in performing the 'read this first' steps -- how do I know I have script blocking disabled before running DDS? what programs block scripts? I completed all the steps, dds took WAY longer than 3 minutes like it said it was supposed to, and in the meantime, my century link antivirus (f-secure) keeps finding and trying to remove this virus -- 'rootkit.19267' it shows the file in c:\windows\system32\drivers. I have also seen in the av log about TROJAN.DOWNLOADER.AGO sometimes it blocks it, sometimes it says it can't remove it, and sometimes it says removed, but keeps coming back.

I guess I really need to know before posting all these logs if I actually have script blocking disabled before proceeding.....
thanks in advance.

oh yeah, I forgot to state when I first got the fake av thingy and it locked up the whole machine, I had to restart in safe mode and restore to an earlier date, so I'm sure I'm dealing with the remnants of that thing.

Welcome aboard

Please, complete all steps listed here: HERE

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

um, yeah, did all that-- but got stuck at:

Originally Posted by gregg bruce

in performing the 'read this first' steps -- how do I know I have script blocking disabled before running DDS?

Do you have Spybot, or Windows Defender running?

no, uninstalled windows defender -- no spybot, but do have iobit malware fighter, and iobit advanced system care 4 usually running

iobit applications are not recommended.
You can safely uninstall both.

Then, go ahead with all required scans.

here are all the scans:

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6858

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/17/2011 11:33:24 AM
mbam-log-2011-06-17 (11-33-24).txt

Scan type: Quick scan
Objects scanned: 167821
Time elapsed: 18 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-17 13:48:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75DEA0 rev.05.03E05
Running: yqncgjb2.exe; Driver: C:\DOCUME~1\MARKC~1.CHU\LOCALS~1\Temp\pgtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xA44F8CD6]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xA44F8CF0]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xA44F7E8C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xA44F81BC]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xA44F7BCC]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xA44F85EE]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xA44F988C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xA44F843E]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xA44F7A4C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xA44F7EC0]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xA44F8042]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xA44F79A6]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xA44F7B06]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xA44F7F86]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7571] ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D7576]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7576] ZwOpenKey [0x804D7576]

INT 0x03 \WINDOWS\system32\ntoskrnl.exe[unknown section] 804D757B
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A42B516D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A42B4FC2

