0562 2260 mouhid - ok
    15:10:22.0593 2260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    15:10:22.0593 2260 MountMgr - ok
    15:10:22.0625 2260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    15:10:22.0625 2260 mraid35x - ok
    15:10:22.0640 2260 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    15:10:22.0656 2260 MRxDAV - ok
    15:10:22.0687 2260 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    15:10:22.0703 2260 MRxSmb - ok
    15:10:22.0718 2260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    15:10:22.0718 2260 Msfs - ok
    15:10:22.0796 2260 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
    15:10:22.0812 2260 MSI_MSIBIOS_010507 - ok
    15:10:22.0828 2260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    15:10:22.0828 2260 MSKSSRV - ok
    15:10:22.0843 2260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    15:10:22.0843 2260 MSPCLOCK - ok
    15:10:22.0843 2260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    15:10:22.0843 2260 MSPQM - ok
    15:10:22.0875 2260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15:10:22.0875 2260 mssmbios - ok
    15:10:22.0921 2260 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    15:10:22.0921 2260 MSTEE - ok
    15:10:22.0937 2260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    15:10:22.0937 2260 Mup - ok
    15:10:22.0968 2260 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    15:10:22.0968 2260 NABTSFEC - ok
    15:10:23.0062 2260 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111110.035\NAVENG.SYS
    15:10:23.0062 2260 NAVENG - ok
    15:10:23.0125 2260 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111110.035\NAVEX15.SYS
    15:10:23.0140 2260 NAVEX15 - ok
    15:10:23.0187 2260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    15:10:23.0187 2260 NDIS - ok
    15:10:23.0218 2260 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    15:10:23.0218 2260 NdisIP - ok
    15:10:23.0250 2260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    15:10:23.0250 2260 NdisTapi - ok
    15:10:23.0296 2260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    15:10:23.0296 2260 Ndisuio - ok
    15:10:23.0312 2260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    15:10:23.0312 2260 NdisWan - ok
    15:10:23.0328 2260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    15:10:23.0328 2260 NDProxy - ok
    15:10:23.0328 2260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    15:10:23.0328 2260 NetBIOS - ok
    15:10:23.0359 2260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    15:10:23.0359 2260 NetBT - ok
    15:10:23.0593 2260 NETwNx32 (652308afd32697467903776cb6a85eb2) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
    15:10:23.0781 2260 NETwNx32 - ok
    15:10:23.0781 2260 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    15:10:23.0781 2260 NIC1394 - ok
    15:10:23.0796 2260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    15:10:23.0796 2260 Npfs - ok
    15:10:23.0843 2260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    15:10:23.0843 2260 Ntfs - ok
    15:10:23.0921 2260 NTIOLib_1_0_8 (aa70ed3b0d93c1073260a5043805b6db) C:\PROGRA~1\MSI\MSIWDev\NTIOLib.sys
    15:10:23.0937 2260 NTIOLib_1_0_8 - ok
    15:10:23.0968 2260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    15:10:23.0968 2260 Null - ok
    15:10:24.0000 2260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    15:10:24.0000 2260 NwlnkFlt - ok
    15:10:24.0015 2260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    15:10:24.0015 2260 NwlnkFwd - ok
    15:10:24.0031 2260 O2MDRRDR (f24dc5d512ff86576f406e9c1427e8bb) C:\WINDOWS\system32\DRIVERS\O2MDRxp.sys
    15:10:24.0031 2260 O2MDRRDR - ok
    15:10:24.0046 2260 O2SDJRDR (3083b3d0c74b59facde7f0cbbf25e659) C:\WINDOWS\system32\DRIVERS\o2sdjxp.sys
    15:10:24.0046 2260 O2SDJRDR - ok
    15:10:24.0093 2260 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    15:10:24.0093 2260 ohci1394 - ok
    15:10:24.0109 2260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    15:10:24.0109 2260 Parport - ok
    15:10:24.0109 2260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    15:10:24.0125 2260 PartMgr - ok
    15:10:24.0140 2260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    15:10:24.0140 2260 ParVdm - ok
    15:10:24.0171 2260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    15:10:24.0171 2260 PCI - ok
    15:10:24.0187 2260 PCIDump - ok
    15:10:24.0203 2260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    15:10:24.0203 2260 PCIIde - ok
    15:10:24.0203 2260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    15:10:24.0218 2260 Pcmcia - ok
