BleepingComputer.com: Pop-ups, Search Re-directs, Suspected Malware

I am experiencing pop-ups, performance issues and the BSOD. Any assistance you can provide is very much appreciated. Logs are posted below and attached.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Casey at 9:15:14.32 on Wed 04/27/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3030.1557 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Casey\Desktop\1\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [DellMCM] "c:\program files\dell photo aio printer 942\memcard.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader5.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\casey\appdata\roaming\mozilla\firefox\profiles\zhx2405e.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\casey\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\casey\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {1BD7ABC0-2119-49F7-B2BD-207D68F58B94} - c:\users\casey\appdata\local\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94}
FF - Ext: XULRunner: {DAB9E1D6-BA26-41D8-AC2F-CFCC6735B694} - c:\windows\system32\config\systemprofile\appdata\local\{DAB9E1D6-BA26-41D8-AC2F-CFCC6735B694}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\casey\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-5-15 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-12-24 4408616]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2009-12-24 112936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-15 112128]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-5-15 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-5-15 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-5-15 133472]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-5-15 279488]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2009-12-24 13224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca33b57724ad70;Google Update Service (gupdate1ca33b57724ad70);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S2 SftService;SoftThinks Agent Service;"c:\windows\sminst\sftservice.exe" --> c:\windows\sminst\sftservice.EXE [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-12-24 15656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-27 02:27:53 -------- d-----w- c:\program files\iPod
2011-04-27 02:27:52 -------- d-----w- c:\program files\iTunes
2011-04-27 02:22:44 -------- d-----w- c:\program files\Bonjour
2011-04-08 17:16:22 -------- d-----w- C:\SupportSoft
2011-04-07 00:19:36 -------- d-----w- c:\users\casey\appdata\local\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94}
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 23:35:19 0 ----a-w- c:\users\casey\appdata\local\Onowob.bin
.
==================== Find3M ====================
.
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-28 03:15:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD2500BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868FD439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x869037d0]; MOV EAX, [0x8690384c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x826C620F] -> \Device\Harddisk0\DR0[0x85CEC670]
3 CLASSPNP[0x82FA0745] -> ntkrnlpa!IofCallDriver[0x826C620F] -> [0x86960608]
\Driver\atapi[0x862502C8] -> IRP_MJ_CREATE -> 0x868FD439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD2500BEVT-75ZCT2___________________11.01A11#5&446824f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 9:17:24.53 ===============

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
  
• Please do not PM me directly for help. If you have any questions, post them in this topic.
  
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


One or more of the identified infections is a backdoor trojan and password stealer.



I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:



Running OTL

We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Push the button.
  
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Hi ST! Thanks so much for your help. Here are the logs you requested:

2011/05/05 08:57:44.0938 1216 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 08:57:45.0328 1216 ================================================================================
2011/05/05 08:57:45.0328 1216 SystemInfo:
2011/05/05 08:57:45.0328 1216
2011/05/05 08:57:45.0328 1216 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/05 08:57:45.0328 1216 Product type: Workstation
2011/05/05 08:57:45.0328 1216 ComputerName: CASEY-PC
2011/05/05 08:57:45.0328 1216 UserName: Casey
2011/05/05 08:57:45.0328 1216 Windows directory: C:\Windows
2011/05/05 08:57:45.0328 1216 System windows directory: C:\Windows
2011/05/05 08:57:45.0328 1216 Processor architecture: Intel x86
2011/05/05 08:57:45.0328 1216 Number of processors: 2
2011/05/05 08:57:45.0328 1216 Page size: 0x1000
2011/05/05 08:57:45.0328 1216 Boot type: Normal boot
2011/05/05 08:57:45.0328 1216 ================================================================================
2011/05/05 08:57:45.0936 1216 Initialize success
2011/05/05 08:58:37.0604 4184 ================================================================================
2011/05/05 08:58:37.0604 4184 Scan started
2011/05/05 08:58:37.0604 4184 Mode: Manual;
2011/05/05 08:58:37.0604 4184 ================================================================================
2011/05/05 08:58:40.0178 4184 ACPI (c7c7606b37c77632949bf55e7fde494e) C:\Windows\system32\drivers\acpi.sys
2011/05/05 08:58:40.0240 4184 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/05 08:58:40.0271 4184 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/05 08:58:40.0302 4184 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/05 08:58:40.0349 4184 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/05 08:58:40.0552 4184 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/05 08:58:40.0692 4184 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/05 08:58:40.0755 4184 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/05 08:58:40.0786 4184 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/05 08:58:40.0864 4184 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/05 08:58:40.0895 4184 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/05 08:58:40.0926 4184 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/05 08:58:40.0989 4184 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/05/05 08:58:41.0067 4184 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/05 08:58:41.0098 4184 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/05 08:58:41.0145 4184 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/05 08:58:41.0207 4184 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/05/05 08:58:41.0332 4184 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
2011/05/05 08:58:41.0410 4184 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/05 08:58:41.0504 4184 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/05 08:58:41.0613 4184 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/05 08:58:41.0660 4184 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/05 08:58:41.0878 4184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/05 08:58:42.0018 4184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/05 08:58:42.0190 4184 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/05 08:58:42.0362 4184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/05 08:58:42.0455 4184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/05 08:58:42.0611 4184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/05 08:58:43.0875 4184 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/05 08:58:44.0826 4184 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/05/05 08:58:45.0918 4184 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/05 08:58:47.0447 4184 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/05 08:58:47.0946 4184 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/05 08:58:48.0290 4184 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2011/05/05 08:58:48.0477 4184 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/05 08:58:48.0539 4184 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/05 08:58:48.0648 4184 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/05 08:58:48.0726 4184 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/05 08:58:48.0820 4184 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/05 08:58:49.0023 4184 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/05 08:58:49.0179 4184 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/05 08:58:49.0288 4184 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/05 08:58:49.0366 4184 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/05 08:58:49.0413 4184 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/05 08:58:49.0491 4184 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
2011/05/05 08:58:49.0631 4184 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/05 08:58:49.0740 4184 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/05 08:58:49.0787 4184 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/05 08:58:49.0943 4184 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/05 08:58:50.0193 4184 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/05 08:58:50.0318 4184 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
2011/05/05 08:58:50.0676 4184 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/05 08:58:50.0723 4184 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/05 08:58:50.0801 4184 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/05 08:58:50.0910 4184 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/05 08:58:50.0926 4184 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/05 08:58:50.0957 4184 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/05 08:58:51.0004 4184 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/05 08:58:51.0066 4184 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/05 08:58:51.0098 4184 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/05 08:58:51.0160 4184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/05 08:58:51.0238 4184 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/05 08:58:51.0300 4184 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/05 08:58:51.0316 4184 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/05 08:58:51.0456 4184 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/05 08:58:51.0503 4184 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/05 08:58:51.0581 4184 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/05 08:58:51.0628 4184 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/05 08:58:51.0675 4184 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/05 08:58:51.0722 4184 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/05 08:58:52.0330 4184 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/05 08:58:52.0860 4184 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/05 08:58:52.0970 4184 IntcHdmiAddService (8dab99684cfe8b4ddd5d6d0c5d55fdac) C:\Windows\system32\drivers\IntcHdmi.sys
2011/05/05 08:58:53.0016 4184 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/05 08:58:53.0079 4184 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/05 08:58:53.0141 4184 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/05 08:58:53.0204 4184 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/05 08:58:53.0235 4184 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/05 08:58:53.0297 4184 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/05 08:58:53.0328 4184 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/05 08:58:53.0391 4184 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/05 08:58:53.0422 4184 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/05 08:58:53.0469 4184 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
2011/05/05 08:58:53.0484 4184 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/05 08:58:53.0562 4184 k57nd60x (2fbf424e4e8d5f320d2f69d9a726de30) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/05/05 08:58:53.0625 4184 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/05 08:58:53.0734 4184 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/05 08:58:53.0828 4184 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/05 08:58:53.0921 4184 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/05 08:58:54.0015 4184 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/05 08:58:54.0046 4184 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/05 08:58:54.0077 4184 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/05 08:58:54.0124 4184 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/05 08:58:54.0186 4184 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/05 08:58:54.0233 4184 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/05 08:58:54.0264 4184 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/05 08:58:54.0311 4184 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/05 08:58:54.0342 4184 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/05 08:58:54.0420 4184 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/05 08:58:54.0467 4184 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/05 08:58:54.0530 4184 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/05 08:58:54.0592 4184 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/05 08:58:54.0639 4184 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/05 08:58:54.0686 4184 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/05 08:58:54.0779 4184 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/05 08:58:54.0857 4184 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/05 08:58:54.0888 4184 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/05 08:58:54.0935 4184 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/05/05 08:58:55.0029 4184 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/05 08:58:55.0138 4184 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/05 08:58:55.0169 4184 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/05 08:58:55.0232 4184 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/05 08:58:55.0247 4184 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/05 08:58:55.0278 4184 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/05 08:58:55.0310 4184 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/05 08:58:55.0341 4184 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/05 08:58:55.0388 4184 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/05 08:58:55.0434 4184 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/05 08:58:55.0481 4184 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/05 08:58:55.0544 4184 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/05/05 08:58:55.0606 4184 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/05 08:58:55.0622 4184 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/05 08:58:55.0668 4184 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/05 08:58:55.0715 4184 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/05 08:58:55.0762 4184 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/05 08:58:55.0793 4184 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/05 08:58:55.0887 4184 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/05 08:58:55.0934 4184 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/05 08:58:55.0965 4184 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/05 08:58:56.0058 4184 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/05 08:58:56.0121 4184 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/05 08:58:56.0183 4184 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/05/05 08:58:56.0230 4184 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/05 08:58:56.0261 4184 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/05 08:58:56.0292 4184 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/05 08:58:56.0339 4184 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/05 08:58:56.0448 4184 OA001Ufd (9f4a5990f326f91f4d2fcdd869b15ff4) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2011/05/05 08:58:56.0480 4184 OA001Vid (fc893946db8c49d0a1504373dd491b65) C:\Windows\system32\DRIVERS\OA001Vid.sys