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F0 804E275C 3 Bytes [71, 75, 4D] {JNO 0x77; DEC EBP}
.text ntoskrnl.exe!_abnormal_termination + 228 804E2894 3 Bytes [76, 75, 4D] {JBE 0x77; DEC EBP}
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [4C, 7A, 4F, A4, C0, 7E, 4F, ...]
INITc VolSnap.sys F7622BD0 4 Bytes [36, 9A, 4D, 80]
INITc VolSnap.sys F7622BF8 4 Bytes [94, 87, 4E, 80] {XCHG ESP, EAX; XCHG [ESI-0x80], ECX}
INITc VolSnap.sys F7622C20 4 Bytes [A0, C1, 4D, 80]
INITc VolSnap.sys F7622C48 4 Bytes [B0, C8, 4D, 80]
INITc VolSnap.sys F7622C70 4 Bytes [09, BF, 4D, 80]
INITc ...
.text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xA3160000, 0x48011, 0xE0000020]
.init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xA31B5224]
.init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xA31B5000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA30CF400, 0x6E1B2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA3159220] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA3159220]
.protectÿÿÿÿhardlockunknown last code section [0xA3159000, 0x50EA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA3159000, 0x50EA, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jqs.exe[620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0267000C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0267100C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0267200C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0267300C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0267700C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0267500C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0267600C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0267800C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0267900C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0267400C
.text C:\Program Files\Java\jre6\bin\jqs.exe[620] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0267A00C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0066000C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0066100C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0066200C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0066300C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0066700C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0066500C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0066600C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0066800C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0066400C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[680] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0066900C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DB000C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00DB100C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB200C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00DB300C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00DB700C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00DB500C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00DB600C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00DB800C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00DB400C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00DBA00C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] ole32.dll!CoCreateInstanceEx 774FF154 3 Bytes JMP 00DB900C
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[720] ole32.dll!CoCreateInstanceEx + 4 774FF158 1 Byte [89]
.text C:\WINDOWS\system32\winlogon.exe[840] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A4000C
.text C:\WINDOWS\system32\winlogon.exe[840] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A4100C
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A4200C
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00A4300C
.text C:\WINDOWS\system32\winlogon.exe[840] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00A4700C
.text C:\WINDOWS\system32\winlogon.exe[840] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00A4500C
.text C:\WINDOWS\system32\winlogon.exe[840] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00A4600C
.text C:\WINDOWS\system32\winlogon.exe[840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A4800C
.text C:\WINDOWS\system32\winlogon.exe[840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A4400C
.text C:\WINDOWS\system32\winlogon.exe[840] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00A4A00C
.text C:\WINDOWS\system32\winlogon.exe[840] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A4900C
.text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B9000C
.text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B9100C
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9200C
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00B9300C
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00B9700C
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00B9500C
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00B9600C
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B9800C
.text C:\WINDOWS\system32\lsass.exe[896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00B9400C
.text C:\WINDOWS\system32\lsass.exe[896] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00B9A00C
.text C:\WINDOWS\system32\lsass.exe[896] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00B9900C
.text C:\WINDOWS\Explorer.EXE[1224] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 022C000C
.text C:\WINDOWS\Explorer.EXE[1224] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 022C100C
.text C:\WINDOWS\Explorer.EXE[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 022C200C
.text C:\WINDOWS\Explorer.EXE[1224] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 022C300C
.text C:\WINDOWS\Explorer.EXE[1224] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 022C700C
.text C:\WINDOWS\Explorer.EXE[1224] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 022C500C
.text C:\WINDOWS\Explorer.EXE[1224] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 022C600C
.text C:\WINDOWS\Explorer.EXE[1224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 022C800C
.text C:\WINDOWS\Explorer.EXE[1224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 022C400C
.text C:\WINDOWS\Explorer.EXE[1224] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 022CA00C
.text C:\WINDOWS\Explorer.EXE[1224] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 022C900C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0083000C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0083100C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0083200C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0083300C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0083700C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0083500C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0083600C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] ADVAPI32.dll!CreateServiceW 77E373A9 3 Bytes JMP 0083800C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] ADVAPI32.dll!CreateServiceW + 4 77E373AD 1 Byte [88]
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0083400C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0083A00C
.text C:\WINDOWS\System32\tcpsvcs.exe[1368] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0083900C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0070000C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0070100C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0070200C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0070300C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0070400C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0070900C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0070700C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0070500C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0070600C
.text C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe[1832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0070800C
.text C:\WINDOWS\system32\hasplms.exe[1980] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 013B000C
.text C:\WINDOWS\system32\hasplms.exe[1980] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 013B100C
.text C:\WINDOWS\system32\hasplms.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013B200C
.text C:\WINDOWS\system32\hasplms.exe[1980] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 013B300C
.text C:\WINDOWS\system32\hasplms.exe[1980] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 013B700C
.text C:\WINDOWS\system32\hasplms.exe[1980] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 013B500C
.text C:\WINDOWS\system32\hasplms.exe[1980] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 013B600C
.text C:\WINDOWS\system32\hasplms.exe[1980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 013B800C
.text C:\WINDOWS\system32\hasplms.exe[1980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 013B400C
.text C:\WINDOWS\system32\hasplms.exe[1980] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 013B900C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F3000C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00F3100C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3200C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00F3300C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 00F3700C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00F3500C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 00F3600C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F3800C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F3400C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 00F3A00C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe[2104] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00F3900C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0222000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0222100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0222200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0222300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 0222700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 0222500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 0222600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0222800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0222400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 0222A00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2144] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0222900C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 025B000C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 025B100C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025B200C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 025B300C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 025B400C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 025BA00C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 025B900C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 025B700C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 025B500C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 025B600C
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[2204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 025B800C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 027B000C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 027B100C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 027B200C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 027B300C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 027B700C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 027B500C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 027B600C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 027B800C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 027B900C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 027B400C
.text C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e[2404] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 027BA00C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 022A000C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 022A100C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 022A200C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 022A300C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 022A700C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 022A500C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 022A600C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 022A800C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 022A400C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] USER32.dll!DdeConnect 7E4581C3 5 Bytes JMP 022AA00C
.text C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT[2420] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 022A900C

