Virus/trojan took over!

Mikeryan1 · Jan 2, 2010

I attempted to download a free version of a DVD ripper program last night. When I turned on my computer this morning, Windows Defender was freaking out! I tried to run search and destroy, Windows defender and even install Malewarebytes, but whatever it is has prevented me from doing that, or logging onto the internet.

Luckily, I have access to another computer, so, based on the Sticky up top, I first rebooted in Safe Mode to see if I could run Windows Defender or Search and Destroy. No luck. I backed up all my document and pictures files to be safe. While in Safe mode, I attempted to install Malwarebytes off of a flash drive, but wa unable to do so.

I downloaded HiJack this onto a flash drive and installed it on the infected computer. I have the file log, if someone would like to help me out.

Thank in advance,
Mike

Mikeryan1 · Jan 2, 2010

Attached Log from HiJack:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 3:43:24 PM, on 1/2/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Mike\AppData\Local\Temp\settdebugx.exe
C:\Users\Mike\Documents\RCA Detective\RCADetective.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Mike\AppData\Local\Temp\wscsvc32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Mike\AppData\Local\Temp\Installer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wftv.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\Mike\AppData\Local\Temp\settdebugx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RCA Detective.lnk = C:\Users\Mike\Documents\RCA Detective\RCADetective.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://125.206.34.117/cgi-bin/kxhcm10.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://76.108.199.199:1024/img/NetCamPlayerWeb11g.ocx
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JS...7/&filename=jinstall-6u12-windows-i586-jc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://lts.maronda.com/dwa8W.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://63.165.41.9/JpegInst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14646 bytes

CNova · Jan 2, 2010

It looks like you're infected with a TDSS variant

Download, extract and run TDSSKiller - http://support.kaspersky.com/downloads/utils/tdsskiller.zip

If for some reason it doesn't run, rename it with random character such as "hf83cvf.exe" and remember to run it as Administrator

When TDSSKiller finishes, post the log that should be in C: and named like "TDSSKiller.2.1.1_02.log"
Also post another HjT log as well.

Mikeryan1 · Jan 2, 2010

THANKS!!

This is what I have:

17:11:25:100 3416 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
17:11:25:101 3416 ================================================================================
17:11:25:101 3416 SystemInfo:

