Removed TDSSRt-A & FastClick / Next Steps? [Archive]

View Full Version : Removed TDSSRt-A & FastClick / Next Steps?

saltherring

2010-10-15, 19:13

Greetings,

I discovered TDSSRt-A & FastClick on my system and removed/quarantined them. However I am wondering if I should do anything else to ensure everything is secure on my PC. I was having system host crashes and browser redirects along with all-around sluggishness. That seems to be
gone but I'm wondering if I should do a system restore at this point.

Any help will be much appreciated. Thanks!

Here's my DDS report:

DDS (Ver_10-10-10.03) - NTFSx86
Run by Joel at 11:59:07.39 on Fri 10/15/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2036.1184 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\TRENDnet\802.11n Wireless Client Utility\UMCCfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.guardian.co.uk
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081219
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\booyah\SDHelper.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
uRun: [AdobeBridge]
uRun: [EPSON Stylus Photo 1400 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_fatibua.exe" /fu "c:\users\joel\appdata\local\temp\E_S87B5.tmp" /EF "HKCU"
uRun: [Google Update] "c:\users\joel\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\80211n~1.lnk - c:\program files\trendnet\802.11n wireless client utility\UMCCfg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logoca~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\profil~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\ProfileReminder.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\booyah\SDHelper.dll
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joel\appdata\roaming\mozilla\firefox\profiles\fod8v48d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.guardian.co.uk/world
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\users\joel\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\joel\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\joel\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\joel\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2010-3-7 14416]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-9-15 45072]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 netr28u;802.11n USB Wireless Network Adapter Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-4-9 599040]
S2 trackcam;TrackerCam Video Capture Driver;c:\windows\system32\drivers\trackcam.sys [2010-1-17 78152]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [2010-3-7 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [2010-3-7 26045]

=============== Created Last 30 ================

2010-10-15 07:31:55 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a2b1a451-853f-470d-aba4-cdf9d704aa9a}\mpengine.dll
2010-10-14 11:04:05 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 11:02:57 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 11:02:57 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 11:02:55 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 11:02:54 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 11:02:12 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 11:02:12 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 11:02:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 11:02:11 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 11:02:09 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 11:00:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 11:00:27 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 11:00:17 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 02:32:52 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-10-14 02:32:15 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-14 02:32:15 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-14 02:29:24 -------- d-----w- c:\program files\Kaspersky Lab
2010-10-14 02:29:23 -------- d-----w- c:\progra~2\Kaspersky Lab
2010-10-14 01:30:11 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-10-14 00:58:20 -------- d-----w- C:\TDSSKiller_Quarantine
2010-10-13 20:57:53 -------- d-----w- c:\users\joel\appdata\roaming\Malwarebytes
2010-10-13 20:57:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 20:57:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 20:57:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 20:57:30 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-03 22:51:31 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-03 22:51:23 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-03 22:50:45 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-03 22:50:42 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-10-03 22:50:11 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-03 22:50:07 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-10-03 22:50:05 501760 ----a-w- c:\windows\system32\usp10.dll
2010-10-02 04:54:06 -------- d-----w- c:\program files\Booyah
2010-10-02 03:33:55 -------- d-----w- c:\progra~2\IObit
2010-10-02 03:31:46 -------- d-----w- c:\program files\IObit
2010-10-02 03:11:36 -------- d-----w- c:\program files\Trend Micro
2010-09-22 19:28:50 -------- d-----w- c:\users\joel\appdata\local\Apps
2010-09-22 19:10:50 -------- d-----w- c:\users\joel\appdata\roaming\Quintessential Media Player
2010-09-22 19:10:21 -------- d-----w- c:\program files\Quintessential Media Player
2010-09-22 17:42:37 -------- d-----w- c:\users\joel\appdata\roaming\XemiComputers
2010-09-22 17:20:06 -------- d-----w- c:\program files\Mozilla Sunbird
2010-09-16 04:30:34 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-09-16 04:28:03 -------- dc-h--w- c:\progra~2\{5D7316EC-0EDC-4C87-A589-9244C286BC92}
2010-09-16 04:27:44 -------- d-----w- c:\progra~2\webroot
2010-09-16 04:25:31 -------- d-----w- c:\users\joel\appdata\local\PackageAware

==================== Find3M ====================

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-10 15:02:22 274432 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 12:01:58.62 ===============

ken545

2010-10-19, 01:47

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware execpt for the programs we may run.

