Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with total security virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 r4recycle

r4recycle

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 09 September 2009 - 06:19 PM

see attached Root Repeal and SRE results

I also got a message saying
"could not read the system registry, Please contact the author!"
and another saying
"unrecognized partition type 6 (0 x 6)!"

report below

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/09 07:22
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x90C7F000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90C74000 Size: 45056 File Visible: No Signed: -
Status: -

Name: HDAudBus
Image Path: \Driver\HDAudBus
Address: 0x92973000 Size: 73728 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: HSF_DPV
Image Path: \Driver\HSF_DPV
Address: 0x96A01000 Size: 1060864 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: IntcAzAudAddService
Image Path: \Driver\IntcAzAudAddService
Address: 0x9640D000 Size: 1648512 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: Modem
Image Path: \Driver\Modem
Address: 0x96BB8000 Size: 53248 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: Parameters
Image Path: ControlSet\Services\ACPI\Parameters
Address: 0x93364000 Size: 249856 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x90CDC000 Size: 49152 File Visible: No Signed: -
Status: -

Name: srv2
Image Path: \FileSystem\srv2
Address: 0x929D1000 Size: 159744 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: Tun Miniport Adapter

Image Path: Tun Miniport Adapter

Address: 0x933A1000 Size: 258048 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: win32k.sys:1
Image Path: C:\Windows\win32k.sys:1
Address: 0x90C91000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\Windows\win32k.sys:2
Address: 0x90C96000 Size: 61440 File Visible: No Signed: -
Status: -

Name: winachsf
Image Path: \Driver\winachsf
Address: 0x96B04000 Size: 737280 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: wpd_ci.mof
Image Path: m\wpd_ci.mof
Address: 0x929B9000 Size: 98304 File Visible: No Signed: -
Status: Hidden from the Windows API!

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

==EOF==

edited money manager to xxxxxxx


CODE
2009-09-09,23:35:07

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun> [(Verified)Microsoft Windows]
<????r><> [N/A]
<ehTray.exe><C:\Windows\ehome\ehTray.exe> [(Verified)Microsoft Windows]
<updateMgr><"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1> [File is missing]
<swg><"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"> [(Verified)Google Inc]
<Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows]
<Monopod><C:\Users\Rob\AppData\Local\Temp\b.exe> []
<userinit><C:\Users\Rob\AppData\Roaming\sdra64.exe> [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide> [(Verified)Microsoft Windows]
<RtHDVCpl><RtHDVCpl.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<eDataSecurity Loader><C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe> [(Verified)HiTRUST Inc.]
<Acer Tour><> [N/A]
<SetPanel><> [N/A]
<LManager><C:\PROGRA~1\LAUNCH~1\LManager.exe> [Dritek System Inc.]
<WarReg_PopUp><C:\Acer\WR_PopUp\WarReg_PopUp.exe> [Acer Inc.]
<eRecoveryService><> [N/A]
<PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup> [Nokia]
<GrooveMonitor><"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"> [(Verified)Microsoft Corporation]
<HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<Windows Mobile Device Center><%windir%\WindowsMobile\wmdc.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<atwtusb><atwtusb.exe beta> [N/A]
<NokiaMServer><C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles> [(Verified)NOKIA]
<IgfxTray><C:\Windows\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><C:\Windows\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Persistence><C:\Windows\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Google Quick Search Box><"C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun> [(Verified)Google Inc]
<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"> []
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<netc><C:\Windows\svc.exe> []
<odby><C:\Windows\odb.exe> []
<10418744><C:\ProgramData\10418744\10418744.exe> []
<vlc><C:\Windows\vlc.exe> []
<netx><C:\Windows\svx.exe> []
<wdmon><C:\Windows\wdmon.exe> []
<netw><C:\Windows\svw.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Malwarebytes' Anti-Malware><C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent> [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Windows]
<Userinit><C:\Windows\system32\userinit.exe> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WebCheck><C:\Windows\system32\webcheck.dll> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
<WinlogonNotify: avldr><avldr.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\Windows\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install> [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\Windows\Acer.scr> []