17:11:25:101 3416 OS Version: 6.0.6001 ServicePack: 1.0
17:11:25:101 3416 Product type: Workstation
17:11:25:102 3416 ComputerName: MIKE-PC
17:11:25:104 3416 UserName: Mike
17:11:25:104 3416 Windows directory: C:\Windows
17:11:25:104 3416 Processor architecture: Intel x86
17:11:25:104 3416 Number of processors: 2
17:11:25:104 3416 Page size: 0x1000
17:11:25:110 3416 Boot type: Normal boot
17:11:25:111 3416 ================================================================================
17:11:25:120 3416 ForceUnloadDriver: NtUnloadDriver error 2
17:11:25:124 3416 ForceUnloadDriver: NtUnloadDriver error 2
17:11:25:127 3416 ForceUnloadDriver: NtUnloadDriver error 2
17:11:25:130 3416 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0
17:11:25:132 3416 main: Driver KLMD successfully dropped
17:11:25:165 3416 main: Driver KLMD successfully loaded
17:11:25:165 3416
Scanning Registry ...
17:11:25:167 3416 ScanServices: Searching service UACd.sys
17:11:25:167 3416 ScanServices: Open/Create key error 2
17:11:25:168 3416 ScanServices: Searching service TDSSserv.sys
17:11:25:168 3416 ScanServices: Open/Create key error 2
17:11:25:168 3416 ScanServices: Searching service gaopdxserv.sys
17:11:25:168 3416 ScanServices: Open/Create key error 2
17:11:25:168 3416 ScanServices: Searching service gxvxcserv.sys
17:11:25:168 3416 ScanServices: Open/Create key error 2
17:11:25:168 3416 ScanServices: Searching service MSIVXserv.sys
17:11:25:169 3416 ScanServices: Open/Create key error 2
17:11:25:175 3416 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 81E03000
17:11:25:177 3416 UnhookRegistry: Kernel local addr: 1CD0000
17:11:25:177 3416 UnhookRegistry: KeServiceDescriptorTable addr: 1E07B00
17:11:25:182 3416 UnhookRegistry: KiServiceTable addr: 1D888E0
17:11:25:183 3416 UnhookRegistry: NtEnumerateKey service number (local): 85
17:11:25:183 3416 UnhookRegistry: NtEnumerateKey local addr: 1ED7BAC
17:11:25:204 3416 KLMD_OpenDevice: Trying to open KLMD device
17:11:25:204 3416 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
17:11:25:205 3416 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
17:11:25:205 3416 KLMD_ReadMem: Trying to ReadMemory 0x81E58AAD[0x4]
17:11:25:205 3416 UnhookRegistry: NtEnumerateKey service number (kernel): 85
17:11:25:205 3416 KLMD_ReadMem: Trying to ReadMemory 0x81EBBAF4[0x4]
17:11:25:205 3416 UnhookRegistry: NtEnumerateKey real addr: 8200ABAC
17:11:25:205 3416 UnhookRegistry: NtEnumerateKey calc addr: 8200ABAC
17:11:25:206 3416 UnhookRegistry: No SDT hooks found on NtEnumerateKey
17:11:25:206 3416 KLMD_ReadMem: Trying to ReadMemory 0x8200ABAC[0xA]
17:11:25:206 3416 UnhookRegistry: No splicing found on NtEnumerateKey
17:11:25:213 3416
Scanning Kernel memory ...
17:11:25:214 3416 KLMD_OpenDevice: Trying to open KLMD device
17:11:25:215 3416 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
17:11:25:215 3416 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
17:11:25:215 3416 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84DF0430
17:11:25:215 3416 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
17:11:25:215 3416 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 84191900
17:11:25:216 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84191900
17:11:25:216 3416 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 844E57E8
17:11:25:216 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 844E57E8
17:11:25:216 3416 KLMD_ReadMem: Trying to ReadMemory 0x844E57E8[0x38]
17:11:25:216 3416 DetectCureTDL3: DRIVER_OBJECT addr: 8413C670
17:11:25:216 3416 KLMD_ReadMem: Trying to ReadMemory 0x8413C670[0xA8]
17:11:25:217 3416 KLMD_ReadMem: Trying to ReadMemory 0x865153E0[0x208]
17:11:25:217 3416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
17:11:25:217 3416 DetectCureTDL3: IrpHandler (0) addr: 9D59BB40
17:11:25:218 3416 DetectCureTDL3: IrpHandler (1) addr: 81E28FE3
17:11:25:218 3416 DetectCureTDL3: IrpHandler (2) addr: 9D59BBB8
17:11:25:218 3416 DetectCureTDL3: IrpHandler (3) addr: 9D59BC30
17:11:25:218 3416 DetectCureTDL3: IrpHandler (4) addr: 9D59BC30
17:11:25:218 3416 DetectCureTDL3: IrpHandler (5) addr: 81E28FE3
17:11:25:218 3416 DetectCureTDL3: IrpHandler (6) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (7) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (8) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (9) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (10) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (11) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (12) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (13) addr: 81E28FE3