Lets check a bit deeper into your system, lets do this.

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Please download GMER from one of the following locations, and save it to your desktop:

Main Mirror (http://gmer.net/download.php)
This version will download a randomly named file (Recommended)
Zip Mirror (http://gmer.net/gmer.zip)
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Extract the contents of the zipped file to desktop (applicable only to Zip mirror) .
Double click http://billy-oneal.com/forums/gmer/gmerRandomIcon.png or http://billy-oneal.com/forums/gmer/gmerDesktopIcon.png on your desktop.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
http://billy-oneal.com/forums/gmer/gmerNoDialog.png

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Post the logs from GMER and OTL please

saltherring

2010-10-19, 15:58

thanks so much for the help ken!

here's my otl report and the gmer.log
is attached as well.

---

OTL logfile created on: 10/19/2010 7:55:20 AM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Joel\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.02 Gb Total Space | 19.76 Gb Free Space | 8.86% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.71 Gb Free Space | 58.47% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 1.46 Gb Free Space | 0.63% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Users\Joel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\Plugins\AntiMalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\Security\Current\Plugins\AntiMalware\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\TRENDnet\802.11n Wireless Client Utility\UMCCfg.exe ()
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()

========== Modules (SafeList) ==========

MOD - C:\Users\Joel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SPLITCAM) -- C:\Windows\System32\DRIVERS\splitcam.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfmonm) -- C:\Windows\System32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (trackcam) -- C:\Windows\System32\drivers\trackcam.sys (Eagletron Inc.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (PDIHWCTL) -- C:\Windows\System32\drivers\pdihwctl.sys (Portrait Displays, Inc.)
DRV - (eyeonedp) -- C:\Windows\System32\drivers\EyeOneDp.sys ()
DRV - (i1) -- C:\Windows\System32\drivers\i1.sys (GretagMacbeth)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081219
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.guardian.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.guardian.co.uk/world"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/01 16:07:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 23:02:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/09/22 12:20:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/10/13 21:30:25 | 000,000,000 | ---D | M]