==================================
Startup Folders
[Empowering Technology Launcher]
<C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk --> C:\Acer\EMPOWE~1\EAPLAU~1.EXE [Acer Inc.]><N>
[HP Digital Imaging Monitor]
<C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[Nokia Nseries PC Suite]
<C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk --> C:\PROGRA~1\Nokia\NNPCS\RUNLAU~1.EXE []><N>
[Empowering Technology Launcher]
<C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk --> C:\Acer\EMPOWE~1\EAPLAU~1.EXE [Acer Inc.]><N>
[HP Digital Imaging Monitor]
<C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[Nokia Nseries PC Suite]
<C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk --> C:\PROGRA~1\Nokia\NNPCS\RUNLAU~1.EXE []><N>

==================================
Services
[Kaspersky Internet Security / AVP][Stopped/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r><N/A>
[##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Stopped/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[Symantec Lic NetConnect service / CLTNetCnService][Stopped/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><(File is missing)>
[eDataSecurity Service / eDataSecurity Service][Stopped/Auto Start]
<"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"><HiTRSUT>
[eLock Service / eLockService][Stopped/Auto Start]
<C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe><Acer Inc.>
[eNet Service / eNet Service][Stopped/Auto Start]
<C:\Acer\Empowering Technology\eNet\eNet Service.exe><Acer Inc.>
[eRecovery Service / eRecoveryService][Stopped/Auto Start]
<C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe><Acer Inc.>
[eSettings Service / eSettingsService][Stopped/Auto Start]
<C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe><>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Google Software Updater / gusvc][Stopped/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[hpqcxs08 / hpqcxs08][Stopped/Manual Start]
<C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>
[HP CUE DeviceDiscovery Service / hpqddsvc][Stopped/Auto Start]
<C:\Windows\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll><Hewlett-Packard Co.>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Auto Start]
<"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[MobilityService / MobilityService][Stopped/Auto Start]
<C:\Acer\Mobility Center\MobilityService.exe -p><N/A>
[Net Driver HPZ12 / Net Driver HPZ12][Stopped/Auto Start]
<C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZinw12.dll><Hewlett-Packard>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
<C:\Windows\System32\svchost.exe -k HPZ12-->C:\Windows\system32\HPZipm12.dll><Hewlett-Packard>
[Protexis Licensing V2 / PSI_SVC_2][Stopped/Auto Start]
<"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"><Protexis Inc.>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Stopped/Auto Start]
<"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"><>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[VJVodServices / vvdsvc][Stopped/Auto Start]
<C:\Windows\System32\svchost.exe -k vvdsvc-->C:\Windows\system32\Nagasoft\vjocx.dll><??????????>
[ePower Service / WMIService][Stopped/Auto Start]
<C:\Acer\Empowering Technology\ePower\ePowerSvc.exe><acer>
[XAudioService / XAudioService][Stopped/Auto Start]
<C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>