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A5261ED
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5261ED
Device \Driver\atapi \Device\Ide\IdePort0 8A5261ED
Device \Driver\atapi \Device\Ide\IdePort1 8A5261ED
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A5261ED
Device \Driver\USBSTOR -> DriverStartIo \Device\00000069 A8679F26
Device \Driver\USBSTOR \Device\00000069 A867D218
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\USBSTOR -> DriverStartIo \Device\0000006a A8679F26
Device \Driver\USBSTOR \Device\0000006a A867D218
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Disk \Device\Harddisk1\DR3 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:208] 8A52AE7A
Thread System [4:212] 8A52D008

---- EOF - GMER 1.0.15 ----



aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 14:33:54
-----------------------------
14:33:54.765 OS Version: Windows 5.1.2600 Service Pack 3
14:33:54.765 Number of processors: 1 586 0x209
14:33:54.765 ComputerName: SHOP2 UserName:
14:33:55.796 Initialize success
14:34:05.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:34:05.609 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
14:34:05.703 Disk 0 MBR read successfully
14:34:05.703 Disk 0 MBR scan
14:34:05.703 Disk 0 Windows XP default MBR code
14:34:05.718 Disk 0 scanning sectors +78108030
14:34:05.875 Disk 0 scanning C:\WINDOWS\system32\drivers
14:39:02.109 Service scanning
14:39:10.968 Disk 0 trace - called modules:
14:39:11.468 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a5261ed]<<
14:39:11.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a596ab8]
14:39:11.515 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5c6d98]
14:39:11.515 \Driver\atapi[0x8a5b1208] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a5261ed
14:39:11.515 Scan finished successfully
1507.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark C. Chubb\Desktop\MBR.dat"
1507.281 The log file has been saved successfully to "C:\Documents and Settings\Mark C. Chubb\Desktop\aswMBR.txt"