    15:10:24.0218 2260 PDCOMP - ok
    15:10:24.0218 2260 PDFRAME - ok
    15:10:24.0234 2260 PDRELI - ok
    15:10:24.0234 2260 PDRFRAME - ok
    15:10:24.0250 2260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    15:10:24.0250 2260 perc2 - ok
    15:10:24.0250 2260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    15:10:24.0265 2260 perc2hib - ok
    15:10:24.0296 2260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    15:10:24.0296 2260 PptpMiniport - ok
    15:10:24.0312 2260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    15:10:24.0312 2260 PSched - ok
    15:10:24.0312 2260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    15:10:24.0312 2260 Ptilink - ok
    15:10:24.0328 2260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    15:10:24.0328 2260 ql1080 - ok
    15:10:24.0328 2260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    15:10:24.0343 2260 Ql10wnt - ok
    15:10:24.0343 2260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    15:10:24.0343 2260 ql12160 - ok
    15:10:24.0359 2260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    15:10:24.0359 2260 ql1240 - ok
    15:10:24.0359 2260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    15:10:24.0359 2260 ql1280 - ok
    15:10:24.0375 2260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    15:10:24.0375 2260 RasAcd - ok
    15:10:24.0390 2260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    15:10:24.0390 2260 Rasl2tp - ok
    15:10:24.0390 2260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    15:10:24.0390 2260 RasPppoe - ok
    15:10:24.0406 2260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    15:10:24.0406 2260 Raspti - ok
    15:10:24.0421 2260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    15:10:24.0421 2260 Rdbss - ok
    15:10:24.0437 2260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    15:10:24.0437 2260 RDPCDD - ok
    15:10:24.0453 2260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    15:10:24.0453 2260 rdpdr - ok
    15:10:24.0500 2260 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    15:10:24.0500 2260 RDPWD - ok
    15:10:24.0515 2260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    15:10:24.0531 2260 redbook - ok
    15:10:24.0593 2260 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    15:10:24.0593 2260 s24trans - ok
    15:10:24.0625 2260 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    15:10:24.0625 2260 sdbus - ok
    15:10:24.0656 2260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    15:10:24.0656 2260 Secdrv - ok
    15:10:24.0687 2260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    15:10:24.0687 2260 Serial - ok
    15:10:24.0750 2260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    15:10:24.0765 2260 Sfloppy - ok
    15:10:24.0765 2260 Simbad - ok
    15:10:24.0812 2260 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    15:10:24.0812 2260 sisagp - ok
    15:10:24.0843 2260 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    15:10:24.0843 2260 SLIP - ok
    15:10:24.0875 2260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    15:10:24.0875 2260 Sparrow - ok
    15:10:24.0953 2260 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    15:10:24.0953 2260 SPBBCDrv - ok
    15:10:25.0000 2260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    15:10:25.0000 2260 splitter - ok
    15:10:25.0031 2260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    15:10:25.0031 2260 sr - ok
    15:10:25.0062 2260 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\WINDOWS\system32\Drivers\SRTSP.SYS
    15:10:25.0062 2260 SRTSP - ok
    15:10:25.0093 2260 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
    15:10:25.0093 2260 SRTSPL - ok
    15:10:25.0109 2260 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
    15:10:25.0109 2260 SRTSPX - ok
    15:10:25.0140 2260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    15:10:25.0156 2260 Srv - ok
    15:10:25.0187 2260 stdcfltn (1e72739a30a0d3e3fc95ebb07f83912d) C:\WINDOWS\system32\DRIVERS\stdcfltn.sys
    15:10:25.0187 2260 stdcfltn - ok
    15:10:25.0265 2260 STHDA (a553c4dc4a0a2d3b8b11202115321ace) C:\WINDOWS\system32\drivers\sthda.sys
    15:10:25.0296 2260 STHDA - ok
    15:10:25.0328 2260 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    15:10:25.0328 2260 streamip - ok
    15:10:25.0359 2260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    15:10:25.0375 2260 swenum - ok
    15:10:25.0390 2260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    15:10:25.0390 2260 swmidi - ok