==================================
Drivers
[adp94xx / adp94xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
<\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[arc / arc][Stopped/Disabled]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
<\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[blbdrive / blbdrive][Stopped/Disabled]
<\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
<\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
<system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Dritek General Port I/O / DritekPortIO][Stopped/System Start]
<\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys><Dritek System Inc.>
[Intel® PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
<system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[EMSCR / EMSCR][Running/Manual Start]
<system32\DRIVERS\EMS7SK.sys><ENE Technology Inc.>
[ESDCR / ESDCR][Running/Manual Start]
<system32\DRIVERS\ESD7SK.sys><ENE Technology Inc.>
[ESMCR / ESMCR][Running/Manual Start]
<system32\DRIVERS\ESM7SK.sys><ENE Technology Inc.>
[FGUARD32 / FGUARD32][Stopped/Manual Start]
<\??\C:\Program Files\Folder Guard Pro\FGUARD32.SYS><WinAbility® Software Corporation>
[HpCISSs / HpCISSs][Stopped/Disabled]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSFHWAZL / HSFHWAZL][Stopped/Manual Start]
<system32\DRIVERS\VSTAZL3.SYS><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Stopped/Manual Start]
<system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Stopped/Manual Start]
<system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
<system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
<\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[igfx / igfx][Stopped/Manual Start]
<system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[int15 / int15][Stopped/Auto Start]
<\??\C:\Acer\Empowering Technology\eRecovery\int15.sys><N/A>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
<system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[kl1 / kl1][Stopped/System Start]
<system32\DRIVERS\kl1.sys><Kaspersky Lab>
[Kaspersky Lab Boot Guard Driver / klbg][Stopped/Boot Start]
<\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab KLFltDev / KLFLTDEV][Stopped/Manual Start]
<system32\DRIVERS\klfltdev.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Stopped/System Start]
<system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS 6 Filter / KLIM6][Stopped/System Start]
<system32\DRIVERS\klim6.sys><Kaspersky Lab>
[LSI_FC / LSI_FC][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Stopped/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
<\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[PANDA NDIS IM Filter Miniport / NETIMFLT][Stopped/Manual Start]
<system32\DRIVERS\netimflt.sys><N/A>
[Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit / NETw3v32][Stopped/Manual Start]
<system32\DRIVERS\NETw3v32.sys><Intel® Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
<system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
<system32\drivers\ccdcmbo.sys><Nokia>
[Upper Class Filter Driver / NTIDrvr][Running/Manual Start]
<system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
<\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvraid / nvraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
<system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
<system32\DRIVERS\nwlnkfwd.sys><N/A>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
<system32\DRIVERS\pccsmcfd.sys><Nokia>
[PSDFilter / PSDFilter][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\psdfilter.sys><HiTRUST>
[PSDNSERVER / PSDNServ][Running/Boot Start]
<\SystemRoot\system32\drivers\PSDNServ.sys><HiTRUST>
[psdvdisk / psdvdisk][Running/Boot Start]
<\SystemRoot\system32\drivers\psdvdisk.sys><HiTRUST>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
<system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
<system32\DRIVERS\UIUSYS.SYS><N/A>
[uliahci / uliahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[upperdev / upperdev][Stopped/Manual Start]
<system32\DRIVERS\usbser_lowerflt.sys><Windows ® Codename Longhorn DDK provider>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
<system32\DRIVERS\usbser_lowerfltj.sys><Windows ® Codename Longhorn DDK provider>
[viaide / viaide][Stopped/Disabled]
<\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[winachsf / winachsf][Stopped/Manual Start]
<system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Stopped/Auto Start]
<system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[Freecorder Toolbar]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} <C:\Program Files\Freecorder\tbFree.dll, (Signed) Conduit Ltd.>
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[RealPlayer Download and Record Plugin for Internet Explorer]
{3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[]
{5C255C8A-E604-49b4-9D64-90988571CECB} <, >
[Groove GFS Browser Helper]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[ShowBarObj Class]
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} <C:\Windows\system32\ActiveToolBand.dll, HiTRUST>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll, (Signed) Google Inc.>
[Google Dictionary Compression sdch]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll, (Signed) Google Inc.>
[Java™ Plug-In 2 SSV Helper]
{DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[Web traffic protection statistics]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll, (Signed) Kaspersky Lab>
[Send to OneNote from Internet Explorer button]
{2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\Windows\WindowsMobile\INetRepl.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\Windows\WindowsMobile\INetRepl.dll, (Signed) Microsoft Corporation>
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Acer eDataSecurity Management]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} <C:\Windows\system32\eDStoolbar.dll, HiTRUST>
