Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some virus removed but all downloads now stop


  • This topic is locked This topic is locked
12 replies to this topic

#1 oah

oah

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 06 February 2009 - 09:53 PM

About 3 or 4 weeks ago I had a virus that redirected IE7 every time I opened it.

I ran VET, adaware and spybot and they removed the virus, or so I thought. Ever since then whenever I try to download a file or watch an online video (such as youtube or any other site containing a video/audio file) the process stops and will not recommense.

Unfortunately I do not know the name of the virus.

Following is the DDS file:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Dad at 8:47:29.75 on Sat 07/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.2046.1244 [GMT 10:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\vds.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dad\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://afl.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [PCDrSmartMonitor] "c:\program files\pc-doctor 5 for windows\PcdSmartMonitor.exe" -r
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dad\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-au.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {F501BD15-34C2-4308-85E5-07BE810A8E81} = 192.168.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

============= SERVICES / DRIVERS ===============

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\dvdplay\000.fcl [2007-8-31 39408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-5-12 809296]
R3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2007-4-12 34136]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\nitropdf5\bepldr.exe [2007-11-15 151552]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05020000};PCD5SRVC{BD6912E3-AC9D80E8-05020000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-5-16 25632]

=============== Created Last 30 ================

2009-02-06 16:39 197 a------- c:\windows\ODBCINST.INI
2009-02-06 16:21 <DIR> --d----- c:\users\dad\appdata\roaming\ErrorFix
2009-02-06 16:20 <DIR> --d----- c:\program files\ErrorFix
2009-02-06 16:19 <DIR> --d----- c:\program files\Downloaded Installers
2009-02-05 19:35 <DIR> --d----- c:\windows\LastGood.Tmp
2009-02-02 17:48 <DIR> --d----- c:\users\dad\Scanned Docs
2009-02-01 14:03 <DIR> --d----- c:\users\dad\appdata\roaming\TomTom
2009-02-01 14:02 <DIR> --d----- c:\program files\TomTom HOME 2
2009-02-01 13:53 <DIR> --d----- c:\programdata\TomTom
2009-02-01 13:53 <DIR> --d----- c:\progra~2\TomTom
2009-01-31 09:34 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-01-16 21:10 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-11 18:25 <DIR> --d----- c:\program files\NCH Software
2009-01-11 18:09 <DIR> --dshr-- C:\resycled
2009-01-11 10:03 <DIR> --d----- c:\users\dad\appdata\roaming\NCH Software
2009-01-11 10:02 <DIR> --d----- c:\programdata\NCH Software

==================== Find3M ====================

2008-12-19 15:53 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-12-19 15:53 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-19 15:53 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-12-19 15:53 51,200 a------- c:\windows\inf\infpub.dat
2008-12-19 14:42 278,984 a------- c:\windows\system32\drivers\atksgt.sys
2008-12-19 14:42 25,416 a------- c:\windows\system32\drivers\lirsgt.sys
2008-12-19 14:39 86,016 a------- c:\windows\inf\infstor.dat
2008-12-19 14:29 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-19 08:26 410,984 a------- c:\windows\system32\deploytk.dll
2008-06-15 13:18 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-12 21:09 174 a--sh--- c:\program files\desktop.ini
2008-05-12 16:46 56 a---h--- c:\programdata\ezsidmv.dat
2008-05-12 16:46 56 a---h--- c:\progra~2\ezsidmv.dat
2006-11-02 22:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:48:10.25 ===============

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 14 February 2009 - 08:14 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log
  • GMER Scan log
  • What Problems do you still have?

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 oah

oah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 15 February 2009 - 01:28 AM

Realise you guys are busy so no problems.

However my problems continue and seem to be deteriorating.

extra.txt would not run from OTViewIt. Got this error message: Access violation at address 774D5973 in module 'ntdll.dll'. Redownloaded and tried 4 times. Same message each time.

Could not run Kapersky because of my downloads expiring during the update process. Tried in ie7 and opera and same problem.

gmer would not run. Error message saying it had stopped working.

Now host process for windows services has closed. Prevented from running by data execution process. This in turn stops a number of services such as backup, restore, network monitoring to name a few.