[2010/09/22 12:20:37 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions
[2010/09/22 12:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2009/03/05 13:38:56 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2009/03/23 23:07:50 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/10/15 15:54:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\fod8v48d.default\extensions
[2009/08/24 23:34:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\fod8v48d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/02 12:34:27 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\fod8v48d.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/10/13 11:14:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\fod8v48d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/30 09:49:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\fod8v48d.default\extensions\firebug@software.joehewitt.com
[2010/09/22 12:20:37 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Mozilla\Sunbird\Profiles\86zrgics.default\extensions
[2009/09/09 01:36:01 | 000,002,172 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\fod8v48d.default\searchplugins\bing.xml
[2010/10/15 15:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 21:32:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/04/15 21:20:19 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Booyah\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Booyah\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Joel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (.common-controls_6595b64144ccf1df_6.0) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cf157a45-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157a77-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157adf-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157b71-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157b81-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157bd1-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157bf1-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157c01-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157c61-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = I:\CA_EdgeLitemobile.exe -- File not found
O33 - MountPoints2\{cf157c73-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157c85-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157ccd-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157ce5-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157cfd-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157d1d-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{cf157d65-de56-11de-a155-00219b1c0931}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/19 01:02:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\TFC (1).exe
[2010/10/19 00:59:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\TFC.exe
[2010/10/15 11:23:44 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\New Folder
[2010/10/14 06:04:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 06:02:57 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 06:02:57 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 06:02:55 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/14 06:02:54 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 06:02:09 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 06:01:48 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 06:01:47 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 06:01:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 06:01:46 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/14 06:01:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 06:01:44 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 06:01:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 06:01:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 06:01:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/14 06:01:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/14 06:01:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/14 06:01:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/14 06:01:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/14 06:01:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 06:01:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 06:01:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 06:01:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 06:00:57 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 06:00:27 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 21:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/10/13 21:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/10/13 21:28:36 | 000,488,024 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/10/13 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/10/13 20:27:26 | 112,030,544 | ---- | C] (Kaspersky Lab) -- C:\Users\Joel\Desktop\kav2011_11.0.1.400-1429en_us.exe
[2010/10/13 19:58:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/10/13 19:54:13 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\tdsskiller
[2010/10/13 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes
[2010/10/13 15:57:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/13 15:57:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/13 15:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/13 15:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/13 12:51:58 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2010/10/13 10:13:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/13 10:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/06 15:53:21 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\Gallery 2 Files
[2010/10/06 15:19:43 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\gallery-3.0
[2010/10/03 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/03 17:51:31 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/10/03 17:51:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/01 23:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Booyah
[2010/10/01 22:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/10/01 22:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/10/01 22:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/22 14:28:50 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Apps
[2010/09/22 14:10:50 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Quintessential Media Player
[2010/09/22 14:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Quintessential Media Player
[2010/09/22 12:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\XemiComputers
[2010/09/22 12:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Sunbird

========== Files - Modified Within 30 Days ==========

[2010/10/19 07:55:50 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/19 07:55:50 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/19 07:55:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3351545934-2328214429-1858582809-1000UA.job
[2010/10/19 07:52:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 07:52:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 07:51:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/19 01:15:40 | 000,001,033 | ---- | M] () -- C:\Users\Joel\AppData\Local\WUB375L_TW001_{67001314-1CC3-4465-AE8E-19A668C80BDD}.bin
[2010/10/19 01:13:06 | 2134,077,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 01:09:48 | 000,294,912 | ---- | M] () -- C:\Users\Joel\Desktop\text.exe
[2010/10/19 01:02:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\TFC (1).exe
[2010/10/19 00:59:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\TFC.exe
[2010/10/18 00:46:57 | 000,124,010 | ---- | M] () -- C:\Users\Joel\Desktop\Little_India.jpg
[2010/10/16 18:55:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3351545934-2328214429-1858582809-1000Core.job
[2010/10/14 11:48:07 | 122,049,144 | ---- | M] () -- C:\Users\Joel\Desktop\03_17_09_monalisa_mix.mp3
[2010/10/14 10:23:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/10/14 10:17:06 | 002,197,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/13 22:14:56 | 000,488,024 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/10/13 21:32:15 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/10/13 21:32:15 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/10/13 20:28:32 | 112,030,544 | ---- | M] (Kaspersky Lab) -- C:\Users\Joel\Desktop\kav2011_11.0.1.400-1429en_us.exe
[2010/10/13 12:51:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2010/10/13 11:20:28 | 000,544,768 | ---- | M] () -- C:\Users\Joel\Desktop\dds.scr
[2010/10/08 13:54:32 | 000,026,112 | ---- | M] () -- C:\Users\Joel\Documents\press club letters.doc
[2010/10/06 11:37:20 | 000,163,328 | ---- | M] () -- C:\Users\Joel\Documents\Curie Joel 10.02.10.xls
[2010/10/04 17:50:42 | 000,108,032 | ---- | M] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 09:08:00 | 000,002,053 | ---- | M] () -- C:\Users\Joel\Desktop\Google Chrome.lnk
[2010/10/01 16:14:13 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/30 22:49:56 | 000,419,840 | ---- | M] () -- C:\Users\Joel\Documents\cc_20100930_224927.reg
[2010/09/29 12:40:59 | 000,145,223 | ---- | M] () -- C:\Users\Joel\Desktop\joel&me.jpg
[2010/09/24 00:41:49 | 000,000,668 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\vso_ts_preview.xml
[2010/09/22 14:10:26 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Quintessential Media Player.lnk
[2010/09/22 13:41:42 | 000,030,424 | ---- | M] () -- C:\Windows\System32\wrLZMA.dll
[2010/09/22 13:41:30 | 000,017,472 | ---- | M] () -- C:\Windows\System32\SsiEfr.exe
[2010/09/22 12:20:16 | 000,001,726 | ---- | M] () -- C:\Users\Joel\Desktop\Mozilla Sunbird.lnk
[2010/09/21 23:20:29 | 000,674,837 | ---- | M] () -- C:\Users\Joel\Desktop\taxonomyofrapnames.jpg
[2010/09/20 04:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