2011/05/05 08:58:56.0558 4184 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/05 08:58:56.0651 4184 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
2011/05/05 08:58:56.0698 4184 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/05 08:58:56.0807 4184 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/05 08:58:56.0838 4184 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/05 08:58:56.0963 4184 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
2011/05/05 08:58:57.0244 4184 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/05 08:58:57.0416 4184 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/05 08:58:57.0525 4184 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/05 08:58:57.0868 4184 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/05 08:58:58.0149 4184 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/05 08:58:58.0196 4184 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/05 08:58:58.0289 4184 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/05 08:58:58.0430 4184 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/05 08:58:58.0726 4184 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/05 08:58:58.0788 4184 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/05 08:58:58.0835 4184 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/05 08:58:58.0976 4184 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/05 08:58:59.0256 4184 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/05 08:58:59.0412 4184 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/05 08:58:59.0522 4184 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/05 08:58:59.0600 4184 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/05 08:59:00.0146 4184 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/05 08:59:00.0286 4184 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/05 08:59:00.0426 4184 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/05 08:59:00.0738 4184 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/05 08:59:00.0926 4184 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/05 08:59:01.0300 4184 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/05 08:59:01.0534 4184 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/05 08:59:01.0706 4184 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/05 08:59:01.0768 4184 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/05 08:59:01.0830 4184 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/05 08:59:01.0971 4184 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/05 08:59:02.0064 4184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/05 08:59:02.0111 4184 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/05 08:59:02.0142 4184 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/05 08:59:02.0174 4184 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/05 08:59:02.0252 4184 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/05 08:59:02.0283 4184 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/05 08:59:02.0330 4184 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/05 08:59:02.0376 4184 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/05 08:59:02.0423 4184 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/05 08:59:02.0454 4184 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/05 08:59:02.0486 4184 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/05 08:59:02.0595 4184 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/05 08:59:02.0735 4184 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/05 08:59:02.0798 4184 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/05/05 08:59:02.0954 4184 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/05 08:59:03.0078 4184 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/05 08:59:03.0156 4184 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
2011/05/05 08:59:03.0234 4184 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/05 08:59:03.0390 4184 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/05 08:59:03.0422 4184 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/05 08:59:03.0484 4184 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/05 08:59:03.0562 4184 szkg5 (2bb7c951bf74183a67efaaf614823076) C:\Windows\system32\DRIVERS\szkg.sys
2011/05/05 08:59:03.0671 4184 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/05 08:59:03.0734 4184 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/05 08:59:03.0796 4184 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/05 08:59:03.0827 4184 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/05 08:59:03.0874 4184 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/05 08:59:03.0952 4184 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/05 08:59:03.0999 4184 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/05 08:59:04.0077 4184 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/05 08:59:04.0202 4184 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/05 08:59:04.0233 4184 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/05 08:59:04.0342 4184 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/05 08:59:04.0389 4184 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/05 08:59:04.0436 4184 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/05 08:59:04.0498 4184 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/05 08:59:04.0529 4184 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/05 08:59:04.0560 4184 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/05 08:59:04.0607 4184 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/05 08:59:04.0670 4184 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/05 08:59:04.0716 4184 usbaudio (f89033df77b636621cf6b090f7e1913d) C:\Windows\system32\drivers\usbaudio.sys
2011/05/05 08:59:04.0779 4184 usbccgp (4073a94046d5f1025766eefd6abdc8db) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/05 08:59:04.0810 4184 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/05 08:59:04.0857 4184 usbehci (8625e96957cb855413628abb306c7b89) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/05 08:59:04.0888 4184 usbhub (bc1912ebb127b4e0905c7574349c6dce) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/05 08:59:04.0935 4184 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/05 08:59:05.0013 4184 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/05 08:59:05.0060 4184 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/05 08:59:05.0122 4184 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/05 08:59:05.0138 4184 usbuhci (4ba9542f67c63979761f1e0b8ab7141f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/05 08:59:05.0169 4184 USB_RNDIS (d173f7b936c8f579bcc4f78da861929c) C:\Windows\system32\DRIVERS\usb8023.sys
2011/05/05 08:59:05.0200 4184 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/05 08:59:05.0247 4184 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/05 08:59:05.0294 4184 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/05 08:59:05.0309 4184 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/05 08:59:05.0356 4184 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/05 08:59:05.0418 4184 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/05 08:59:05.0496 4184 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/05 08:59:05.0559 4184 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/05 08:59:05.0621 4184 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/05 08:59:05.0699 4184 wacmoumonitor (826a053968d0faf39afd8aecff580cb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/05/05 08:59:05.0746 4184 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/05/05 08:59:05.0777 4184 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/05 08:59:05.0808 4184 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/05/05 08:59:05.0855 4184 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
2011/05/05 08:59:05.0902 4184 WacomVTHid (799c84ce3bd9600172aa53b4ead8357a) C:\Windows\system32\DRIVERS\WacomVTHid.sys
2011/05/05 08:59:05.0964 4184 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 08:59:05.0980 4184 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 08:59:06.0042 4184 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/05 08:59:06.0120 4184 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/05 08:59:06.0370 4184 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/05 08:59:06.0464 4184 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/05 08:59:06.0542 4184 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/05 08:59:06.0713 4184 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/05 08:59:06.0822 4184 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/05 08:59:06.0822 4184 ================================================================================
2011/05/05 08:59:06.0822 4184 Scan finished
2011/05/05 08:59:06.0822 4184 ================================================================================
2011/05/05 08:59:06.0854 5452 Detected object count: 1
2011/05/05 09:00:19.0331 5452 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/05 09:00:19.0331 5452 \HardDisk0 - ok
2011/05/05 09:00:19.0347 5452 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/05 09:00:49.0486 4488 Deinitialize success