    15:10:25.0406 2260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    15:10:25.0406 2260 symc810 - ok
    15:10:25.0406 2260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    15:10:25.0406 2260 symc8xx - ok
    15:10:25.0421 2260 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    15:10:25.0421 2260 SymEvent - ok
    15:10:25.0437 2260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    15:10:25.0437 2260 sym_hi - ok
    15:10:25.0437 2260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    15:10:25.0453 2260 sym_u3 - ok
    15:10:25.0468 2260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    15:10:25.0468 2260 sysaudio - ok
    15:10:25.0500 2260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    15:10:25.0500 2260 Tcpip - ok
    15:10:25.0531 2260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    15:10:25.0546 2260 TDPIPE - ok
    15:10:25.0578 2260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    15:10:25.0578 2260 TDTCP - ok
    15:10:25.0593 2260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    15:10:25.0593 2260 TermDD - ok
    15:10:25.0609 2260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    15:10:25.0609 2260 TosIde - ok
    15:10:25.0640 2260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    15:10:25.0640 2260 Udfs - ok
    15:10:25.0640 2260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    15:10:25.0640 2260 ultra - ok
    15:10:25.0656 2260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    15:10:25.0671 2260 Update - ok
    15:10:25.0718 2260 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    15:10:25.0718 2260 usbaudio - ok
    15:10:25.0765 2260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    15:10:25.0765 2260 usbccgp - ok
    15:10:25.0781 2260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    15:10:25.0781 2260 usbehci - ok
    15:10:25.0796 2260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    15:10:25.0796 2260 usbhub - ok
    15:10:25.0843 2260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    15:10:25.0843 2260 usbprint - ok
    15:10:25.0875 2260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    15:10:25.0875 2260 usbscan - ok
    15:10:25.0890 2260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    15:10:25.0890 2260 USBSTOR - ok
    15:10:25.0921 2260 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    15:10:25.0921 2260 usbvideo - ok
    15:10:25.0937 2260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    15:10:25.0937 2260 VgaSave - ok
    15:10:25.0953 2260 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    15:10:25.0953 2260 viaagp - ok
    15:10:25.0968 2260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    15:10:25.0968 2260 ViaIde - ok
    15:10:25.0984 2260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    15:10:25.0984 2260 VolSnap - ok
    15:10:26.0000 2260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    15:10:26.0000 2260 Wanarp - ok
    15:10:26.0062 2260 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    15:10:26.0062 2260 Wdf01000 - ok
    15:10:26.0078 2260 WDICA - ok
    15:10:26.0093 2260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    15:10:26.0093 2260 wdmaud - ok
    15:10:26.0156 2260 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    15:10:26.0156 2260 WmiAcpi - ok
    15:10:26.0187 2260 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    15:10:26.0187 2260 WSTCODEC - ok
    15:10:26.0203 2260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    15:10:26.0203 2260 WudfPf - ok
    15:10:26.0218 2260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    15:10:26.0218 2260 WudfRd - ok
    15:10:26.0250 2260 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    15:10:26.0281 2260 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    15:10:26.0281 2260 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    15:10:26.0312 2260 Boot (0x1200) (ccc50c77a14518c52895c54413140658) \Device\Harddisk0\DR0\Partition0
    15:10:26.0312 2260 \Device\Harddisk0\DR0\Partition0 - ok
    15:10:26.0312 2260 ============================================================
    15:10:26.0312 2260 Scan finished
    15:10:26.0312 2260 ============================================================
    15:10:26.0328 3416 Detected object count: 1
    15:10:26.0328 3416 Actual detected object count: 1
    15:18:56.0921 3416 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    15:18:56.0921 3416 \Device\Harddisk0\DR0 - ok
    15:18:56.0921 3416 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
    05:18:47.0593 2576 Deinitialize success