.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mark C. Chubb at 1520 on 2011-06-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1492 [GMT -5:00]
.
AV: CenturyLink™ Online Security 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Mark C. Chubb\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.ex e
C:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT
C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/calendar/render?tab=oc
uSearch Page =
uDefault_Page_URL = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\mark c. chubb\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ACQTMOUSE] "c:\program files\mouse setting\mouse setting software\4.0\ACQTMAPP.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [F-Secure Manager] "c:\program files\centurylink online security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\centurylink online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\centurylink online security\fsps\program\FSLSP.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - hxxp://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.5688541667
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys $cor.sys [2004-10-6 10368]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-5-27 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-5-27 82120]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$f ilesystem\crater.sys [2004-10-7 11904]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\centurylink online security\hips\drivers\fshs.sys [2011-5-27 68064]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\centurylink online security\anti-virus\fsgk32st.exe [2011-5-27 215648]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
R3 ACRUSBTM;ACRUSBTM;c:\windows\system32\drivers\ACRU SBTM.SYS [2010-11-23 28672]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\centurylink online security\anti-virus\minifilter\fsgk.sys [2011-5-27 148648]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\centurylink online security\orsp client\fsorsp.exe [2011-5-27 61088]
S2 $sys$DRMServer;Plug and Play Device Manager;c:\windows\system32\$sys$filesystem\$sys$d rmserver.exe --> c:\windows\system32\$sys$filesystem\$sys$DRMServer .exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\docume~1\markc~1.chu\locals~1\temp\f-secure\blacklight\fsblsrv.exe --> c:\docume~1\markc~1.chu\locals~1\temp\f-secure\blacklight\fsblsrv.exe [?]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\markc~1.chu\loca ls~1\temp\mdxgthkn.sys --> c:\docume~1\markc~1.chu\locals~1\temp\mdxgthkn.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\dri vers\motccgpfl.sys [2008-8-22 8320]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant .sys --> c:\windows\system32\vsdatant.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\centurylink online security\anti-virus\win2k\fsfilter.sys [2011-5-27 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\centurylink online security\anti-virus\win2k\fsrec.sys [2011-5-27 25184]
.
=============== Created Last 30 ================
.
2011-06-15 21:41:36 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-15 20:04:03 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-05-31 13:16:30 2855 ----a-w- c:\windows\CDProxyServ.PIF
2011-05-31 13:14:28 -------- d--h--w- c:\windows\PIF
2011-05-29 22:13:18 -------- d-----w- c:\documents and settings\mark c. chubb\application data\IObit
2011-05-29 21:39:19 -------- d-----w- c:\program files\CCleaner
2011-05-27 16:24:26 -------- d-----w- c:\documents and settings\mark c. chubb\application data\f-secure
2011-05-27 16:19:11 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-05-27 16:18:28 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2011-05-27 16:17:15 -------- d-----w- c:\program files\CenturyLink Online Security
2011-05-27 16:16:22 -------- d-----w- c:\documents and settings\all users\application data\fssg
2011-05-27 16:15:49 -------- d-----w- c:\documents and settings\all users\application data\f-secure
2011-05-25 23:02:16 -------- d-----w- c:\documents and settings\mark c. chubb\application data\Malwarebytes
2011-05-25 23:02:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 23:02:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-25 23:01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 21:12:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-25 21:12:15 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-22 23:14:11 -------- d-----w- c:\documents and settings\mark c. chubb\.eoos
2011-05-22 23:14:11 -------- d-----w- c:\documents and settings\all users\.t2web
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 15:23:13.62 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/1/2003 1:57:37 PM
System Uptime: 6/17/2011 11:36:02 AM (4 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2193/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 11.328 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1 CAF2B&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1 CAF2B&0&48F0