OTL logfile created on: 5/5/2011 9:06:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Casey\Desktop\1
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.81 Gb Total Space | 144.53 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.04 Gb Free Space | 20.43% Space Free | Partition Type: NTFS

Computer Name: CASEY-PC | User Name: Casey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 09:05:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Casey\Desktop\1\OTL.exe
PRC - [2011/02/25 15:56:59 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/10/22 14:39:52 | 000,234,944 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
PRC - [2009/07/20 15:59:24 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2009/07/15 12:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/07/15 12:13:04 | 000,393,512 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/07/15 12:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/07/15 12:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/05/15 05:36:14 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/30 01:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2008/12/22 05:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/22 05:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/22 05:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/25 07:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/25 07:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/08/25 07:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/08/25 07:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2004/08/31 10:34:08 | 000,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2004/08/31 10:18:44 | 000,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/07/27 10:08:22 | 000,262,144 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\memcard.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 09:05:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Casey\Desktop\1\OTL.exe
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SftService)
SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2010/09/30 17:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/20 15:59:24 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2009/07/15 12:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 12:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/05/15 03:23:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/05 18:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/12/22 05:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/22 05:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2004/07/01 16:45:46 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\Windows\System32\dlbucoms.exe -- (dlbu_device)


========== Driver Services (SafeList) ==========

DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/20 18:14:32 | 000,013,224 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/12 15:13:12 | 000,061,328 | ---- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/01/30 17:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/01/19 08:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/01/19 08:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/22 05:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/21 07:15:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/08/25 07:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/25 06:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/08/25 06:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/16 07:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/16 07:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/16 07:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 22:24:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 20:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {1BD7ABC0-2119-49F7-B2BD-207D68F58B94}:1.9.1
FF - prefs.js..extensions.enabledItems: {DAB9E1D6-BA26-41D8-AC2F-CFCC6735B694}:1.9.1


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/06 14:33:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94}: C:\Users\Casey\AppData\Local\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94} [2011/04/06 20:19:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DAB9E1D6-BA26-41D8-AC2F-CFCC6735B694}: C:\Windows\system32\config\systemprofile\AppData\Local\{DAB9E1D6-BA26-41D8-AC2F-CFCC6735B694} [2011/04/08 13:16:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/09 09:33:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 04:50:30 | 000,000,000 | ---D | M]

[2011/02/23 21:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Casey\AppData\Roaming\Mozilla\Extensions
[2011/04/26 22:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\zhx2405e.default\extensions
[2011/04/09 10:52:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\zhx2405e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/20 17:11:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\zhx2405e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/23 21:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/06 20:19:36 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CASEY\APPDATA\LOCAL\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94}
[2009/12/16 22:46:29 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\CASEY\APPDATA\ROAMING\MOVE NETWORKS
[2011/04/08 13:16:21 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{DAB9E1D6-BA26-41D8-AC2F-CFCC6735B694}

O1 HOSTS File: ([2010/11/01 08:54:55 | 000,000,042 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mpix.com/customer/uploading/activex/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Casey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Casey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 09:06:25 | 000,000,000 | ---D | C] -- C:\Users\Casey\Desktop\1
[2011/04/26 22:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/26 22:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/26 22:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/26 22:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/08 13:16:22 | 000,000,000 | ---D | C] -- C:\SupportSoft
[2011/04/06 20:19:36 | 000,000,000 | ---D | C] -- C:\Users\Casey\AppData\Local\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94}
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008/01/20 22:24:21 | 000,274,432 | ---- | C] (HighPoint Technologies, Inc.) -- C:\Users\Casey\AppData\Local\ebihonevoz.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Casey\Documents\*.tmp files -> C:\Users\Casey\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 09:10:17 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 09:10:17 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/05 09:03:08 | 000,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/05 09:02:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 09:02:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 09:02:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 09:01:43 | 3178,123,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 10:23:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 05:09:16 | 204,720,786 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/26 21:26:09 | 000,006,756 | ---- | M] () -- C:\Users\Casey\AppData\Local\d3d9caps.dat
[2011/04/23 17:23:54 | 000,000,000 | ---- | M] () -- C:\Users\Casey\AppData\Local\Onowob.bin
[2011/04/23 17:23:53 | 000,000,120 | ---- | M] () -- C:\Users\Casey\AppData\Local\Tyigok.dat
[2011/04/08 17:35:13 | 000,000,804 | ---- | M] () -- C:\Windows\disney.ini
[2011/04/07 11:58:48 | 000,001,536 | -HS- | M] () -- C:\ProgramData\3s01332t76tp114a55yo
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Casey\Documents\*.tmp files -> C:\Users\Casey\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 09:03:08 | 000,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/04/26 21:30:14 | 3178,123,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/07 11:58:33 | 000,001,536 | -HS- | C] () -- C:\ProgramData\3s01332t76tp114a55yo
[2011/04/05 19:35:19 | 000,000,120 | ---- | C] () -- C:\Users\Casey\AppData\Local\Tyigok.dat
[2011/04/05 19:35:19 | 000,000,000 | ---- | C] () -- C:\Users\Casey\AppData\Local\Onowob.bin
[2011/02/23 21:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/29 17:46:32 | 000,000,292 | ---- | C] () -- C:\Windows\EReg077.dat
[2010/11/29 17:45:21 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2010/11/29 17:36:32 | 000,000,314 | ---- | C] () -- C:\Windows\EReg515.dat
[2010/11/29 17:35:16 | 000,000,804 | ---- | C] () -- C:\Windows\disney.ini
[2010/11/06 14:24:14 | 000,208,286 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/08/26 21:14:49 | 000,000,000 | ---- | C] () -- C:\Users\Casey\AppData\Roaming\wklnhst.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/04/27 18:28:44 | 000,000,060 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/04/27 18:28:43 | 000,000,371 | ---- | C] () -- C:\Windows\ka.ini
[2010/01/29 17:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/12/31 16:10:53 | 000,103,936 | ---- | C] () -- C:\Windows\System32\JPEGACC.DLL
[2009/12/31 16:10:53 | 000,044,544 | ---- | C] () -- C:\Windows\System32\IGFPX32S.DLL
[2009/12/31 16:10:52 | 000,316,928 | ---- | C] () -- C:\Windows\System32\FPXIG.DLL
[2009/11/28 10:18:33 | 000,236,616 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/10/26 21:29:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/30 17:40:52 | 000,004,096 | -H-- | C] () -- C:\Users\Casey\AppData\Local\keyfile3.drm
[2009/09/20 06:02:28 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/09/20 06:02:28 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/09/20 06:02:28 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/09/20 06:02:28 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/09/20 06:02:28 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/09/20 06:02:28 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/09/20 06:02:28 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/09/20 06:02:28 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/09/20 06:02:27 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/09/20 06:02:27 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/09/20 06:02:27 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/09/20 06:02:27 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/09/20 06:02:27 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/09/20 06:02:27 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/09/20 06:02:27 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/09/20 06:02:27 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/06/17 13:59:16 | 000,006,756 | ---- | C] () -- C:\Users\Casey\AppData\Local\d3d9caps.dat
[2009/06/04 21:27:52 | 000,051,712 | ---- | C] () -- C:\Users\Casey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 20:32:00 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlbusnls.dll
[2009/05/28 20:31:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dlbucoin.dll
[2009/05/21 20:22:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/15 05:43:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/05/15 05:43:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/05/15 05:43:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/05/15 05:38:29 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/15 05:38:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/15 03:16:03 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/05/15 03:09:31 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/05/15 03:09:29 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/05/15 03:09:27 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,442,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/08/06 14:23:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlbucur.dll
[2004/08/06 14:22:12 | 000,557,056 | ---- | C] () -- C:\Windows\System32\dlbujswr.dll
[2004/08/06 14:07:24 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbucu.dll
[2004/08/06 14:01:42 | 000,401,408 | ---- | C] () -- C:\Windows\System32\dlbuutil.dll
[2004/07/01 16:43:38 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dlbuih.exe
[2003/10/08 10:09:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbuvs.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