[Freecorder Toolbar]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} <C:\Program Files\Freecorder\tbFree.dll, (Signed) Conduit Ltd.>
[Google Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[Facebook Photo Uploader 5 Control]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\Windows\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\Windows\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[Snapfish Activia]
{406B5949-7190-4245-91A9-30A17DE16AD0} <C:\Windows\Downloaded Program Files\SnapfishActivia1000.ocx, Snapfish>
[UploadListView Class]
{474F00F5-3853-492C-AC3A-476512BBC336} <C:\Windows\Downloaded Program Files\UploaderX.dll, (Signed) >
[MySpace Uploader Control]
{48DD0448-9209-4F81-9F6D-D83562940134} <C:\Windows\Downloaded Program Files\MySpaceUploader.ocx, MySpace, Inc.>
[Egg Money Manager Digital Safe]
{4E62C4DE-627D-4604-B157-4B7D6B09F02E} <C:\Windows\Downloaded Program Files\accounttracking.dll, (Signed) eWise Systems Pty Ltd>
[System Requirements Lab Class]
{5727FF4C-EF4E-4d96-A96C-03AD91910448} <C:\Windows\Downloaded Program Files\sysreqlab_ind.dll, (Signed) Husdawg, LLC>
[Java Plug-in 1.6.0_12]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[JamShellLinkX Control]
{A8B02DCA-7648-46D6-95A8-B84EC80CA49D} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[Java Plug-in 1.5.0_12]
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_12]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_12]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_12.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, >
[]
{00000000-0000-0000-0000-000000000000} <, >
[Microsoft Outlook 8.0 Object Library]
{0006F033-0000-0000-C000-000000000046} <, >
[Microsoft Office Outlook]
{0006F03A-0000-0000-C000-000000000046} <, >
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[]
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} <, >
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[Microsoft Office Template and Media Control]
{02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\PROGRA~1\MIC273~1\WEB2~1\Office12\IEAWSDC.DLL, (Signed) >
[]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <, >
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[PhotoboxPhotowaysUploader5 Control]
{0972B098-DEE9-4279-AC7E-4BAAA029102D} <C:\Windows\Downloaded Program Files\ImageUploader5.ocx, (Signed) PhotoBox Photoways>
[Facebook Photo Uploader 5 Control]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\Windows\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[Freecorder Toolbar]
{1392B8D2-5C05-419F-A8F6-B9F15A596612} <C:\Program Files\Freecorder\tbFree.dll, (Signed) Conduit Ltd.>
[]
{166B1BCA-3F9C-11CF-8075-444553540000} <, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\Windows\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\Windows\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
{19EFFC12-25FB-479A-A0F2-1569AE1B3365} <, >
[]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} <, >
[]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Google Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
{2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[]
{304171C0-65EA-4B51-B5D9-93A311E26EB1} <, >
[RealPlayer Download and Record Plugin for Internet Explorer]
{3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\Windows\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\Windows\system32\tdc.ocx, (Signed) Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
{3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF} <, >
[Snapfish Activia]
{406B5949-7190-4245-91A9-30A17DE16AD0} <C:\Windows\Downloaded Program Files\SnapfishActivia1000.ocx, Snapfish>
[UploadListView Class]
{474F00F5-3853-492C-AC3A-476512BBC336} <C:\Windows\Downloaded Program Files\UploaderX.dll, (Signed) >
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[MySpace Uploader Control]
{48DD0448-9209-4F81-9F6D-D83562940134} <C:\Windows\Downloaded Program Files\MySpaceUploader.ocx, MySpace, Inc.>
[TVAnts ActiveX Control]
{4C833081-D026-4FF8-968F-7EAB660D2FBA} <C:\PROGRA~1\TVAnts\TvantsX.ocx, Zhejiang University>
[Egg Money Manager Digital Safe]
{xxxxxxxxxxxxxxxxxxxxxxxxxxx} <C:\Windows\Downloaded Program Files\accounttracking.dll, (Signed) eWise Systems Pty Ltd>
[Microsoft Licensed Class Manager 1.0]
{5220CB21-C88D-11CF-B347-00AA00A28331} <C:\Windows\system32\licmgr10.dll, (Signed) Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[System Requirements Lab Class]
{5727FF4C-EF4E-4D96-A96C-03AD91910448} <C:\Windows\Downloaded Program Files\sysreqlab_ind.dll, (Signed) Husdawg, LLC>
[isInstalled Class]
{5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre6\bin\wsdetect.dll, Sun Microsystems, Inc.>
[IEVkbdBHO Class]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll, (Signed) Kaspersky Lab>
[JamShellComboX Control]
{5999A3EE-E436-434A-A277-5A8A83CF3E98} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[InstallShield Update Service Agent]
{5B7524C8-2446-40E9-9474-94A779DBA224} <C:\Windows\Downloaded Program Files\isusweb.dll, Macrovision Corporation>
[]
{5C255C8A-E604-49B4-9D64-90988571CECB} <, >
[Acer eDataSecurity Management]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} <C:\Windows\system32\eDStoolbar.dll, HiTRUST>
[Microsoft Shell UI Helper]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[Groove GFS Browser Helper]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[SWHTTPUploader Object]
{7306A0C7-E97C-46CD-BBAD-0DD72CFD32CB} <C:\Windows\DOWNLO~1\SWHTTP~1.DLL, (Signed) SWSoft>
[]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[ShowBarObj Class]
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} <C:\Windows\system32\ActiveToolBand.dll, HiTRUST>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <C:\Windows\system32\msxml4.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