    aswMBR Log

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-12 06:22:00
    -----------------------------
    06:22:00.531 OS Version: Windows 5.1.2600 Service Pack 3
    06:22:00.531 Number of processors: 4 586 0x2A07
    06:22:00.531 ComputerName: 10R0MQ1 UserName:
    06:22:01.453 Initialize success
    06:24:34.859 AVAST engine defs: 11111200
    06:25:40.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    06:25:40.656 Disk 0 Vendor: WDC_WD2500BEKT-75PVMT0 01.01A01 Size: 238475MB BusType: 3
    06:25:40.828 Disk 0 MBR read successfully
    06:25:40.828 Disk 0 MBR scan
    06:25:40.875 Disk 0 Windows 7 default MBR code
    06:25:40.875 Disk 0 scanning sectors +488392065
    06:25:40.968 Disk 0 scanning C:\WINDOWS\system32\drivers
    06:25:54.437 Service scanning
    06:25:55.687 Modules scanning
    06:26:00.000 Disk 0 trace - called modules:
    06:26:00.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    06:26:00.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a792ab8]
    06:26:00.015 3 CLASSPNP.SYS[b9988fd7] -> nt!IofCallDriver -> [0x8a79fbb8]
    06:26:00.015 5 stdcfltn.sys[b9ce9896] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7e0d98]
    06:26:00.718 AVAST engine scan C:\WINDOWS
    06:26:01.500 File: C:\WINDOWS\AltirisAgentInstSvc.exe **INFECTED** Win32:Malware-gen
    06:26:04.562 AVAST engine scan C:\WINDOWS\system32
    06:28:10.000 AVAST engine scan C:\WINDOWS\system32\drivers
    06:28:24.078 AVAST engine scan C:\Documents and Settings\dave
    06:28:24.203 File: C:\Documents and Settings\dave\Application Data\623A1\0F6E8.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:24.343 File: C:\Documents and Settings\dave\Application Data\623A1\29A48.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:24.421 File: C:\Documents and Settings\dave\Application Data\623A1\2B798.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:24.484 File: C:\Documents and Settings\dave\Application Data\623A1\30909.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:24.593 File: C:\Documents and Settings\dave\Application Data\623A1\423E8.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:24.687 File: C:\Documents and Settings\dave\Application Data\623A1\53C98.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:24.781 File: C:\Documents and Settings\dave\Application Data\623A1\580D8.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:24.906 File: C:\Documents and Settings\dave\Application Data\623A1\5F088.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:25.000 File: C:\Documents and Settings\dave\Application Data\623A1\664C8.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:25.109 File: C:\Documents and Settings\dave\Application Data\623A1\8F508.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:25.250 File: C:\Documents and Settings\dave\Application Data\623A1\9C9C8.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:25.421 File: C:\Documents and Settings\dave\Application Data\623A1\A09A8.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:25.562 File: C:\Documents and Settings\dave\Application Data\623A1\A9698.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:25.687 File: C:\Documents and Settings\dave\Application Data\623A1\ACEA1.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:25.765 File: C:\Documents and Settings\dave\Application Data\623A1\AD008.exe **INFECTED** Win32:Cycbot-OH [Trj]
    06:28:25.921 File: C:\Documents and Settings\dave\Application Data\623A1\B31C8.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:26.078 File: C:\Documents and Settings\dave\Application Data\623A1\C0388.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:26.171 File: C:\Documents and Settings\dave\Application Data\623A1\C7708.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:26.328 File: C:\Documents and Settings\dave\Application Data\623A1\CE4A8.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:26.468 File: C:\Documents and Settings\dave\Application Data\623A1\E2908.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:26.578 File: C:\Documents and Settings\dave\Application Data\623A1\E5108.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:26.671 File: C:\Documents and Settings\dave\Application Data\623A1\EA778.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:28:26.843 File: C:\Documents and Settings\dave\Application Data\623A1\F4D18.exe **INFECTED** Win32:Cycbot-OD [Trj]
    06:29:08.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\dave\Desktop\MBR.dat"
    06:29:08.593 The log file has been saved successfully to "C:\Documents and Settings\dave\Desktop\aswMBR.txt"
     
  11. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi dave07060033

    I must warn you that one or more of the identified infections is a backdoor trojan.