Also checked the antivirus log and noticed Vipordno worm being detected and deleted all the time.

All I can post for you is the OTViewIt.txt:

OTViewIt logfile created on: 15/02/2009 3:29:26 PM - Run 7
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Dad\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.26% Memory free
4.00 Gb Paging File | 2.90 Gb Available in Paging File | 72.39% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457.65 Gb Total Space | 327.98 Gb Free Space | 71.67% Space Free | Partition Type: NTFS
Drive D: | 8.11 Gb Total Space | 1.09 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 74.52 Gb Total Space | 4.23 Gb Free Space | 5.68% Space Free | Partition Type: NTFS

Computer Name: DAD-PC
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/19 17:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininit.exe
[2008/01/19 17:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsm.exe
[2008/01/19 17:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SLsvc.exe
[2008/01/19 17:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwm.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/01/19 17:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskeng.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/30 15:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
[2007/07/26 08:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/05/17 14:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
[2008/08/30 15:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
[2008/05/27 15:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchIndexer.exe
[2008/01/19 17:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFHost.exe
[2008/08/14 13:39:56 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
[2008/01/19 17:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe
[2008/01/19 17:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2007/04/19 01:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
[2007/02/15 21:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
[2008/01/15 11:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
[2008/01/19 17:33:27 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
[2008/02/01 15:38:48 | 00,210,208 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
[2006/11/02 19:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
[2009/01/24 08:29:58 | 00,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
[2008/08/30 15:14:36 | 00,234,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
[2006/11/02 19:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
[2007/09/14 02:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[2007/06/13 10:39:12 | 00,073,728 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
[2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/01/19 17:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2007/01/15 16:14:54 | 00,147,456 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2009/01/24 08:29:58 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
[2008/01/19 17:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2008/01/19 17:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2007/01/15 16:13:50 | 01,208,320 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2008/01/19 17:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
[2007/05/17 02:56:44 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2009/01/27 13:10:06 | 00,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
[2008/01/19 17:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskeng.exe
[2008/01/19 17:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
[2008/01/19 17:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2009/01/24 08:29:58 | 00,210,160 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
[2009/02/15 15:08:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/02/15 15:08:02 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaws.exe
[2009/02/15 15:08:02 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
[2008/01/19 17:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/05/27 15:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchProtocolHost.exe
[2008/05/27 15:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchFilterHost.exe
[2009/02/15 15:29:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/05/12 19:52:04 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/11/15 18:05:24 | 00,151,552 | ---- | M] () -- C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe -- (bepldr [On_Demand | Stopped])
[2009/01/24 08:29:58 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
[2008/08/30 15:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/28 04:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/19 17:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/19 17:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/19 17:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 22:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/06/20 11:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/05/12 13:59:44 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])
[2004/10/22 20:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/07/26 08:50:26 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2007/05/17 14:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
[2009/02/10 13:55:13 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2007/01/15 17:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008/06/20 11:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/01/15 16:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/05/12 04:15:20 | 00,887,544 | ---- | M] (Sonic Solutions) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2008/08/14 13:39:56 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
[2008/01/19 17:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/01/19 17:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 19:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/05/04 06:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/01/19 17:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/01/19 17:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/08/30 15:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT [Auto | Running])
[2008/01/19 17:33:35 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbengine.exe -- (wbengine [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008/01/19 17:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/27 15:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/11/02 19:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 19:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 19:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 19:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 19:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 19:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 19:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 18:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/19 15:27:20 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/02 19:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 19:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/12/29 22:57:56 | 00,952,832 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athr.sys -- (athr [On_Demand | Running])
[2008/12/19 14:42:38 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/01/19 15:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 18:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 18:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 18:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 18:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 18:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 18:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 18:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 18:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/19 17:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 19:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 19:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 18:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/19 15:28:57 | 00,350,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\csc.sys -- (CSC [System | Running])
[2008/01/19 15:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/02 11:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 17:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 17:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 19:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\WINDOWS\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/19 15:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/19 17:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/19 15:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/19 17:42:12 | 00,145,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fvevol.sys -- (fvevol [Boot | Running])