Service: bcm4sbxp
.
==== System Restore Points ===================
.
RP739: 5/2/2011 8:41:55 AM - System Checkpoint
RP740: 5/3/2011 8:07:00 AM - Software Distribution Service 3.0
RP741: 5/4/2011 8:36:54 AM - Configured ALLDATA Repair
RP742: 5/5/2011 957 AM - System Checkpoint
RP743: 5/6/2011 8:38:11 AM - Software Distribution Service 3.0
RP744: 5/9/2011 10:46:12 AM - System Checkpoint
RP745: 5/10/2011 2:58:24 PM - Software Distribution Service 3.0
RP746: 5/11/2011 1:27:54 PM - Software Distribution Service 3.0
RP747: 5/13/2011 9:03:51 AM - System Checkpoint
RP748: 5/13/2011 4:17:34 PM - Software Distribution Service 3.0
RP749: 5/16/2011 10:38:42 AM - System Checkpoint
RP750: 5/17/2011 8:40:50 AM - Software Distribution Service 3.0
RP751: 5/18/2011 8:41:51 AM - System Checkpoint
RP752: 5/19/2011 8:50:18 AM - System Checkpoint
RP753: 5/20/2011 8:26:31 AM - Software Distribution Service 3.0
RP754: 5/22/2011 4:33:35 PM - System Checkpoint
RP755: 5/24/2011 9:34:34 AM - System Checkpoint
RP756: 5/24/2011 349 PM - Software Distribution Service 3.0
RP757: 5/25/2011 4:10:54 PM - Restore Operation
RP758: 5/25/2011 7:04:50 PM - Software Distribution Service 3.0
RP759: 5/27/2011 8:17:57 AM - Software Distribution Service 3.0
RP760: 5/27/2011 11:17:13 AM - psc 9.01 build 105 Installation
RP761: 5/27/2011 2:25:14 PM - Windows Defender Checkpoint
RP762: 5/29/2011 4:47:20 PM - Removed IObit Toolbar v4.3.
RP763: 5/29/2011 4:50:18 PM - Removed Bonjour
RP764: 5/31/2011 8:04:59 AM - Software Distribution Service 3.0
RP765: 6/1/2011 10:40:03 AM - System Checkpoint
RP766: 6/3/2011 8:19:25 AM - Software Distribution Service 3.0
RP767: 6/6/2011 10:18:30 AM - System Checkpoint
RP768: 6/7/2011 7:52:42 AM - Software Distribution Service 3.0
RP769: 6/7/2011 7:55:49 AM - Removed Windows Defender
RP770: 6/7/2011 8:03:49 AM - Software Distribution Service 3.0
RP771: 6/8/2011 9:01:32 AM - System Checkpoint
RP772: 6/9/2011 8:28:12 AM - Restore Operation
RP773: 6/10/2011 9:24:50 AM - System Checkpoint
RP774: 6/13/2011 10:59:12 AM - System Checkpoint
RP775: 6/14/2011 5:36:53 PM - System Checkpoint
RP776: 6/15/2011 4:38:26 PM - Software Distribution Service 3.0
RP777: 6/17/2011 10:25:38 AM - System Checkpoint
RP778: 6/17/2011 10:49:05 AM - Removed Apple Mobile Device Support
RP779: 6/17/2011 10:51:14 AM - Removed Apple Application Support
RP780: 6/17/2011 11:02:24 AM - IObit Uninstaller RestorePoint
RP781: 6/17/2011 11:03:00 AM - Removed FNC 11 Installer.
RP782: 6/17/2011 11:07:21 AM - IObit Uninstaller RestorePoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
ALLDATA Manage
ALLDATA Repair
Apple Software Update
Banctec Service Agreement
Broadcom Management Programs
CCleaner
CenturyLink™ Online Security
Conexant SmartHSFi V92 56K DF PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Solution Center
Diagnostic Manuals
Easy CD Creator 5 Basic
F-Secure PSC Prerequisites
Fast-Track® Reference Viewer 2.1.0.0
ffdshow (remove only)
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 24
LightScribe System Software
LightScribe Template Designs - Music Pack 1
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mouse Setting Software 4.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD
QuickTime
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ServiceCenter
Shockwave
ShopStream Connect
Small Block Engine Assembly
Superchips Easy Update
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Win32 BI Application
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Snap-on Diagnostics (usbser) Ports (03/09/2008 5.1.2600.5512)
Windows Driver Package - Superchips, Inc. USB CDM Driver Package (11/12/2009 2.06.00)
Windows Driver Package - Superchips, Inc. USB Programmer Drivers (11/12/2009 2.06.00)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Zoom ADSL Modem
.
==== Event Viewer Messages From Past Week ========
.
6/14/2011 8:20:15 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow the name to be claimed by this machine.
6/14/2011 8:20:01 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
6/14/2011 3:13:54 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
6/14/2011 3:12:29 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
6/14/2011 3:03:20 PM, error: Service Control Manager [7000] - The Plug and Play Device Manager service failed to start due to the following error: The system cannot find the file specified.
6/14/2011 12:59:05 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/14/2011 12:54:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/14/2011 12:54:46 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/14/2011 12:54:11 PM, error: Service Control Manager [7034] - The HASP License Manager service terminated unexpectedly. It has done this 1 time(s).
6/10/2011 12:58:05 PM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
6/10/2011 1202 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