OTL Extras logfile created on: 5/5/2011 9:06:26 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Casey\Desktop\1
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.81 Gb Total Space | 144.53 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.04 Gb Free Space | 20.43% Space Free | Partition Type: NTFS

Computer Name: CASEY-PC | User Name: Casey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3673672258-3817487754-464162392-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" =

"FirewallDisableNotify" = 0
"FirewallOverride" =

"FirstRunDisabled" =

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D84E8B2-9C67-42D2-8E40-CD7769BE6475}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{5C989BF0-7ADB-496C-A91E-0BFB19F529CD}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{74DFCFB0-EFFB-445A-97D5-9B2D23B00AED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F1E709BF-22C3-4738-8555-5C65D83AAA89}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CC8F6A-8A6C-4675-AFBF-053575EB9510}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{03CA5A48-BECF-4495-99BF-E0B2A4AFCDEF}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{0BBB4177-E067-48CE-903E-E215AF67FB3E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{17AB063E-A95E-465A-8A8C-053BD7FD9B5D}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{23A33C63-8E8B-4055-81B5-F8402AE60120}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{23E38804-1D46-4589-A593-8E3609C0C325}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2473F86B-0BB8-478F-A868-231DA5502AFB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{270C8788-3716-4298-8DD2-77ED1AD096FA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2987AE37-5FFE-4FB5-BF13-7778B7BC6A26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E22B427-3BCD-41DE-A3C1-1A503710ED1B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{35ADB1DE-8576-4C69-B6A7-20C31F878777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38263071-4F78-4A65-8F62-CB6A7E0C35D5}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{3978A04E-D0F4-43BA-AA8F-3C12A7EE1B08}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{39DC25A6-89CB-4D59-B595-E9B52E995105}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{3AA09D38-1360-4882-8ED3-E7DAC1F21F3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D9C5853-5F22-4FE4-B949-FA9DD742D697}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4F75AB4E-B1FA-4162-A865-C86391383F81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52746FA9-3D5C-43E5-B3E6-208915C12EFE}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{56F1A33A-B7EE-40EB-A707-96D83BE09937}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59571443-3532-4704-9FAD-761FA105D24E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5D67B084-67F5-4875-8AD0-472CD73B9AD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60888999-02D9-48B2-BED1-192D0FC02258}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{63DCAD66-B921-46F9-8889-7DE6B07C6620}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64A9A378-20CA-4F44-B95C-4FD9C8A86C1B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{65DC100E-C6A1-4292-9A5F-B39AE9432167}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6B236F08-E810-4574-B000-C6D7C73D23F9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6B9F17E0-530B-4192-8638-FC949E286B4F}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{758DF336-3441-4C9B-A6DF-091B410A55F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B33B5C3-F752-4583-834F-50BCC60106B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B8A8AFD-3743-4E1E-89B2-A1C285748D74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{7CF3CBC3-F0F2-467F-99A9-074CC5572457}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7F65EE91-E082-4C62-8E69-747A604B8A0B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{82B43EBC-D514-4F4F-A055-73783DE966F2}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{846D94A9-C502-4906-8146-C37C24070526}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85D6F88E-7AC7-496B-8807-E79220EFBFDF}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{95AE1344-767E-4066-9CEE-17EABBD88DFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C98C333-EE62-42B7-B7FB-0CCE7A97D614}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{A69DAFE7-09F5-4179-BDEA-EDFAB3A15E63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA8619DF-5966-48DB-A6BC-2BF322B83F84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF496B1A-7B23-413F-925C-73F082803042}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{B1414606-1064-438F-B859-27579A21E26A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B25B5A89-B166-44EA-9D94-0C016AF44305}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B34A1FF9-16F2-44CD-A1F5-1B7F46226FC4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B48FC862-016D-475D-ADB6-ACE2A037EC46}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4A98015-EF18-43ED-BAB2-9F76F9529849}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B8AB81A6-E5C3-4328-AE3D-B97E130E4FF2}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{BD1DBFD9-7A5E-4EF3-9564-C8091D30F751}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BF877728-42F7-4091-AC57-41F24473A167}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{BFA81705-33AD-45F4-8831-0B04B881E002}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C079148A-ED3F-4813-874E-AB08BFF19124}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{C6856330-E802-4BAF-AB40-82505E35A1C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{CAB9E043-B617-40F1-99AB-A96902B6EB70}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{D2AFEBF2-ED51-41DC-A516-8A755DC41F06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3503ADE-90AD-4A0E-93C8-2A284400A4D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D8573B11-C60F-4773-A3EB-9AD9397B3F90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDBEEC49-8D3D-4E54-A215-15F1D1B6E39C}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{DF00AB19-6062-4C89-A02A-59BB4032D0C9}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{DFC29D52-F248-4AF7-9695-8E6F867DC039}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6B615E7-7F92-4454-8399-91E47C6AE1F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{ED44E895-5BD7-43EC-8D2E-0989CCAAD18E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EE1A4657-2DF5-48A8-9C8A-5F127180DDC7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF04228B-D6CA-4717-B9AC-D5E7DD5014E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0743F5F-DC97-4943-AAB8-C6A856997542}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F0BFDD38-EDAB-4AC3-8A6D-AD8FCFA38ED4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F3F1F7B2-DA45-4B54-9639-223416FD7948}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F414A745-52DA-4FC9-AC0B-10FE87F69209}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{F76A3EB9-A17A-4C1B-97F7-9CD19F4A569B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{164262C1-937D-40F6-B438-8DCD6C5BDF22}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{21BD2277-28ED-4EA8-9B07-E7CE605E8D15}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F3BA4666-BB4C-4D1D-B279-47A1F4BA2619}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{2E25BE46-25F8-4109-958F-814C114827B7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4B371C46-A6FD-41FA-BAB8-4F200FF0049E}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{67B7CC7B-C3BF-47EA-9D7D-DC2DB6723CED}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D107464-7C2D-44E0-8865-628EAD16FB47}" = Nancy Drew: The Haunting of Castle Malloy
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA77219C-0A77-4FF3-8CC5-2DC08469E6FF}_is1" = Karaoke CD+G Creator Pro
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAD4B1C8-E334-4163-92CD-3B36690BE246}" = Robots Print Studio
"{DB9ECBEC-F228-460D-8CF7-DCDCC872CBAB}" = STOPzilla
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"Big Action Construction" = Big Action Construction
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Live! Cam Doodling" = Creative Live! Cam Doodling
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio Recorder_is1" = Free Audio Recorder 1.0
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Graboid Video" = Graboid Video 1.65
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"JSARTIST" = JumpStart Artist
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyPoint Connector_is1" = MyPoint Connector 1.2
"PDF Viewer" = PDF Viewer 0.1
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"The Print Shop Premier Edition 5.1" = The Print Shop Premier Edition 5.0
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3673672258-3817487754-464162392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Smilebox" = Smilebox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2010 9:28:17 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2010 9:28:17 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6450298