[2006/11/02 19:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[2006/11/02 17:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/19 14:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 18:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 18:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 19:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 19:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 19:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\WINDOWS\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2009/01/06 11:07:10 | 02,261,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 18:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/19 17:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 19:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 19:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 18:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/12/19 14:42:38 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2008/01/19 15:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 19:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 19:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 19:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 15:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 19:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\WINDOWS\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/05/12 14:20:26 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 19:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/19 15:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 19:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\WINDOWS\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/27 11:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/19 15:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 19:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 19:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2007/04/12 14:46:36 | 00,034,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nx6000.sys -- (MSHUSBVideo [On_Demand | Running])
[2008/01/19 17:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/19 17:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/20 12:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 19:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/19 15:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 17:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\WINDOWS\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/05/04 04:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
[2008/01/10 19:57:00 | 08,237,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 19:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 19:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2007/10/26 11:51:24 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
[2006/11/02 19:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2007/05/16 10:47:46 | 00,025,632 | ---- | M] (PC-Doctor, Inc.) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05020000} [On_Demand | Stopped])
[2006/11/02 19:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2005/12/13 03:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2008/04/05 11:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/06/20 20:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 19:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 19:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/19 15:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/19 15:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/19 16:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/19 15:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 19:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 16:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 15:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2007/08/31 06:59:57 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2007/08/31 06:59:57 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2007/08/31 06:59:57 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 19:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 19:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 19:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\WINDOWS\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/19 15:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/19 17:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/12/19 14:29:07 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/01/19 15:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/19 15:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2005/08/17 07:45:00 | 00,058,352 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
[2005/08/17 07:46:20 | 00,008,272 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
[2005/08/17 07:46:26 | 00,093,872 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
[2008/07/16 12:35:46 | 00,005,632 | ---- | M] () -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2008/01/19 16:14:10 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serscan.sys -- (StillCam [On_Demand | Stopped])
[2006/11/02 19:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 19:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 19:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/19 15:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/19 15:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/19 16:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/19 15:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/19 15:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 19:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 19:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 19:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 19:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/19 15:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/01/19 15:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2006/11/02 18:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/19 15:53:38 | 00,134,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2008/01/19 15:56:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
[2008/08/30 15:14:36 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\Windows\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
[2008/08/30 15:14:34 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\Windows\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
[2008/09/28 16:39:31 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\Windows\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
[2008/09/28 16:39:31 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\Windows\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
[2008/08/30 15:14:28 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\Windows\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
[2008/08/30 15:14:34 | 00,032,240 | ---- | M] (Computer Associates International, Inc.) -- C:\Windows\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2006/11/02 18:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 18:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 19:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 17:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/19 17:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 19:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\WINDOWS\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 18:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 19:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/19 17:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 18:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/19 15:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2007/12/18 13:18:52 | 00,039,408 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\HP\DVDPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263} [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://afl.com.au/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1448467986-2396672750-2236022206-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://afl.com.au/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-1448467986-2396672750-2236022206-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1448467986-2396672750-2236022206-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1448467986-2396672750-2236022206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1448467986-2396672750-2236022206-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"hpsysdrv"=c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KBD"=C:\HP\KBD\KbdStub.EXE ()
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"Nitro PDF Printer Monitor"="C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" ()
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" (OsdMaestro)
"PCDrSmartMonitor"="C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r (PC-Doctor, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" (Sun Microsystems, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1448467986-2396672750-2236022206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoSharedDocuments"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0
"EnableLUA"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"ClearRecentDocsOnExit"=0
"NoThumbnailCache"=0
"NoSaveSettings"=0