========== Files Created - No Company Name ==========

[2010/10/19 01:09:48 | 000,294,912 | ---- | C] () -- C:\Users\Joel\Desktop\text.exe
[2010/10/18 00:46:57 | 000,124,010 | ---- | C] () -- C:\Users\Joel\Desktop\Little_India.jpg
[2010/10/14 11:46:20 | 122,049,144 | ---- | C] () -- C:\Users\Joel\Desktop\03_17_09_monalisa_mix.mp3
[2010/10/13 21:32:15 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/10/13 21:32:15 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/10/13 21:25:42 | 2134,077,440 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/13 11:20:25 | 000,544,768 | ---- | C] () -- C:\Users\Joel\Desktop\dds.scr
[2010/10/08 13:48:59 | 000,026,112 | ---- | C] () -- C:\Users\Joel\Documents\press club letters.doc
[2010/10/06 11:37:20 | 000,163,328 | ---- | C] () -- C:\Users\Joel\Documents\Curie Joel 10.02.10.xls
[2010/10/03 09:08:00 | 000,002,053 | ---- | C] () -- C:\Users\Joel\Desktop\Google Chrome.lnk
[2010/09/30 22:49:31 | 000,419,840 | ---- | C] () -- C:\Users\Joel\Documents\cc_20100930_224927.reg
[2010/09/29 12:40:54 | 000,145,223 | ---- | C] () -- C:\Users\Joel\Desktop\joel&me.jpg
[2010/09/22 14:10:26 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Quintessential Media Player.lnk
[2010/09/22 12:20:16 | 000,001,726 | ---- | C] () -- C:\Users\Joel\Desktop\Mozilla Sunbird.lnk
[2010/09/21 23:20:26 | 000,674,837 | ---- | C] () -- C:\Users\Joel\Desktop\taxonomyofrapnames.jpg
[2010/09/15 23:30:36 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/08/17 05:53:10 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2010/04/09 17:47:55 | 000,001,033 | ---- | C] () -- C:\Users\Joel\AppData\Local\WUB375L_TW001_{67001314-1CC3-4465-AE8E-19A668C80BDD}.bin
[2010/04/09 17:47:55 | 000,000,031 | ---- | C] () -- C:\Users\Joel\AppData\Local\WUB375L_TW001_{67001314-1CC3-4465-AE8E-19A668C80BDD}.wsc
[2010/04/06 20:55:15 | 000,000,083 | ---- | C] () -- C:\Windows\EPSP1400.ini
[2010/03/07 10:56:48 | 000,044,344 | ---- | C] () -- C:\Windows\System32\drivers\EyeOneDp.sys
[2010/03/04 22:30:20 | 000,000,030 | ---- | C] () -- C:\Windows\AutoRun.ini
[2009/09/29 21:50:12 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/09/29 21:50:12 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/09/29 21:50:12 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/09/29 21:50:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009/06/28 22:42:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/06/10 00:59:12 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll
[2009/06/08 00:00:06 | 000,000,668 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\vso_ts_preview.xml
[2009/05/10 17:21:18 | 000,000,680 | ---- | C] () -- C:\Users\Joel\AppData\Local\d3d9caps.dat
[2009/04/11 10:59:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/01 21:10:10 | 000,020,531 | -H-- | C] () -- C:\ProgramData\T09F8
[2009/04/01 21:04:47 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/01 21:00:30 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV700SERIES.ini
[2009/03/04 01:59:05 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/03/02 23:42:19 | 000,108,032 | ---- | C] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/08 22:02:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/19 18:54:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/12/19 18:54:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/12/19 18:54:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/12/19 18:54:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/11 05:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libssl32.dll
[2005/11/11 05:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/08/31 03:20:00 | 000,233,557 | ---- | C] () -- C:\Windows\System32\esint54.dll