17:11:25:219 3416 DetectCureTDL3: IrpHandler (14) addr: 9D59B828
17:11:25:220 3416 DetectCureTDL3: IrpHandler (15) addr: 9D5904AA
17:11:25:220 3416 DetectCureTDL3: IrpHandler (16) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (17) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (18) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (19) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (20) addr: 81E28FE3
17:11:25:220 3416 DetectCureTDL3: IrpHandler (21) addr: 81E28FE3
17:11:25:221 3416 DetectCureTDL3: IrpHandler (22) addr: 9D599F9A
17:11:25:221 3416 DetectCureTDL3: IrpHandler (23) addr: 9D5977A2
17:11:25:221 3416 DetectCureTDL3: IrpHandler (24) addr: 81E28FE3
17:11:25:221 3416 DetectCureTDL3: IrpHandler (25) addr: 81E28FE3
17:11:25:221 3416 DetectCureTDL3: IrpHandler (26) addr: 81E28FE3
17:11:25:221 3416 KLMD_ReadMem: Trying to ReadMemory 0x9D592A44[0x400]
17:11:25:222 3416 TDL3_StartIoHookDetect: CheckParameters: 5, 9D596000, 0, 0
17:11:25:222 3416 TDL3_FileDetect: Processing driver: USBSTOR
17:11:25:223 3416 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk
17:11:25:223 3416 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys
17:11:25:223 3416 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys
17:11:25:246 3416 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 84EF3878
17:11:25:246 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84EF3878
17:11:25:246 3416 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 847A8950
17:11:25:246 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 847A8950
17:11:25:247 3416 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 847A6BA0
17:11:25:247 3416 KLMD_GetLowerDeviceObject: Trying to get lower device object for 847A6BA0
17:11:25:247 3416 KLMD_ReadMem: Trying to ReadMemory 0x847A6BA0[0x38]
17:11:25:247 3416 DetectCureTDL3: DRIVER_OBJECT addr: 8479ABE0
17:11:25:247 3416 KLMD_ReadMem: Trying to ReadMemory 0x8479ABE0[0xA8]
17:11:25:247 3416 KLMD_ReadMem: Trying to ReadMemory 0x83E00038[0x208]
17:11:25:248 3416 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
17:11:25:248 3416 DetectCureTDL3: IrpHandler (0) addr: 807440FC
17:11:25:248 3416 DetectCureTDL3: IrpHandler (1) addr: 81E28FE3
17:11:25:248 3416 DetectCureTDL3: IrpHandler (2) addr: 807440FC
17:11:25:248 3416 DetectCureTDL3: IrpHandler (3) addr: 81E28FE3
17:11:25:248 3416 DetectCureTDL3: IrpHandler (4) addr: 81E28FE3
17:11:25:248 3416 DetectCureTDL3: IrpHandler (5) addr: 81E28FE3
17:11:25:248 3416 DetectCureTDL3: IrpHandler (6) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (7) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (8) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (9) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (10) addr: 81E28FE3
17:11:25:249 3416 DetectCureTDL3: IrpHandler (11) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (12) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (13) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (14) addr: 807329D6
17:11:25:250 3416 DetectCureTDL3: IrpHandler (15) addr: 807329A8
17:11:25:250 3416 DetectCureTDL3: IrpHandler (16) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (17) addr: 81E28FE3
17:11:25:250 3416 DetectCureTDL3: IrpHandler (18) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (19) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (20) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (21) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (22) addr: 80732A04
17:11:25:251 3416 DetectCureTDL3: IrpHandler (23) addr: 8073FB70
17:11:25:251 3416 DetectCureTDL3: IrpHandler (24) addr: 81E28FE3
17:11:25:251 3416 DetectCureTDL3: IrpHandler (25) addr: 81E28FE3
17:11:25:252 3416 DetectCureTDL3: IrpHandler (26) addr: 81E28FE3
17:11:25:252 3416 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
17:11:25:252 3416 KLMD_ReadMem: DeviceIoControl error 1
17:11:25:252 3416 TDL3_StartIoHookDetect: Unable to get StartIo handler code
17:11:25:252 3416 TDL3_FileDetect: Processing driver: atapi
17:11:25:253 3416 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
17:11:25:253 3416 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
17:11:25:253 3416 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
17:11:25:276 3416
Completed