{88D969C1-F192-11D4-A65F-0040963251E5} <C:\Windows\system32\msxml4.dll, Microsoft Corporation>
[XSL Template 4.0]
{88D969C3-F192-11D4-A65F-0040963251E5} <C:\Windows\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <C:\Windows\system32\msxml4.dll, Microsoft Corporation>
[XML DOM Document 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 5.0]
{88D969E6-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XSL Template 5.0]
{88D969E8-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Free Threaded XML DOM Document 6.0]
{88D96A06-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XSL Template 6.0]
{88D96A08-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[Java Plug-in 1.6.0_12]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
{90222687-F593-4738-B738-FBEE9C7B26DF} <, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
{917623D1-D8E5-11D2-BE8B-00104B06BDE3} <, >
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[VideoLAN VLC ActiveX Plugin v2]
{9BE31822-FDAD-461B-AD51-BE1D1C159921} <C:\Program Files\VideoLAN\VLC\axvlc.dll, >
[JamShellListX Control]
{9CDE10DA-6917-4FEA-9E89-9FBB451D8BC8} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[Skype Detection Object]
{9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, >
[]
{A8080502-0C9E-44BD-AE83-D44698E43992} <, >
[JamShellLinkX Control]
{A8B02DCA-7648-46D6-95A8-B84EC80CA49D} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\Windows\System32\msnetobj.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>
[]
{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} <, >
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll, (Signed) Google Inc.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, (Signed) N/A>
[]
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} <, >
[Google Dictionary Compression sdch]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll, (Signed) Google Inc.>
[Microsoft Office 12 Authorization Control]
{C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MIC273~1\WEB2~1\Office12\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[]
{CAC677B6-4963-4305-9066-0BD135CD9233} <, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[AUDIO__X_MS_WAX Moniker Class]
{CD3AFA83-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <, >
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Windows\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[VodClient Control Class]
{D4003189-95B1-4A2F-9A87-F2B03665960D} <C:\Windows\system32\Nagasoft\vjocx.dll, ??????????>
[]
{D6A5A215-FBF3-45E5-ABF8-22FF50916184} <, >
[Java™ Plug-In 2 SSV Helper]
{DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>
[NameCtrl Class]
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Expression\Web 2\Office12\NAME.DLL, (Signed) Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[JScript Language]
{F414C260-6AC0-11CF-B6D1-00AA00BBBB58} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll, (Signed) Kaspersky Lab>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[IERPCtl Class]
{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, (Signed) RealNetworks, Inc.>
[JamShellTreeX Control]
{FEF7EDB0-837D-429B-8FD0-EF890F70C5B3} <C:\Windows\DOWNLO~1\SHELLB~1.OCX, (Signed) JAM Software>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 256 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 380 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 416 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 424 / SYSTEM][C:\Windows\system32\wininit.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll] [N/A, ]
[PID: 468 / SYSTEM][C:\Windows\system32\winlogon.exe] [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 500 / SYSTEM][C:\Windows\system32\services.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll] [N/A, ]
[PID: 512 / SYSTEM][C:\Windows\system32\lsass.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 520 / SYSTEM][C:\Windows\system32\lsm.exe] [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 664 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 720 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll] [N/A, ]
[PID: 764 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 844 / LOCAL SERVICE][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll] [N/A, ]
[PID: 872 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 924 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1112 / Rob][C:\Windows\Explorer.EXE] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c
\ATL80.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\SmartFTP Client\sfShellTools.dll] [SmartSoft Ltd, 1.0.4.1]
[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 84, 83, 7]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 84, 100, 4]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr] [Nokia, 6, 84, 51, 0]
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 84, 15, 1]
[C:\Windows\system32\CryptoAPI.dll] [HiTRUST, 2, 2, 0, 34]
[C:\Program Files\Freecorder\tbFree.dll] [Conduit Ltd., 4, 5, 186, 4]
[PID: 1076 / Rob][C:\Users\Rob\Desktop\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279]
[PID: 856 / Rob][C:\Users\Rob\Desktop\SREfd93f932.EXE] [Smallfrogs Studio, 2.8.1.1279]
[C:\Users\Rob\Desktop\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[\\?\globalroot\Device\__max++>\6BCE0A3A.x86.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\scrchpg.dll] [Kaspersky Lab, 8.0.0.506]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\klscav.dll] [Kaspersky Lab, 8.0.0.506]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["%SystemRoot%\hh.exe" %1]
.HLP OK. [%SystemRoot%\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
::1 localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:48 AM

Posted 24 September 2009 - 08:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:48 PM

Posted 30 September 2009 - 12:39 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users