2011/06/19 17:39:14.0500 3592 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/19 17:39:16.0578 3592 ================================================== ==============================
2011/06/19 17:39:16.0578 3592 SystemInfo:
2011/06/19 17:39:16.0578 3592
2011/06/19 17:39:16.0578 3592 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/19 17:39:16.0578 3592 Product type: Workstation
2011/06/19 17:39:16.0578 3592 ComputerName: SHOP2
2011/06/19 17:39:16.0578 3592 UserName: Mark C. Chubb
2011/06/19 17:39:16.0578 3592 Windows directory: C:\WINDOWS
2011/06/19 17:39:16.0578 3592 System windows directory: C:\WINDOWS
2011/06/19 17:39:16.0578 3592 Processor architecture: Intel x86
2011/06/19 17:39:16.0578 3592 Number of processors: 1
2011/06/19 17:39:16.0578 3592 Page size: 0x1000
2011/06/19 17:39:16.0578 3592 Boot type: Normal boot
2011/06/19 17:39:16.0578 3592 ================================================== ==============================
2011/06/19 17:39:22.0968 3592 Initialize success
2011/06/19 17:39:30.0375 0524 ================================================== ==============================
2011/06/19 17:39:30.0375 0524 Scan started
2011/06/19 17:39:30.0375 0524 Mode: Manual;
2011/06/19 17:39:30.0375 0524 ================================================== ==============================
2011/06/19 17:39:37.0093 0524 $sys$cor (8c9e54f722b08148fed49fbd3edd615b) C:\WINDOWS\system32\Drivers\$sys$cor.sys
2011/06/19 17:41:16.0546 0524 $sys$crater (c1b7c9c5d7c63d554adb831fa6892c25) C:\WINDOWS\System32\$sys$filesystem\crater.sys
2011/06/19 17:41:19.0406 0524 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/06/19 17:41:20.0671 0524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/19 17:41:21.0546 0524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/19 17:41:22.0250 0524 ACRUSBTM (45b952a3ed567264acff89e46f65331d) C:\WINDOWS\system32\drivers\ACRUSBTM.SYS
2011/06/19 17:41:24.0062 0524 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/06/19 17:41:25.0734 0524 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/19 17:41:27.0390 0524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/19 17:41:28.0484 0524 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/19 17:41:29.0562 0524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/06/19 17:41:30.0421 0524 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/06/19 17:41:31.0140 0524 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/06/19 17:41:31.0687 0524 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/06/19 17:41:32.0750 0524 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/06/19 17:41:33.0875 0524 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
2011/06/19 17:41:35.0546 0524 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/06/19 17:41:36.0578 0524 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/06/19 17:41:38.0062 0524 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/06/19 17:41:40.0390 0524 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/06/19 17:41:42.0656 0524 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/06/19 17:41:44.0328 0524 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/06/19 17:41:49.0578 0524 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/06/19 17:41:51.0171 0524 Aspi32 (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/06/19 17:41:53.0109 0524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/19 17:41:54.0015 0524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/19 17:41:56.0484 0524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/19 17:41:57.0765 0524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/19 17:42:00.0531 0524 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/19 17:42:03.0031 0524 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/06/19 17:42:04.0828 0524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/19 17:42:06.0671 0524 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/06/19 17:42:08.0937 0524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/19 17:42:11.0171 0524 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/06/19 17:42:12.0531 0524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/19 17:42:14.0640 0524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/19 17:42:16.0046 0524 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/06/19 17:42:17.0703 0524 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/06/19 17:42:18.0953 0524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/19 17:42:20.0765 0524 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/06/19 17:42:22.0203 0524 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/06/19 17:42:23.0406 0524 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/06/19 17:42:24.0203 0524 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/06/19 17:42:24.0640 0524 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/06/19 17:42:26.0078 0524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/19 17:42:27.0218 0524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/19 17:42:28.0562 0524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/19 17:42:29.0468 0524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/19 17:42:30.0343 0524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/19 17:42:30.0906 0524 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/06/19 17:42:31.0687 0524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/19 17:42:32.0171 0524 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/06/19 17:42:33.0703 0524 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/19 17:42:34.0781 0524 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files\CenturyLink Online Security\Anti-Virus\Win2K\FSfilter.sys
2011/06/19 17:42:35.0781 0524 F-Secure Gatekeeper (b944feed1e1720da72f82695b0afb078) C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
2011/06/19 17:42:36.0187 0524 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
2011/06/19 17:42:37.0093 0524 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files\CenturyLink Online Security\Anti-Virus\Win2K\FSrec.sys
2011/06/19 17:42:39.0031 0524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/19 17:42:40.0265 0524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/19 17:42:41.0718 0524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/19 17:42:43.0390 0524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/19 17:42:44.0750 0524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/19 17:42:46.0640 0524 fsbts (0e3e5d0486c4e2128b9f0e1c2fd410c4) C:\WINDOWS\system32\Drivers\fsbts.sys