Results:
17:11:25:278 3416 Infected objects in memory: 0
17:11:25:278 3416 Cured objects in memory: 0
17:11:25:279 3416 Infected objects on disk: 0
17:11:25:280 3416 Objects on disk cured on reboot: 0
17:11:25:281 3416 Objects on disk deleted on reboot: 0
17:11:25:282 3416 Registry nodes deleted on reboot: 0
17:11:25:283 3416

CNova · Jan 2, 2010

Alright well, that seemed to be pretty useless

Download and run OTL - http://oldtimer.geekstogo.com/OTL.exe

Check "Scan all users" and tick "Standard Output"
Then click "Run Scan"
It may take awhile before its finished, OTL should produce a log, post that here.

Mikeryan1 · Jan 2, 2010

&?%#^%*!!!

Didn't recognize my USB drives for the flash drive and it just logged me out because of corrupt system files!

Stand by please...

Mikeryan1 · Jan 2, 2010

it's OK to do this in Safe Mode, correct?

CNova · Jan 2, 2010

Yes, it should work the same safe mode.

Also, did you manage to catch what system files were corrupted?

Mikeryan1 · Jan 2, 2010

It did not say. It was just a message box that popped up.

OTL log:

OTL logfile created on: 1/2/2010 5:45:50 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = H:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 82.35 Gb Free Space | 58.56% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.96 Gb Total Space | 0.86 Gb Free Space | 44.03% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/02 17:33:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2009/11/21 01:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:11 | 00,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (SafeList) ==========

MOD - [2010/01/02 17:33:38 | 00,513,536 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/21 20:29:42 | 00,135,664 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/04/13 14:25:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/03/25 06:57:37 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/04 02:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/15 12:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/03/28 18:04:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/03/06 16:19:44 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/03/06 16:19:44 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/03/06 16:19:40 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 19:28:34 | 00,271,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 19:28:34 | 00,112,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/11/12 10:37:34 | 01,252,232 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/31 09:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/29 13:06:44 | 00,598,960 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdfcoms.exe -- (lxdf_device)
SRV - [2007/05/29 13:06:20 | 00,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)
SRV - [2007/05/03 16:51:50 | 00,151,552 | ---- | M] (SprintNextel) [Disabled | Stopped] -- C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe -- (Access Utility Service)
SRV - [2007/02/17 06:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/01/14 08:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 09:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/28 11:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2008/12/04 02:42:00 | 07,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/01 16:29:08 | 00,445,184 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2008/03/03 19:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/19 00:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/19 00:56:08 | 00,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2007/11/12 10:34:53 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/11/06 17:28:40 | 00,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071220.001\IDSvix86.sys -- (IDSvix86)
DRV - [2007/10/30 19:55:44 | 00,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/10/30 19:55:38 | 00,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 19:55:34 | 00,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/30 19:55:28 | 00,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/30 19:55:20 | 00,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/30 19:55:14 | 00,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2007/03/06 23:15:58 | 01,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 09:42:22 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 18:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/02/13 00:12:04 | 00,021,376 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/23 12:03:28 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/12 22:59:02 | 00,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 10:43:12 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/12/07 10:05:58 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/07 10:04:36 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/07 10:04:26 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/30 12:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 11:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 00,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 21:10:57 | 01,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/28 11:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/19 09:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-897006483-1081127982-554325316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-897006483-1081127982-554325316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-897006483-1081127982-554325316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wftv.com/index.html
IE - HKU\S-1-5-21-897006483-1081127982-554325316-1000\S-1-5-21-897006483-1081127982-554325316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/07 16:34:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/26 14:36:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/26 14:36:20 | 00,000,000 | ---D | M]