Error - 11/14/2010 9:28:17 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6450298

Error - 11/14/2010 9:53:31 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2010 9:53:31 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1544

Error - 11/14/2010 9:53:31 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1544

Error - 11/14/2010 10:09:23 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2010 10:09:23 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 953821

Error - 11/14/2010 10:09:23 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 953821

Error - 11/14/2010 10:13:33 PM | Computer Name = Casey-PC | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ Broadcom Wireless LAN Events ]
Error - 4/5/2011 7:56:02 PM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 19:56:02, Tue, Apr 05, 11 Error - Unable to gain access to user store


Error - 4/5/2011 8:01:25 PM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 20:01:25, Tue, Apr 05, 11 Error - Unable to gain access to user store


Error - 4/6/2011 7:57:17 PM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 19:57:16, Wed, Apr 06, 11 Error - Unable to gain access to user store


Error - 4/7/2011 7:03:27 AM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 07:03:27, Thu, Apr 07, 11 Error - Unable to gain access to user store


Error - 4/8/2011 12:46:34 PM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 12:46:34, Fri, Apr 08, 11 Error - Unable to gain access to user store


Error - 4/8/2011 1:16:22 PM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 13:16:22, Fri, Apr 08, 11 Error - Unable to switch user context, error
87

Error - 4/8/2011 1:33:01 PM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 13:33:01, Fri, Apr 08, 11 Error - Unable to switch user context, error
87

Error - 4/9/2011 5:12:46 PM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 17:12:46, Sat, Apr 09, 11 Error - Unable to gain access to user store


Error - 4/26/2011 9:32:36 PM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 21:32:36, Tue, Apr 26, 11 Error - Unable to gain access to user store


Error - 4/27/2011 5:11:27 AM | Computer Name = Casey-PC | Source = WLAN-Tray | ID = 0
Description = 05:11:27, Wed, Apr 27, 11 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 8/30/2009 6:22:32 PM | Computer Name = Casey-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 11/7/2009 6:03:43 PM | Computer Name = Casey-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 7/23/2009 9:45:23 PM | Computer Name = Casey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1427
seconds with 900 seconds of active time. This session ended with a crash.

Error - 9/12/2010 9:17:36 PM | Computer Name = Casey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 88846
seconds with 2640 seconds of active time. This session ended with a crash.

Error - 11/14/2010 10:13:33 PM | Computer Name = Casey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2215
seconds with 720 seconds of active time. This session ended with a crash.

Error - 2/9/2011 11:40:14 PM | Computer Name = Casey-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2759
seconds with 2580 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/16/2009 12:49:55 PM | Computer Name = Casey-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 76.21.133.152 for the Network Card with network
address 002219E9231E has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/16/2009 1:55:16 PM | Computer Name = Casey-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 76.21.133.152 for the Network Card with network
address 002219E9231E has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/16/2009 2:10:47 PM | Computer Name = Casey-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.22 for the Network Card with network
address 00242C7B8895 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/16/2009 2:34:23 PM | Computer Name = Casey-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 002219E9231E.