2011/06/19 17:42:48.0437 0524 FSFW (aca3910a53a057b8c3a6ebf4ef788c7c) C:\WINDOWS\system32\drivers\fsdfw.sys
2011/06/19 17:42:50.0046 0524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/19 17:42:51.0578 0524 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/06/19 17:42:53.0453 0524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/19 17:42:55.0562 0524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/19 17:42:58.0015 0524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/19 17:43:00.0203 0524 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/06/19 17:43:03.0531 0524 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
2011/06/19 17:43:06.0671 0524 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2011/06/19 17:43:09.0203 0524 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/19 17:43:11.0140 0524 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/06/19 17:43:13.0515 0524 HSFHWBS2 (5bb6ce6c3fac28d4ef5c147e02c19e0b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/06/19 17:43:16.0265 0524 HSF_DP (842b23035f8f68e79675efb436b6aa94) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/19 17:43:19.0828 0524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/19 17:43:22.0328 0524 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/19 17:43:24.0671 0524 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/06/19 17:43:27.0218 0524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/19 17:43:28.0718 0524 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/06/19 17:43:30.0578 0524 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/06/19 17:43:32.0765 0524 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/06/19 17:43:35.0484 0524 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/06/19 17:43:37.0125 0524 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/06/19 17:43:39.0000 0524 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/06/19 17:43:40.0703 0524 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/06/19 17:43:42.0531 0524 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/06/19 17:43:45.0468 0524 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/06/19 17:43:46.0734 0524 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/06/19 17:43:48.0125 0524 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/19 17:43:49.0718 0524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/19 17:43:51.0515 0524 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/06/19 17:43:53.0406 0524 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/06/19 17:43:54.0500 0524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/19 17:43:56.0218 0524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/19 17:43:57.0468 0524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/19 17:43:58.0187 0524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/19 17:43:58.0734 0524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/19 17:43:59.0609 0524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/19 17:44:00.0812 0524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/19 17:44:01.0750 0524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/19 17:44:02.0687 0524 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/19 17:44:04.0109 0524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/19 17:44:05.0062 0524 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
2011/06/19 17:44:06.0234 0524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/19 17:44:08.0781 0524 mdmxsdk (aeb54ef22cb7c7e3f405f69f048d696c) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/19 17:44:10.0843 0524 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/06/19 17:44:13.0171 0524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/19 17:44:15.0328 0524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/19 17:44:18.0203 0524 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/06/19 17:44:20.0578 0524 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/06/19 17:44:22.0906 0524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/19 17:44:24.0906 0524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/19 17:44:27.0015 0524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/19 17:44:29.0796 0524 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/06/19 17:44:31.0343 0524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/19 17:44:32.0515 0524 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/19 17:44:33.0812 0524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/19 17:44:35.0906 0524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/19 17:44:37.0375 0524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/19 17:44:38.0421 0524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/19 17:44:39.0453 0524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/19 17:44:41.0375 0524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/19 17:44:44.0109 0524 MxlW2k (c6eee2261681396e36f3d8a003582c9e) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/06/19 17:44:47.0750 0524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/19 17:44:49.0953 0524 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/19 17:44:50.0546 0524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/19 17:44:51.0546 0524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/19 17:44:52.0312 0524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/19 17:44:53.0093 0524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/19 17:44:53.0843 0524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/19 17:44:55.0203 0524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/19 17:44:56.0437 0524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/19 17:44:57.0468 0524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/19 17:45:00.0562 0524 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/19 17:45:02.0843 0524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/19 17:45:03.0593 0524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/19 17:45:04.0625 0524 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/06/19 17:45:06.0390 0524 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/06/19 17:45:08.0078 0524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/19 17:45:10.0203 0524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/19 17:45:10.0984 0524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/19 