[HKEY_USERS\S-1-5-21-1448467986-2396672750-2236022206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"ClearRecentDocsOnExit"=0
"NoThumbnailCache"=0
"NoSaveSettings"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1448467986-2396672750-2236022206-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/04/30 17:17:34 | 01,372,160 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{149E45D8-163E-4189-86FC-45022AB2B6C9}: file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx -- SpinTop DRM Control
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w3/pr01/resou...NPUplden-au.cab -- MSN Photo Upload Tool
{6F15128C-E66A-490C-B848-5000B5ABEEAC}: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab -- HP Download Manager
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab -- Java Plug-in 1.6.0_12
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
{CC450D71-CC90-424C-8638-1F2DBAC87A54}: file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx -- ArmHelper Control
{D0C0F75C-683A-4390-A791-1ACFD5599AB8}: http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab -- Oberon Flash Game Host
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{08EE16BA-EC04-467E-BA51-33EEA5D57A48} (Servers: | Description: D-Link USB Remote NDIS Network Device)
{23B8DFFC-D041-4F89-B628-8BF7698EB8BB} (Servers: | Description: NVIDIA nForce Networking Controller)
{F501BD15-34C2-4308-85E5-07BE810A8E81} (Servers: 192.168.2.1,4.2.2.2 | Description: HP 802.11b/g Wireless Network Adapter)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}" (HKLM) = Windows DreamScene -- C:\WINDOWS\System32\DreamScene.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
WgaTray.exe:"Debugger" = C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 17:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 17:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2007/08/31 06:42:50 | 00,000,074 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61d445ca-ef42-11dd-bdb6-001bb9bf127c}\Shell\AutoRun\command]
""=M:\InstallTomTomHOME.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e7582a-d47d-11dd-8441-001bb9bf127c}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e7582a-d47d-11dd-8441-001bb9bf127c}\Shell\AutoRun\command]
""=M:\MonopolyPBInstall.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/02/15 15:18:24 | 00,490,698 | ---- | C] () -- C:\Users\Dad\Desktop\gmer.zip
[2009/02/15 14:42:54 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTViewIt.exe
[2009/02/15 13:37:08 | 00,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2009/02/15 13:36:16 | 00,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Download Manager
[2009/02/15 10:51:46 | 00,000,000 | ---D | C] -- C:\ProgramData\GroupPolicy
[2009/02/12 09:15:10 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/12 09:15:09 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/12 09:15:09 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/12 09:15:09 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/12 09:15:09 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/12 09:15:08 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/12 09:15:08 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/12 09:15:08 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/12 09:15:08 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/10 21:43:23 | 00,678,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2009/02/10 21:39:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/02/10 21:31:13 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/02/10 21:31:13 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/02/10 21:31:13 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/02/10 21:31:13 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/02/10 21:31:13 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/02/10 21:31:13 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/02/10 21:31:12 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/02/10 21:31:11 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/02/10 21:24:57 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/02/10 21:24:54 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/02/10 21:24:52 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/02/10 21:24:35 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/02/10 21:24:31 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/02/10 19:40:38 | 00,000,000 | ---D | C] -- C:\Program Files\ErrorFix
[2009/02/10 15:35:34 | 03,996,236 | -H-- | C] () -- C:\Users\Dad\AppData\Local\IconCache.db
[2009/02/10 13:56:12 | 21,458,86208 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/07 08:32:08 | 00,368,961 | ---- | C] () -- C:\Users\Dad\Desktop\dds.scr
[2009/02/06 16:39:29 | 00,000,197 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/02/06 16:21:11 | 00,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\ErrorFix
[2009/02/06 10:01:20 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/01 14:03:02 | 00,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\TomTom
[2009/02/01 14:03:02 | 00,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\TomTom
[2009/02/01 14:02:44 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2009/02/01 13:53:37 | 00,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2009/01/31 09:34:37 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/01/16 21:10:14 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\System32\*.tmp files]
[2009/02/15 15:29:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTViewIt.exe
[2009/02/15 15:18:38 | 00,490,698 | ---- | M] () -- C:\Users\Dad\Desktop\gmer.zip
[2009/02/15 15:16:44 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/15 15:16:44 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/15 13:37:08 | 00,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
[2009/02/15 12:55:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/15 11:21:30 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/15 11:21:30 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/15 11:21:30 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/15 11:16:52 | 00,000,431 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/02/15 11:16:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/15 11:16:13 | 21,458,86208 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/15 11:15:13 | 03,996,236 | -H-- | M] () -- C:\Users\Dad\AppData\Local\IconCache.db
[2009/02/15 11:08:26 | 00,106,592 | ---- | M] () -- C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/15 11:07:42 | 00,394,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/02/15 10:56:06 | 00,000,197 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2009/02/11 07:17:16 | 00,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/02/10 11:20:36 | 00,026,624 | ---- | M] () -- C:\Users\Dad\Desktop\Michelle.xls
[2009/02/07 08:32:15 | 00,368,961 | ---- | M] () -- C:\Users\Dad\Desktop\dds.scr
[2009/02/06 10:01:30 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/02/06 09:59:06 | 00,038,912 | ---- | M] (PC-Doctor, Inc.) -- C:\Windows\System32\pcdhdm.cpl
[2009/02/05 11:39:26 | 00,000,434 | ---- | M] () -- C:\Windows\MYOBP.INI
[2009/02/05 11:39:07 | 00,000,039 | ---- | M] () -- C:\Windows\MYOB.INI
[2009/02/04 09:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/02/03 15:25:34 | 00,072,704 | ---- | M] () -- C:\Users\Dad\Desktop\Shares.xls
[2009/01/31 16:23:34 | 00,041,984 | ---- | M] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 16:41:36 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
< End of report >