    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Cycbot

    http://www.eset.eu/encyclopaedia/win32-cycbot-af-trojan-scar-drqx-backdoor-gbot-origin?lng=en

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    If you have done any banking or other financial transactions on the PC or if it should contain any other sensitive information, since you have been infected please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

    We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

    Should you have any questions, please feel free to ask.

    Please let us know what you have decided to do in your next post.
     
  12. dave07060033

    dave07060033 Thread Starter

    Joined:
    Nov 10, 2011
    Messages:
    17
    For now I would like to remove it and I will probably do a reinstall of the OS later
     
  13. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Hi dave07060033


    Download and Run ComboFix (by sUBs)

    Download ComboFix from here to your Desktop.

    Please visit this webpage for instructions for downloading and running ComboFix:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix.


    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, we must have this pre-installed on your machine before doing any malware removal.
      It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper




    Run a ESET online scan

    You can use either Internet Explorer or Mozilla FireFox for this scan.

    • First please Disable any Antivirus you have active, as shown in This topic.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scannner
    • Select the option YES, I accept the Terms of Use then click on Start.
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.



    Please post back


    Eset Online Scan Log
    Combofix Log

     
  14. dave07060033

    dave07060033 Thread Starter

    Joined:
    Nov 10, 2011
    Messages:
    17
    ComboFix Log File

    ComboFix 11-11-12.02 - dave 11/12/2011 8:08.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2391 [GMT -5:00]
    Running from: c:\documents and settings\dave\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\LP
    c:\program files\LP\0806\11.tmp
    c:\program files\LP\0806\16.tmp
    c:\program files\LP\0806\1C.tmp
    c:\program files\LP\0806\3.tmp
    c:\program files\LP\0806\3D0.exe
    c:\program files\LP\0806\4.tmp
    c:\program files\LP\0806\5.tmp
    c:\program files\LP\B8A6\4.tmp
    c:\program files\LP\B8A6\5.exe
    c:\program files\LP\B8A6\5.tmp
    c:\program files\LP\B8A6\81C.exe
    c:\windows\AeXNSC.exe
    c:\windows\system32\instsrv.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-12 11:14 . 2011-11-12 11:14 -------- d-----w- C:\_OTL
    2011-11-09 12:24 . 2011-11-12 11:20 -------- d-----w- c:\program files\A1E73
    2011-11-07 23:43 . 2011-11-07 23:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-07 23:38 . 2011-11-07 23:38 -------- d--h--w- c:\windows\PIF
    2011-11-07 22:55 . 2011-11-11 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-11-06 17:19 . 2011-11-12 11:20 -------- d-----w- c:\documents and settings\dave\Application Data\623A1
    2011-10-22 12:49 . 2011-10-22 12:50 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\ApplicationHistory
    2011-10-16 23:55 . 2011-10-16 23:55 18139008 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    2011-10-13 23:14 . 2011-10-16 12:25 -------- d-----w- c:\documents and settings\dave\Application Data\Apple Computer
    2011-10-13 23:14 . 2011-10-13 23:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-13 23:14 . 2011-10-13 23:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-13 23:14 . 2011-10-13 23:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-13 23:14 . 2011-10-13 23:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-13 23:14 . 2011-10-13 23:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-13 23:14 . 2011-10-13 23:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-13 23:14 . 2011-10-13 23:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-13 23:13 . 2011-10-13 23:14 -------- d-----w- c:\program files\QuickTime
    2011-10-13 23:13 . 2011-10-13 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2011-10-13 23:13 . 2011-10-13 23:13 -------- d-----w- c:\program files\Common Files\Apple
    2011-10-13 23:13 . 2011-10-13 23:13 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Apple
    2011-10-13 23:13 . 2011-10-13 23:13 -------- d-----w- c:\program files\Apple Software Update
    2011-10-13 23:13 . 2011-10-13 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2011-10-13 23:13 . 2011-10-13 23:13 -------- d-----w- c:\documents and settings\dave\Local Settings\Application Data\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-22 12:43 . 2011-08-24 23:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2011-04-26 17:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-08 12:05 . 2010-10-25 20:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-09-28 07:06 . 2011-04-26 19:51 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2011-04-26 19:51 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2009-10-08 19:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2011-04-26 19:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20 . 2011-04-26 19:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 23:31 . 2011-08-31 23:31 74703 ----a-w- c:\windows\system32\mfc45.dll