17:45:11.0812 0524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/19 17:45:14.0093 0524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/19 17:45:15.0687 0524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/19 17:45:20.0453 0524 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/06/19 17:45:22.0109 0524 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/06/19 17:45:24.0281 0524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/19 17:45:26.0562 0524 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/19 17:45:32.0281 0524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/19 17:45:35.0453 0524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/19 17:45:37.0203 0524 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/06/19 17:45:53.0093 0524 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/06/19 17:46:03.0140 0524 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/06/19 17:46:12.0953 0524 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/06/19 17:46:25.0765 0524 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/06/19 17:46:37.0140 0524 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/06/19 17:46:38.0828 0524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/19 17:46:40.0625 0524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/19 17:46:50.0281 0524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/19 17:47:04.0843 0524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/19 17:47:24.0375 0524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/19 17:47:32.0375 0524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/19 17:47:33.0312 0524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/19 17:47:35.0578 0524 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/19 17:47:38.0531 0524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/19 17:47:41.0140 0524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/19 17:47:43.0796 0524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/19 17:47:45.0015 0524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/19 17:47:46.0031 0524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/19 17:47:47.0062 0524 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/06/19 17:47:47.0968 0524 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/19 17:47:49.0359 0524 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/06/19 17:47:51.0218 0524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/19 17:47:52.0812 0524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/19 17:47:55.0234 0524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/19 17:47:57.0156 0524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/19 17:47:59.0046 0524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/19 17:48:00.0468 0524 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/06/19 17:48:01.0468 0524 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/06/19 17:48:02.0718 0524 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/06/19 17:48:03.0796 0524 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/06/19 17:48:04.0781 0524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/19 17:48:06.0859 0524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/19 17:48:09.0171 0524 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/06/19 17:48:10.0218 0524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/19 17:48:12.0500 0524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/19 17:48:13.0609 0524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/19 17:48:14.0937 0524 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/06/19 17:48:16.0093 0524 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/06/19 17:48:17.0125 0524 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/06/19 17:48:21.0781 0524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/19 17:48:23.0515 0524 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/06/19 17:48:24.0875 0524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/19 17:48:28.0890 0524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/19 17:48:30.0593 0524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/19 17:48:31.0750 0524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/19 17:48:33.0359 0524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/19 17:48:36.0015 0524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/19 17:48:37.0828 0524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/19 17:48:38.0968 0524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/19 17:48:40.0328 0524 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/06/19 17:48:41.0578 0524 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/06/19 17:48:43.0000 0524 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/19 17:48:43.0078 0524 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/19 17:48:43.0109 0524 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/19 17:48:44.0765 0524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/19 17:48:46.0000 0524 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/19 17:48:49.0546 0524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/19 17:48:52.0031 0524 winachsf (bcdcc21314add47e26f1dfa1605e11c9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/19 17:48:55.0421 0524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/19 17:48:56.0531 0524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/19 17:48:58.0406 0524 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/19 17:49:00.0500 0524 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/19 17:49:00.0859 0524 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/19 17:49:25.0171 0524 ================================================== ==============================
2011/06/19 17:49:25.0171 0524 Scan finished
2011/06/19 17:49:25.0171 0524 ================================================== ==============================
2011/06/19 17:49:25.0234 2640 Detected object count: 1
2011/06/19 17:49:25.0234 2640 Actual detected object count: 1
2011/06/19 18:04:42.0984 2640 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/19 18:04:42.0984 2640 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/19 18:04:43.0765 2640 Backup copy found, using it..
2011/06/19 18:04:43.0812 2640 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/19 18:04:43.0812 2640 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/19 18:05:12.0609 1716 Deinitialize success