[2009/03/01 20:02:40 | 00,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2009/12/25 17:41:41 | 00,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\oduxrvtv.default\extensions
[2009/12/25 14:10:46 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\oduxrvtv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/01 20:02:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (292023 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-897006483-1081127982-554325316-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-897006483-1081127982-554325316-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [lxdfamon] C:\Program Files\Lexmark 6500 Series\lxdfamon.exe ()
O4 - HKLM..\Run: [lxdfmon.exe] C:\Program Files\Lexmark 6500 Series\lxdfmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [settdebugx.exe] C:\Users\Mike\AppData\Local\Temp\settdebugx.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-897006483-1081127982-554325316-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Mike\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-897006483-1081127982-554325316-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-897006483-1081127982-554325316-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://125.206.34.117/cgi-bin/kxhcm10.ocx (KXHCM10 Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} http://76.108.199.199:1024/img/NetCamPlayerWeb11g.ocx (NetCamPlayerWeb11g Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JS...7/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://lts.maronda.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://63.165.41.9/JpegInst.cab (pmjpegcam Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 06:08:39 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{653bf888-9181-11dc-8e59-001a73b126bf}\Shell - "" = AutoRun
O33 - MountPoints2\{653bf888-9181-11dc-8e59-001a73b126bf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e270c71b-f923-11dd-92d9-001b24b20d2e}\Shell\AutoRun\command - "" = G:\rcasw_setup.exe -- File not found
O33 - MountPoints2\{e270c71b-f923-11dd-92d9-001b24b20d2e}\Shell\Manage your videos\command - "" = RCAMemoryMgr.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/02 17:10:15 | 00,000,000 | ---D | C] -- C:\tdsskiller
[2010/01/02 15:42:41 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/02 15:34:19 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/02 12:59:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malware Defense
[2010/01/01 23:00:14 | 00,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2009/12/25 22:17:23 | 00,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Blackberry Desktop
[2009/12/25 22:13:27 | 00,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Research In Motion
[2009/12/25 21:48:30 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/12/25 21:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/12/25 21:13:27 | 00,026,496 | ---- | C] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys
[2009/12/25 21:12:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/12/25 21:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/12/23 03:21:03 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2009/12/15 21:30:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/12/10 03:10:12 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/10 03:10:04 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/09 08:26:32 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/09 08:26:32 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/09 08:26:31 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/09 08:26:31 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/09 08:26:31 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/09 08:26:31 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/09 08:26:31 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/09 08:26:31 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/09 08:26:31 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/09 08:26:31 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/09 08:26:31 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 08:26:31 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/09 08:26:31 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/09 08:26:30 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/09 08:25:57 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/12/09 08:25:57 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/08 22:56:23 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2008/04/23 13:23:48 | 00,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdfhcp.dll
[2008/04/23 13:23:45 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdfinpa.dll
[2008/04/23 13:23:45 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdfiesc.dll
[2008/04/23 13:23:44 | 01,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdfserv.dll
[2008/04/23 13:23:44 | 00,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdfusb1.dll
[2008/04/23 13:23:43 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdfpmui.dll
[2008/04/23 13:23:43 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdfprox.dll
[2008/04/23 13:23:42 | 00,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdflmpm.dll
[2008/04/23 13:23:38 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdfhbn3.dll
[2008/04/23 13:23:36 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomm.dll
[2008/04/23 13:23:35 | 00,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/02 17:43:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/02 17:42:43 | 18,322,4464 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/02 17:41:35 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/02 17:41:17 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 17:41:17 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 17:41:15 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/02 17:41:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/02 17:41:13 | 00,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/02 17:40:07 | 07,602,176 | -HS- | M] () -- C:\Users\Mike\ntuser.dat
[2010/01/02 17:40:05 | 00,524,288 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{8b9f35d3-98b9-11dd-b7e7-001b24b20d2e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/02 17:40:05 | 00,065,536 | -HS- | M] () -- C:\Users\Mike\ntuser.dat{8b9f35d3-98b9-11dd-b7e7-001b24b20d2e}.TM.blf
[2010/01/02 17:39:45 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/02 17:39:42 | 02,195,441 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/01/02 17:35:07 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/02 15:43:14 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/02 15:43:14 | 00,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/02 15:43:14 | 00,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/02 15:43:00 | 00,002,515 | ---- | M] () -- C:\Users\Mike\Desktop\HiJackThis.lnk
[2010/01/02 15:41:46 | 00,136,192 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/02 15:36:25 | 00,027,744 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/02 15:13:52 | 00,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/01/02 12:47:40 | 00,000,876 | ---- | M] () -- C:\Windows\System32\krl32mainweq.dll