    2011-08-22 23:48 . 2011-04-26 19:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48 . 2011-04-26 19:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48 . 2011-04-26 19:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56 . 2011-04-26 19:51 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-19 09:26 . 2011-08-19 09:26 545056 ----a-w- c:\windows\system32\LVUI2.dll
    2011-08-19 09:26 . 2011-08-19 09:26 540960 ----a-w- c:\windows\system32\LVUI2RC.dll
    2011-08-19 09:26 . 2011-08-19 09:26 4334624 ----a-w- c:\windows\system32\drivers\lvuvc.sys
    2011-08-19 09:26 . 2011-08-19 09:26 315808 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2011-08-19 09:26 . 2011-08-19 09:26 307488 ----a-w- c:\windows\system32\lvcodec2.dll
    2011-08-19 09:26 . 2011-08-19 09:26 196896 ----a-w- c:\windows\system32\lvci13301394.dll
    2011-08-19 09:26 . 2011-08-19 09:26 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
    2011-08-19 09:26 . 2011-08-19 09:26 10898456 ----a-w- c:\windows\system32\LogiDPP.dll
    2011-08-19 09:26 . 2011-08-19 09:26 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
    2011-08-17 13:49 . 2011-04-26 19:51 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-10-08 01:09 . 2011-08-24 22:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "consentpromptbehavioradmin"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceStartMenuLogOff"= 1 (0x1)
    "NoSimpleStartMenu"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 14:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Autodesk Content Service"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "WLANKEEPER"=2 (0x2)
    "UNS"=2 (0x2)
    "STacSV"=2 (0x2)
    "osppsvc"=3 (0x3)
    "ose"=3 (0x3)
    "O2SDIOAssist"=2 (0x2)
    "o2flash"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LMS"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "ioloSystemService"=2 (0x2)
    "idsvc"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "EvtEng"=2 (0x2)
    "Altiris Agent Installation Service"=2 (0x2)
    "UMVPFSrv"=2 (0x2)
    "SDUpdateService"=2 (0x2)
    "SDHookService"=2 (0x2)
    "SDScannerService"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
    "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [4/27/2011 3:16 AM 17648]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [4/27/2011 3:16 AM 43888]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/27/2011 3:13 AM 113664]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/8/2011 4:00 AM 106104]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [4/27/2011 3:17 AM 260864]
    R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [4/27/2011 5:22 AM 41088]
    R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/27/2011 3:22 AM 7391744]
    R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\o2mdrxp.sys [4/27/2011 10:51 AM 61728]
    R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [4/27/2011 10:51 AM 63976]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
    S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 10:44 AM 25912]
    S3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib.sys [1/27/2011 2:43 PM 7680]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/26/2011 2:51 PM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 Altiris Agent Installation Service;Altiris Agent Installation Service;c:\windows\AltirisAgentInstSvc.exe [8/24/2011 4:06 PM 539944]
    S4 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2/2/2011 1:08 PM 18656]
    S4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [8/31/2011 6:34 PM 722616]
    S4 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [4/27/2011 10:51 AM 8192]
    S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
    S4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [4/27/2011 5:22 AM 2656280]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-504249514-2004877394-1847928074-225766.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
    .
    2011-11-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-504249514-2004877394-1847928074-225766.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/login.asp
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:60283
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\jy1o5e9x.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 60283
    FF - prefs.js: network.proxy.type - 1
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-3D0.exe - c:\program files\LP\0806\3D0.exe
    SafeBoot-Symantec Antvirus
    MSConfigStartUp-81C - c:\program files\LP\B8A6\81C.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-12 08:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(888)
    c:\windows\system32\netprovcredman.dll
    .
    Completion time: 2011-11-12 08:12:33
    ComboFix-quarantined-files.txt 2011-11-12 13:12
    .
    Pre-Run: 221,113,413,632 bytes free
    Post-Run: 221,159,944,192 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - F5136620021613E46791AEF02B6DED53