Error - 10/16/2009 2:51:38 PM | Computer Name = Casey-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 10/16/2009 2:51:49 PM | Computer Name = Casey-PC | Source = HTTP | ID = 15016
Description =

Error - 10/16/2009 2:56:42 PM | Computer Name = Casey-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 76.21.133.152 for the Network Card with network
address 002219E9231E has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 10/16/2009 2:57:17 PM | Computer Name = Casey-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 002219E9231E has been denied by the DHCP server 68.87.73.28 (The DHCP Server
sent a DHCPNACK message).

Error - 10/17/2009 4:23:38 AM | Computer Name = Casey-PC | Source = HTTP | ID = 15016
Description =

Error - 10/17/2009 7:10:56 PM | Computer Name = Casey-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Hi!

The main infection that you were infected with is called TDL4.

See the snippet of text below:

Quote

You can read more about this infection here:

• TDL4 Rootkit - Bootkit
  
• TDSS: Rootkit technologies from the beginning
  
• TDL3: The Rootkit of All Evil?
  
• Backdoor.Tdss.565
  
• TDL3: Part I A detailed analysis of TDL rootkit 3rd generation

Special thanks to quietman7 for providing the above links.



NEXT:


GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  [2011/04/06 20:19:36 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CASEY\APPDATA\LOCAL\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94}
  O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  O37 - HKU\S-1-5-21-3673672258-3817487754-464162392-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
  [2008/01/20 22:24:21 | 000,274,432 | ---- | C] (HighPoint Technologies, Inc.) -- C:\Users\Casey\AppData\Local\ebihonevoz.dll
  [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
  [1 C:\Users\Casey\Documents\*.tmp files -> C:\Users\Casey\Documents\*.tmp -> ]
  [2011/04/23 17:23:54 | 000,000,000 | ---- | M] () -- C:\Users\Casey\AppData\Local\Onowob.bin
  [2011/04/07 11:58:48 | 000,001,536 | -HS- | M] () -- C:\ProgramData\3s01332t76tp114a55yo
  [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
  [1 C:\Users\Casey\Documents\*.tmp files -> C:\Users\Casey\Documents\*.tmp -> ]
  [2011/04/07 11:58:33 | 000,001,536 | -HS- | C] () -- C:\ProgramData\3s01332t76tp114a55yo
  [2011/04/05 19:35:19 | 000,000,120 | ---- | C] () -- C:\Users\Casey\AppData\Local\Tyigok.dat
  [2011/04/05 19:35:19 | 000,000,000 | ---- | C] () -- C:\Users\Casey\AppData\Local\Onowob.bin
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



What issues are you currently experiencing with your computer?

Thanks for the additional information. OTL stopped responding and windows closed the application on the first attempt but I re-ran the script and it seemed to work. Here are the resulting logs:

GooredFix by jpshortstuff (04.04.11.1)
Log created at 21:53 on 05/05/2011 (Casey)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94} -> Success!
Deleting C:\Users\Casey\AppData\Local\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{DAB9E1D6-BA26-41D8-AC2F-CFCC6735B694} -> Success!
Deleting C:\Windows\system32\config\systemprofile\AppData\Local\{DAB9E1D6-BA26-41D8-AC2F-CFCC6735B694} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:26 24/02/2011]

C:\Users\Casey\Application Data\Mozilla\Firefox\Profiles\zhx2405e.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [14:52 09/04/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [21:11 20/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:52 22/08/2009]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [18:33 06/11/2010]

-=E.O.F=-

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Folder C:\USERS\CASEY\APPDATA\LOCAL\{1BD7ABC0-2119-49F7-B2BD-207D68F58B94}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_USERS\S-1-5-21-3673672258-3817487754-464162392-1000_Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-3673672258-3817487754-464162392-1000_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\Users\Casey\AppData\Local\ebihonevoz.dll not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Users\Casey\Documents\*.tmp not found.
File C:\Users\Casey\AppData\Local\Onowob.bin not found.
File C:\ProgramData\3s01332t76tp114a55yo not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Users\Casey\Documents\*.tmp not found.
File C:\ProgramData\3s01332t76tp114a55yo not found.
File C:\Users\Casey\AppData\Local\Tyigok.dat not found.
File C:\Users\Casey\AppData\Local\Onowob.bin not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Casey\Desktop\1\cmd.bat deleted successfully.
C:\Users\Casey\Desktop\1\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Casey
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 27611716 bytes
->Java cache emptied: 5203480 bytes
->FireFox cache emptied: 45529674 bytes
->Google Chrome cache emptied: 6393095 bytes
->Flash cache emptied: 302740 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 896203 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23950552 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 994017 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1775159089 bytes

Total Files Cleaned = 1,799.00 mb


[EMPTYFLASH]

User: All Users

User: Casey
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05052011_220136

Files\Folders moved on Reboot...
File\Folder C:\Users\Casey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G63ABNHE\page__gopid__2234746[1].htm not found!
C:\Users\Casey\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6516

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/5/2011 10:17:14 PM
mbam-log-2011-05-05 (22-17-14).txt

Scan type: Quick scan
Objects scanned: 163511
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello!

Please be sure to let me know how things are running after doing these scans:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Check
  
• Make sure that the option "Remove found threats" is Unchecked
  
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
  
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

NEXT:


Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Seems to be running better. Here are the new logs:


C:\Users\Casey\AppData\Roaming\Adobe\plugs\mmc14894991.txt a variant of Win32/Cimag.GS trojan cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-14e251a9 Java/TrojanDownloader.OpenStream.NBS trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05052011_215609\C_Users\Casey\AppData\Local\ebihonevoz.dll a variant of Win32/Cimag.GU trojan cleaned by deleting - quarantined


C:\Users\Casey\AppData\Roaming\Adobe\plugs\mmc14894991.txt a variant of Win32/Cimag.GS trojan cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-14e251a9 Java/TrojanDownloader.OpenStream.NBS trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05052011_215609\C_Users\Casey\AppData\Local\ebihonevoz.dll a variant of Win32/Cimag.GU trojan cleaned by deleting - quarantined

Hi!