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 15 February 2009 - 09:15 AM

Hello.

Re-download GMER and run GMER in safe mode and see if it works.

If not, try renaming it to something else such as: random.com or chocolate.exe when saving it.

See if that works and post me the GMER log. Attach if too big.

Forget about the Online scan for now.

Also checked the antivirus log and noticed Vipordno worm being detected and deleted all the time.

Tell me the exact address and file name please.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 oah

oah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 15 February 2009 - 07:10 PM

Did as requested and still could not get the thing to run. Same error message. I called it bob and after the error message bob.dll appeared on the desktop. Also found out I cannot connect to the internet in safe mode.

The worm from the report:

C:\autorun.inf.vir is INF/Vipordno worm
Same for D and K drives

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 15 February 2009 - 07:15 PM

Hello.

Let's run Combofix and see if there's anything.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Those file name that your AV is detecting have been removed already, so you can safely remove it manually and see if it works:

C:\autorun.inf.vir

Post back with:
-Combofix log
-Hijackthis log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 oah

oah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 15 February 2009 - 08:41 PM

Tried to run combofix and got the blue screen of death!

"A problem has been detected and windows has been shutdown to prevent damage to your computer
IRQL_NOT_LESS_OR_EQUAL"

Technical info: STOP:0x0000000A (0x00000016, 0x0000001B, 0x0000000, 0x81E8E4BB)

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 16 February 2009 - 11:15 AM

Hello.

Please delete that autorun.inf.vir file you have anywhere on your computer. It has been already renamed to an extension that cannot be executed at the moment. Please delete it.

Then run flash-drive disinfector. Next run the following rootkit scan and followed by a new OTViewIT scan log please.

Download and Run Icesword Rookit Scan
  • Please download the latest version of Icesword from here and save it to your Desktop.
  • Right click on IceSword122en.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Once done, check the Show extracted files box and click Finish.
  • Create a new folder on your desktop (right click on desktop, select New > Folder), name it scanner.
  • Double click on Icesword.exe to run it. if Icesword don't run, then renamed it scanner.exe
Please click Win32 Services in the left column, look out for red colored entry in the services list on the right pane and take a note, and post the red services name in your next post.

P0st back with:
-Icesword R/K scan log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 oah

oah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 17 February 2009 - 03:26 PM

I've had major problems and eventually got my privelages back and was able to do a system restore (that took 2 hours to complete!). So I am now back to only my original problem of the virus and download timeouts. All other popus have now ceased.

I have also installed kaspersky and got rid of my old antivirus (vet).

I will start anddo a system scan with kaspersky and see if that achievs anything. Then I will follow your directions from the top and post the results.

Sorry for messing you around.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 17 February 2009 - 04:25 PM

Okay then...

Post the results when you are ready. And let me know if you have any problems after that.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 oah

oah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 18 February 2009 - 08:13 PM

Hi

New modem, removed vet, installed kaspersky, removed flash player, removed all versions of java, removed 2 viruses and now everything is better than ever.

Thought I would pass this on as it may help others.

Problem solved.

Thanks for your help.

Cheers

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 19 February 2009 - 04:28 PM

Okay.

Glad you resolved it. Below are some prevention tips :thumbup2:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Additional Security Programs

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 19 February 2009 - 04:32 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users