[2010/01/02 12:46:38 | 00,000,202 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2010/01/02 12:44:57 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2010/01/01 22:07:31 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED00D37D-CE43-4E52-844B-71672EF8F201}.job
[2009/12/31 11:56:53 | 00,034,473 | ---- | M] () -- C:\Users\Mike\Desktop\Cap one bowl.gif
[2009/12/30 16:42:09 | 00,009,222 | ---- | M] () -- C:\Users\Mike\Desktop\Ryan December Bank Statement.pdf
[2009/12/30 16:35:13 | 00,009,778 | ---- | M] () -- C:\Users\Mike\Desktop\Ryan November Bank Statement.pdf
[2009/12/30 16:19:26 | 05,309,136 | ---- | M] () -- C:\Users\Mike\Desktop\Paystubs Nov and Dec. Ryan.PDF
[2009/12/29 23:10:53 | 00,015,331 | ---- | M] () -- C:\Users\Mike\Desktop\Masters vs Bach chart.xlsx
[2009/12/26 15:22:49 | 00,130,143 | ---- | M] () -- C:\Users\Mike\Desktop\Honeymoon Disc Art.stx
[2009/12/26 09:55:51 | 00,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2009/12/26 09:09:44 | 00,065,536 | ---- | M] () -- C:\Users\Mike\Desktop\Advent Calendar.jpg
[2009/12/25 21:53:11 | 00,396,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/25 21:35:47 | 00,111,248 | ---- | M] () -- C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/25 21:12:45 | 00,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/24 23:33:58 | 00,014,524 | ---- | M] () -- C:\Users\Mike\Desktop\disney-castle2.jpg
[2009/12/24 11:38:00 | 03,330,873 | ---- | M] () -- C:\Users\Mike\Desktop\Pop's Stone.jpg
[2009/12/24 11:05:00 | 03,402,267 | ---- | M] () -- C:\Users\Mike\Desktop\Gammy's stone.jpg
[2009/12/23 03:21:58 | 15,269,8880 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/12/23 03:21:58 | 00,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/12/23 03:21:58 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/12/22 20:40:20 | 00,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/16 00:27:33 | 00,019,015 | ---- | M] () -- C:\Users\Mike\Desktop\Preparation for QLC1.docx
[2009/12/09 20:05:45 | 03,356,989 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2009/12/09 17:49:28 | 00,078,205 | ---- | M] () -- C:\Users\Mike\Desktop\Channel Lineup.pdf
[2009/12/08 17:42:16 | 01,247,083 | ---- | M] () -- C:\Users\Mike\Desktop\Matthew and Santa 2009.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/02 15:42:41 | 00,002,515 | ---- | C] () -- C:\Users\Mike\Desktop\HiJackThis.lnk
[2010/01/02 12:47:40 | 00,000,876 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2010/01/02 12:46:38 | 00,000,202 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2010/01/02 12:44:57 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/31 11:58:47 | 00,034,473 | ---- | C] () -- C:\Users\Mike\Desktop\Cap one bowl.gif
[2009/12/30 16:42:09 | 00,009,222 | ---- | C] () -- C:\Users\Mike\Desktop\Ryan December Bank Statement.pdf
[2009/12/30 16:35:13 | 00,009,778 | ---- | C] () -- C:\Users\Mike\Desktop\Ryan November Bank Statement.pdf
[2009/12/30 16:21:25 | 05,309,136 | ---- | C] () -- C:\Users\Mike\Desktop\Paystubs Nov and Dec. Ryan.PDF
[2009/12/29 23:02:42 | 00,015,331 | ---- | C] () -- C:\Users\Mike\Desktop\Masters vs Bach chart.xlsx
[2009/12/26 09:10:49 | 00,065,536 | ---- | C] () -- C:\Users\Mike\Desktop\Advent Calendar.jpg
[2009/12/25 22:13:32 | 00,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/12/25 21:12:45 | 00,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2009/12/24 23:37:33 | 00,130,143 | ---- | C] () -- C:\Users\Mike\Desktop\Honeymoon Disc Art.stx
[2009/12/24 23:33:21 | 00,014,524 | ---- | C] () -- C:\Users\Mike\Desktop\disney-castle2.jpg
[2009/12/24 11:38:00 | 03,330,873 | ---- | C] () -- C:\Users\Mike\Desktop\Pop's Stone.jpg
[2009/12/24 11:05:00 | 03,402,267 | ---- | C] () -- C:\Users\Mike\Desktop\Gammy's stone.jpg
[2009/12/23 03:02:47 | 00,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/12/23 03:02:47 | 00,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/12/23 03:02:46 | 15,269,8880 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/12/22 20:40:20 | 00,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/21 20:30:19 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/21 20:30:16 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/16 00:27:31 | 00,019,015 | ---- | C] () -- C:\Users\Mike\Desktop\Preparation for QLC1.docx
[2009/12/09 17:49:27 | 00,078,205 | ---- | C] () -- C:\Users\Mike\Desktop\Channel Lineup.pdf
[2009/12/08 17:42:43 | 01,247,083 | ---- | C] () -- C:\Users\Mike\Desktop\Matthew and Santa 2009.jpg
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/30 06:29:38 | 00,004,096 | -H-- | C] () -- C:\Users\Mike\AppData\Local\keyfile3.drm
[2009/02/16 08:02:58 | 00,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/16 08:02:52 | 00,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/14 21:43:13 | 00,561,152 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/14 21:43:13 | 00,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/30 21:30:26 | 00,015,275 | ---- | C] () -- C:\ProgramData\lxdf
[2008/04/25 07:44:15 | 00,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\wklnhst.dat
[2008/04/23 13:41:51 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdfcoin.dll
[2008/04/23 13:33:35 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXDFFXPU.DLL
[2008/04/23 13:33:34 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXDFPMON.DLL
[2008/04/23 13:33:14 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdfoem.dll
[2008/04/23 13:24:24 | 00,000,060 | ---- | C] () -- C:\Windows\System32\lxdfrwrd.ini
[2008/04/23 13:23:51 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdfinst.dll
[2008/04/23 13:23:38 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdfgrd.dll
[2007/12/25 10:37:41 | 00,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2007/12/25 10:37:34 | 00,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2007/12/23 09:47:24 | 00,038,431 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Comma Separated Values (DOS).ADR
[2007/11/14 08:47:12 | 00,136,192 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/13 00:10:37 | 00,027,240 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\nvModes.dat
[2007/11/13 00:10:37 | 00,027,240 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\nvModes.001
[2007/11/12 09:00:18 | 00,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\QSwitch.txt
[2007/11/12 09:00:18 | 00,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\DSwitch.txt
[2007/11/12 09:00:18 | 00,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\AtStart.txt
[2007/09/05 19:01:22 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/08/23 11:55:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/08/23 11:50:04 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007/08/23 11:50:04 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/08/04 05:53:27 | 00,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/24 23:24:25 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdfdrs.dll
[2007/05/22 17:09:48 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdfcaps.dll
[2007/04/17 17:17:05 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdfcnv4.dll
[2007/02/27 15:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 08:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdfvs.dll
[2006/03/09 19:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 07:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mike\Desktop\Kayak vs Gator.MOV:TOC.WMV
< End of report >

CNova · Jan 2, 2010

Download and run RKill - http://download.bleepingcomputer.com/grinler/rkill.com

RKill will kill the process blocking the malwarebytes installer from installing.

You should be able to run MalwareBytes in safe mode.

Download the installer from this link - http://mbam.malwarebytes.org/program/random.php

It should be able to install.
Afterward, run a full scan and remove any entries that are found.
Post the log MalwareBytes produces after the scan, along with another HjT log in normal mode.

Mikeryan1 · Jan 2, 2010

I saved the Maleware link to my flash drive and tried to run it on the infected computer (after running Rkill)and I got the error code 707 (3,0). The Maleware forum says the answer to this is reinstallation, yet I have tried 3 times and get the same code. Any hints?

CNova · Jan 2, 2010

Try SUPERAntiSpyware as an alternative - http://www.superantispyware.com/superantispyware.html

When you have SUPERAntiSpyware installed and updated.
Click "Scan my Computer"
Select the drive your OS (Operating System) is on and tick "Perform Complete Scan".
Remove any entries it finds.
When you're back at the main menu, goto "Preferences..."
Goto the "Statistics/Logs" tab and double click the scan log that you just performed.
Post the log here.

Mikeryan1 · Jan 2, 2010

Thanks...don't go to bed on me yet!

CNova · Jan 2, 2010

Mikeryan1 said:

Thanks...don't go to bed on me yet!
Click to expand...

Heh, if you want to chat in real-time you can click the edited by ddp". Don't worry I won't charge anything. I only do free work for this forum.

Mikeryan1 · Jan 2, 2010

"Superantispyware has stopped working, Windows is checking for a solution"

This may have something to do with what's going on in safe mode. When I picked the 1st repair it..., it asked for my admin password. Since it's Vista, I used the same password that I logged in and it said that my password is no longer valid, please see an admin. This is a home computer and there is no other admin except me.

How screwed am I?

CNova · Jan 2, 2010

Hmmm...

I hate to keep asking you to download programs, but could you download Dr.Web CureIt! ? - http://www.freedrweb.com/download+cureit/

When you run CureIt, it doesn't need to be installed just click "Scan". It'll take a bit to initialize the scan. "Cure" anything it finds.
Note: If it doesn't run, rename it with random characters.

Sorry I wasn't answering on Crossloop, I stepped away for some grub. I should be on

Mikeryan1 · Jan 2, 2010

That's OK! My stomach is in too many knots to think about eating!

Mikeryan1 · Jan 2, 2010

That page was in Russian and Google translator din't translate which program. (I clicke 30 day demo...then it redirected t the untranslatable page)

CNova · Jan 2, 2010

It should have worked, but here is the root of the website forced to display english

http://www.freedrweb.com/?lng=en

Mikeryan1 · Jan 2, 2010

its downloading....

Log in or Sign up

Virus/trojan took over!

Mikeryan1 Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

Share This Page

Log in or Sign up

Virus/trojan took over!

Mikeryan1 Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

Mikeryan1 Member

CNova Member

Mikeryan1 Member

Share This Page

Useful Searches