Please run this tool:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.

• Please post the C:\ComboFix.txt for further review.

Combofix log...

ComboFix 11-05-07.01 - Casey 05/07/2011 17:37:28.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3030.1597 [GMT -4:00]
Running from: c:\users\Casey\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Casey\AppData\Roaming\Adobe\plugs
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc0.exe
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc14895708.txt
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc14895724.txt
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc14896005.txt
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc14896161.txt
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc14901543.txt
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc14904975.txt
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc14905240.txt
c:\users\Casey\AppData\Roaming\Adobe\plugs\mmc6.exe
c:\users\Casey\AppData\Roaming\Adobe\shed
c:\users\Casey\AppData\Roaming\Adobe\shed\thr1.chm
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 21:44 . 2011-05-07 21:44 -------- d-----w- c:\users\Casey\AppData\Local\temp
2011-05-07 21:44 . 2011-05-07 21:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-07 21:44 . 2011-05-07 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-07 12:53 . 2011-05-07 12:53 -------- d-----w- c:\users\Casey\AppData\Roaming\HPAppData
2011-05-06 01:56 . 2011-05-06 01:56 -------- d-----w- C:\_OTL
2011-05-05 13:18 . 2011-03-03 10:49 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-27 02:27 . 2011-04-27 02:27 -------- d-----w- c:\program files\iPod
2011-04-27 02:27 . 2011-04-27 02:28 -------- d-----w- c:\program files\iTunes
2011-04-27 02:22 . 2011-04-27 02:22 -------- d-----w- c:\program files\Bonjour
2011-04-08 17:28 . 2011-04-08 17:28 -------- d-----w- c:\users\Default\AppData\Roaming\Yahoo!
2011-04-08 17:28 . 2011-04-08 17:28 -------- d-----w- c:\users\Default\AppData\Local\Google
2011-04-08 17:16 . 2011-04-08 17:16 -------- d-----w- C:\SupportSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-03 14:56 . 2011-05-05 13:23 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-05-05 13:23 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-05-05 13:23 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-05-05 13:23 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-18 20:36 . 2011-02-18 20:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 20:36 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 23:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 200704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-15 07:23 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Casey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Casey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
path=c:\users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
backup=c:\windows\pss\Logitech Touch Mouse Server.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Casey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Casey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
2006-10-09 19:49 20480 ------w- c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
2004-08-31 14:18 294912 ----a-w- c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-02-19 15:43 438403 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
2004-07-27 14:08 262144 ----a-w- c:\program files\Dell Photo AIO Printer 942\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-01-30 05:50 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 20:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2008-12-18 04:27 4823928 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2010-04-06 20:28 300352 ----a-w- c:\users\Casey\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-16 00:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"="
"
"FirewallOverride"="
"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca33b57724ad70;Google Update Service (gupdate1ca33b57724ad70);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 15656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys [2009-05-12 61328]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 4408616]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 112936]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-21 112128]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 54784]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-19 133472]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-19 279488]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-05-20 13224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 14:29]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-12 14:29]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{CA77F026-898B-40B8-B872-6004B2784312}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Casey\AppData\Roaming\Mozilla\Firefox\Profiles\zhx2405e.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Casey\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Efirelavar - c:\users\Casey\AppData\Local\ebihonevoz.dll
MSConfigStartUp-Swirolubupovilom - c:\users\Casey\AppData\Local\STINlge.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 17:44
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
Completion time: 2011-05-07 17:46:59
ComboFix-quarantined-files.txt 2011-05-07 21:46
.
Pre-Run: 154,498,723,840 bytes free
Post-Run: 154,468,765,696 bytes free
.
- - End Of File - - 752159A4A080BCDD84A8BA82FD379E75

Hi!

Your ComboFix log looks good.

Run this scan please:

Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Here is the log:

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

HI!

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "Java Platform, Standard Edition".
  
• Click the "Download JRE" button to the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• From the list, select your OS and Platform.
  
  • 32-bit Select: Windows x86 Offline.
    
  • 64-bit Select: Windows x64.
  
  
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.

NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

• Go to Start > Control Panel > Add/Remove Programs
  
• Remove ALL instances of Adobe Reader
  
• Re-boot your computer as required.
  
• Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 3.6.17.

You can get the latest version of Firefox by accessing the menu in Firefox and then selecting .

Please make sure that you again after updating to the latest version to make sure that you have in fact received the latest version.



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Files
  ipconfig /flushdns /c
  :Commands
  [CreateRestorePoint]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



NEXT:



Your computer is currently running with an outdated Service Pack installed. This is not something that I recommend you continue to do. Please visit this link here: http://support.microsoft.com/kb/935791#Method2 for information on how to obtain the latest Service Pack for Vista. The latest service pack for Vista is currently Service Pack 2.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  
  
  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
  
  
• Push the button.
  
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Updated Java, Adobe Reader and Firefox and used OTL to create the restore point but received an error at the end of the SP2 update - screenshot attached. (did not perform last OTL scan):

 sp2error.jpg (24.2K)
Number of downloads: 3

hmm..

That's weird. Is this a personal computer?

Yes, a personal laptop. I did find this article but did not take their recommended steps until asking you. http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_install/tried-to-install-update-get-error-code-800705b3/9bd86a17-d81f-40ae-8be0-68c3c33c5e0c