========== LOP Check ==========

[2010/09/23 10:22:59 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Audacity
[2009/05/01 16:28:08 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Braid
[2009/11/13 01:26:52 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canon
[2009/03/04 12:09:10 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\dBpoweramp
[2009/03/03 23:58:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\DeepBurner
[2010/06/21 17:33:25 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\EPSON
[2010/10/15 11:51:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FileZilla
[2009/03/23 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Flickr
[2010/09/30 21:36:11 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\foobar2000
[2010/04/10 22:09:44 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\GretagMacbeth
[2009/04/10 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\InfraRecorder
[2010/09/12 23:46:50 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Lasersoft Imaging
[2009/04/01 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech
[2009/03/03 01:13:56 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++
[2010/04/12 08:11:21 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org
[2009/04/15 11:21:22 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Publish Providers
[2010/09/30 20:46:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Quintessential Media Player
[2009/03/05 13:38:52 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Songbird2
[2010/09/13 23:22:45 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Sony
[2009/05/01 16:20:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Stardock
[2009/10/03 00:50:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Thinstall
[2010/09/24 00:41:51 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Vso
[2010/09/22 12:42:37 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\XemiComputers
[2010/10/19 01:03:59 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/12/19 18:40:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/12/19 18:40:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/12/19 18:40:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/12/19 18:40:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO)[b] Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[2008/01/20 21:33:49 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2008/01/20 21:34:26 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 21:34:22 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2010/09/22 13:41:42 | 000,030,424 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys
[2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys
[2010/10/13 22:14:56 | 000,488,024 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys
[2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys
[2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< End of report >

ken545

2010-10-19, 19:16

Hi,

GMER looks fine, no signs of a rootkit

OTL is pretty extensive and i need to look it over real close. I will be back online early evening.

In the meantime run this virus scanner and lets see if it finds anything

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

saltherring

2010-10-20, 07:51

hello again, ken. thanks so much for your assistance, i really appreciate your help and you taking your time to assist.

the ESET scan didn't come up with anything. here's the log file:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=de8ca9dc00148644b6633adcd4d3d756
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-20 05:43:26
# local_time=2010-10-20 12:43:26 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 634875 634875 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 124153143 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=203948
# found=0
# cleaned=0
# scan_time=7836

ken545

2010-10-20, 13:01

Hi,

Not looking at anything earthshattering on your OTL log and ESET came back clean. How is your system behaving now ?

saltherring

2010-10-20, 17:28

it seems fine now but i wasn't sure if there could still be something lurking. just thought it would be best to ask you experts what you thought because it was pretty bad before removing those two things i mentioned.

in any case, thanks so much once again. really appreciate your assistance.

joel

ken545

2010-10-20, 22:56

Hello Joel,

I will keep this thread open for you for about a week, if the symptoms reappear just post back and we can dig deeper if need be.

Keep Java up to date to make you more secure
Download JavaRa (http://prm753.bchea.org/click/click.php?id=9) to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

WinPatrol (www.winpatrol.com/download.html) Keep this fine program activated to block a lot of threats

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

ken545

2010-11-01, 09:26

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.