    ESET Log File

    C:\Documents and Settings\dave\Application Data\623A1\0F6E8.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\29A48.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\2B798.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\30909.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\423E8.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\53C98.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\580D8.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\5F088.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\664C8.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\8F508.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\9C9C8.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\A09A8.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\A9698.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\ACEA1.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\AD008.exe a variant of Win32/Kryptik.ABW trojan
    C:\Documents and Settings\dave\Application Data\623A1\B31C8.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\C0388.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\C7708.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\CE4A8.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\E2908.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\E5108.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\EA778.exe Win32/Cycbot.AF trojan
    C:\Documents and Settings\dave\Application Data\623A1\F4D18.exe Win32/Cycbot.AF trojan
    C:\Program Files\A1E73\lvvm.exe a variant of Win32/Kryptik.ABW trojan
    C:\Qoobox\Quarantine\C\Program Files\LP\B8A6\5.exe.vir a variant of Win32/Kryptik.ABW trojan
    C:\System Volume Information\_restore{75798BF8-5303-4F8D-A03A-831C2FD2E049}\RP69\A0019132.exe Win32/Cycbot.AF trojan
    C:\System Volume Information\_restore{75798BF8-5303-4F8D-A03A-831C2FD2E049}\RP70\A0019162.exe a variant of Win32/Kryptik.ABW trojan
     
  15. DFW

    DFW Malware Specialist

    Joined:
    Jun 12, 2004
    Messages:
    1,458
    Check - Reset Proxy settings

    Internet Explorer Proxy settings:
    1. Open Internet Explorer > click Tools > Internet Options > Connections tab.
    2. Click the LAN Settings... button and uncheck Use a proxy server for your LAN
      or change the settings to the proxy you normally use if you previously reconfigured it.
    3. Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
    4. Click OK... then click OK again.
    5. Close Internet Explorer and -restart- the computer.
    6. Information with screenshots can be found in steps 3-7 under the section Automated Removal Instructions... in this guide.


    Firefox Proxy settings:
    1. Open Firefox, click Tools > Options > Advanced and click the Network Tab.
    2. Under the Connection section click on the Settings... button.
    3. Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
    4. Click OK... then click OK again.
    5. Close Firefox and Restart the computer.






    Run Combofix Script
    Stop all your monitoring programs this time (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      Folder::
      c:\documents and settings\dave\Application Data\623A1
      C:\Program Files\A1E73
      c:\documents and settings\dave\Local Settings\Application Data\ApplicationHistory
      
      Registry::
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Autodesk Content Service"=-
      "WMPNetworkSvc"=-
      "WLANKEEPER"=-
      "UNS"=-
      "STacSV"=-
      "osppsvc"=-
      "ose"=-
      "O2SDIOAssist"=-
      "o2flash"=-
      "LVPrcSrv"=-
      "LMS"=-
      "LiveUpdate"=-
      "JavaQuickStarterService"=-
      "ioloSystemService"=-
      "idsvc"=-
      "FLEXnet Licensing Service"=-
      "EvtEng"=-
      "Altiris Agent Installation Service"=-
      "UMVPFSrv"=-
      "SDUpdateService"=-
      "SDHookService"=-
      "SDScannerService"=-
      
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


      [​IMG]

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.




    Download and Run MalwareBytes' Anti-Malware It is free for home use.
    Please go here to the Download Location, click on Download in the Free column..
    When the next page comes up, click on the Download Now button.
    • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
    • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
    • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
    • Double Click the download to run the installer.
    • Let it install where it wants to, with the default settings, and click Finish.
    • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
    • If necessary, start Malwarebytes Anti-Malware again.
      (You can Decline any Offer for a Trial if you don't want the paid version)
    • Once the program has started up, select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
    • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.



    Please post back

    A good description on how things are now with your system after running the above..

    MalwareBytes Log
    Combofix Log














    .
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Browswer Hijacker Program
  1. bj nick
    Replies:
    0
    Views:
    807
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026237

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice