Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad one!!!! Help Please!!!! Log posted


  • This topic is locked This topic is locked
4 replies to this topic

#1 lpfam11

lpfam11

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 05 October 2009 - 06:14 PM

I have been working with Rigel in a different forum on here and I think we have hit a dead end so he asked me to come here and post this log and someone would be able to help me. We have been working on this for about 2 weeks and have made no progress so I hope someone will be able to help.

2009-10-05,18:09:43

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
	<FlashPlayerUpdate><C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe>  [(Verified)Adobe Systems Incorporated]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
	<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]
	<funotibif><Rundll32.exe "c:\windows\system32\buhefoli.dll",a>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
	<Malwarebytes' Anti-Malware><C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent>  [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  []
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><c:\windows\system32\buhefoli.dll c:\windows\system32\hovebozi.dll yuhoraki.dll c:\windows\system32\garayudi.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL>  [(Verified)Microsoft Corporation]
	<{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}><C:\PROGRA~1\WINDOW~4\MpShHook.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
	<hidatahib><c:\windows\system32\buhefoli.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
	<{BA603215-23F2-42AD-F4E4-00AAC39CAA53}><C:\WINDOWS\system32\nzfiu3h78di.dll>  [File is missing]
	<{54addc36-8e8c-4670-8a48-bc8f57a010ae}><>  [N/A]
	<{357c17b0-9171-4754-9984-6cabb35db35e}><>  [N/A]
	<{6ec118dd-2e46-4c7b-82dd-1c10f50e5bdd}><>  [N/A]
	<{56e1870d-614f-4a1a-a8ce-e45c145ea49b}><>  [N/A]
	<{e35dd87c-b40d-4d22-9ece-1234ffa2f175}><c:\windows\system32\buhefoli.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
	<PixiePack Codec Pack 1.0.100.0><C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Ad-Watch><; C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe>  [Lavasoft AB]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Aim6><; "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp>  [File is missing]
	<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><; "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe">  [Nero AG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<BJCFD><; C:\Program Files\BroadJump\Client Foundation\CFD.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
	<CTSyncU.exe><; "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe">  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<DAEMON Tools><; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
	<eFax 4.2><; "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R>  [File is missing]
	<GrooveMonitor><; "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe">  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\wcescomm.exe">  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<Motive SmartBridge><; C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe>  [Motive, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<NapsterShell><; C:\Program Files\Napster\napster.exe /systray>  [Napster]
	<NeroFilterCheck><; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe>  [Nero AG]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<NextFitness Start><; C:\Program Files\NextFitness\NextFitness.exe>  [NextFitness, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<PWRISOVM.EXE><; C:\Program Files\PowerISO\PWRISOVM.EXE>  [File is missing]
	<QuickTime Task><; "C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<SunJavaUpdateSched><; "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe">  [Sun Microsystems, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<tunebite.exe><; C:\Program Files\Tunebite\tunebite.exe -hidden>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<WinampAgent><; "C:\Program Files\Winamp\winampa.exe">  [File is missing]
	<Windows Defender><; "C:\Program Files\Windows Defender\MSASCui.exe" -hide>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Yahoo! Pager><; 1>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<YBrowser><; C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe>  [File is missing]

==================================
Startup Folders
N/A

==================================
Services
[Ad-Aware 2007 Service / aawservice][Running/Auto Start]
  <"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"><Lavasoft AB>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[avast! iAVS4 Control Service / aswupdsv][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[avast! antivirus / avast! antivirus][Stopped/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! mail scanner / avast! mail scanner][Stopped/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! web scanner / avast! web scanner][Stopped/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Background Intelligent Transfer Service / BITS][Stopped/Manual Start]
  <%fystemRoot%\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qmgr.dll><Microsoft Corporation>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]
  <C:\WINDOWS\system32\CTsvcCDA.exe><Creative Technology Ltd>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[NBService / NBService][Stopped/Manual Start]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NICSer_WPC11 / NICSer_WPC11][Running/Auto Start]
  <C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe><N/A>
[Sandra Data Service / SandraDataSrv][Stopped/Manual Start]
  <C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe><SiSoftware>
[Sandra Service / SandraTheSrv][Stopped/Manual Start]
  <C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe><SiSoftware>
[StarWind iSCSI Service / StarWindService][Running/Auto Start]
  <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[Automatic Updates / wuauserv][Stopped/Disabled]
  <%fystemroot%\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\wuauserv.dll><Microsoft Corporation>

==================================
Drivers
[Ad-Watch Connect Kernel Filter / Ad-Watch Connect Filter][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\NSDriver.sys><Lavasoft AB>
[aswfsblk / aswfsblk][Running/Auto Start]
  <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MovRVDrv32 / MovRVDrv32][Stopped/Manual Start]
  <system32\DRIVERS\MovRVDrv32.sys><Windows (R) 2000 DDK provider>
[PCANDIS5 Protocol Driver / PCANDIS5][Running/Manual Start]
  <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[VSO Software pcouffin / pcouffin][Running/Manual Start]
  <System32\Drivers\pcouffin.sys><VSO Software>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[rootrepeal / rootrepeal][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\rootrepeal.sys><N/A>
[SANDRA / SANDRA][Stopped/Manual Start]
  <\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Sandra.sys><SiSoftware>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Creative Technology Ltd.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SndTDriverV32 / SndTDriverV32][Stopped/Manual Start]
  <system32\drivers\SndTDriverV32.sys><Windows (R) 2000/XP>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Tunebite High-Speed Dubbing / tbhsd][Running/Manual Start]
  <system32\drivers\tbhsd.sys><RapidSolution Software AG>
[tmcomm / tmcomm][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[vaxscsi / vaxscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[WINBOND W55U01 USB / W55U01][Stopped/Auto Start]
  <System32\Drivers\W55U01.sys><Windows (R) 2000 DDK provider>
[Instant Wireless PCI Card Driver / WMP11][Running/Manual Start]
  <system32\DRIVERS\WMP11NDS.sys><The Linksys Group, Inc.>

==================================
Browser Add-ons
[C:\WINDOWS\system32\nzfiu3h78di.dll]
  {ba603215-23f2-42ad-f4e4-00aac39caa53} <C:\WINDOWS\system32\nzfiu3h78di.dll, N/A>
[Java Plug-in 1.5.0_10]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MI3AA1~1\INetRepl.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MI3AA1~1\INetRepl.dll, (Signed) Microsoft Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Run IMVU]
  {d9288080-1baa-4bc4-9cf8-a92d743db949} <C:\Documents and Settings\Administrator\Start Menu\Programs\>IMVU\Run IMVU.lnk, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[Trend Micro ActiveX Scan Agent 6.6]
  {215B8138-A3CF-44C5-803F-8226143CFC0A} <C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll, Trend Micro Inc.>
[TTestGenXInstallObject]
  {37A273C2-5129-11D5-BF37-00A0CCE8754B} <C:\WINDOWS\DOWNLO~1\TESTGE~1.DLL, >
[OnlineScanner Control]
  {7530BFB8-7293-4D34-9923-61A11451AFC5} <C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX, (Signed) Eset>
[Java Plug-in 1.5.0_10]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Pearson Installation Assistant 2]
  {95D88B35-A521-472B-A182-BB1A98356421} <C:\WINDOWS\DOWNLO~1\PEARSO~1.OCX, >
[Java Plug-in 1.5.0_09]
  {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {DBA230D1-8467-4e69-987E-5FAE815A3B45} <, >
[Pearson MathXL Player]
  {E6D23284-0E9B-417D-A782-03E4487FC947} <C:\WINDOWS\DOWNLO~1\MATHPL~1.OCX, >
[]
  {00000000-0000-0000-0000-000000000000} <, >
[Microsoft Office Outlook]
  {0006F03A-0000-0000-C000-000000000046} <, >
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
[]
  {028518E1-9FA8-44FC-92D7-5C54244B5F36} <, >
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[&Research]
  {037C7B8A-151A-49E6-BAED-CC05FCB50328} <C:\WINDOWS\system32\winsrc.dll, N/A>
[MetaStreamCtl Class]
  {03F998B2-0E00-11D3-A498-00104B6EB52E} <C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll, Viewpoint Corporation>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[]
  {0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8} <, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, (Signed) N/A>
[]
  {1606D6F9-9D3B-4AEA-A025-ED5B2FD488E7} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[]
  {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} <, >
[Trend Micro ActiveX Scan Agent 6.6]
  {215B8138-A3CF-44C5-803F-8226143CFC0A} <C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll, Trend Micro Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[Shockwave ActiveX Control]
  {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[Citrix ICA Client]
  {238F6F83-B8B4-11CF-8771-00A024541EE3} <C:\Program Files\Citrix\ICA Client\Wfica.ocx, (Signed) Citrix Systems, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template]
  {2933BF94-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[]
  {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
  {38E51477-DDB4-4AED-9D61-D0C193E10749} <, >
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {4DAEE2D4-A471-42AC-97A2-4C2A79C77648} <, >
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.5.0_10\bin\JavaWebStart.dll, Sun Microsystems, Inc.>
[]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <, >
[]
  {5BED3930-2E9E-76D8-BACC-80DF2188D455} <, >
[]
  {5F91EA24-EF4A-4F7C-A57C-95FC13CD213A} <, >
[]
  {60699CCA-8984-4F37-843D-5FF31A4BBFA2} <, >
[]
  {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} <, >
[SharePoint Export Database Launcher]
  {62B4D041-4667-40B6-BB50-4BC0A5043A73} <C:\PROGRA~1\MICROS~2\Office12\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {6EC5A970-7A86-483E-B9FF-0D0EBCB744F4} <, >
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL, (Signed) Microsoft Corporation>
[OnlineScanner Control]
  {7530BFB8-7293-4D34-9923-61A11451AFC5} <C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX, (Signed) Eset>
[Windows Media Services DRM Storage object]
  {760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\drmstor.dll, (Signed) Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {77E32299-629F-43C6-AB77-6A1E6D7663F6} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
  {88D969C1-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XSL Template 4.0]
  {88D969C3-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.5.0_10]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[DEGetBlockFmtNamesParam Class]
  {8D91090E-B955-11D1-ADC5-006008A5848C} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[SharePoint OpenDocuments Class]
  {9203C2CB-1DC1-482D-967E-597AFF270F0D} <C:\PROGRA~1\MICROS~2\Office12\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[AudioTest Class]
  {957CBDBE-68F6-11D3-8A88-00A02465C376} <, >
[RNGCIECtl Class]
  {A5DC33CE-214B-4C26-8596-8A45456C9EB8} <C:\Program Files\Real\RealArcade\iegcplug.dll, RealNetworks, Inc.>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[Tunebite_WebRipPlugin Class]
  {AA102584-3B97-47E7-B9BC-75D54C110A7D} <C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll, (Signed) RapidSolution Software>
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[C:\WINDOWS\system32\nzfiu3h78di.dll]
  {BA603215-23F2-42AD-F4E4-00AAC39CAA53} <C:\WINDOWS\system32\nzfiu3h78di.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[Napster external link handler]
  {C2F18352-A7FC-487E-9B44-8FF0AB12B58B} <C:\Program Files\Napster\xdetect.ocx, Napster>
[Microsoft Office 12 Authorization Control]
  {C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__AVI Moniker Class]
  {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[Yahoo! VersionInfo]
  {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\Program Files\Yahoo!\Common\YVerInfo.dll, N/A>
[iTunesDetector Class]
  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Inc.>
[]
  {D9288080-1BAA-4BC4-9CF8-A92D743DB949} <, >
[]
  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <, >
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.>
[]
  {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} <, >
[NameCtrl Class]
  {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Office\Office12\NAME.DLL, (Signed) Microsoft Corporation>
[WebViewFolderIcon Class]
  {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\system32\webvw.dll, (Signed) Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[MiniFriends Class]
  {EDF5E8FC-321A-4750-A6AE-2543BAB1AD03} <, >
[Scripting.Dictionary]
  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, (Signed) Microsoft Corporation>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
[]
  {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document]
  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[Lookup on Merriam Webster]
  <file://C:\Program Files\ieSpell\Merriam Webster.HTM, N/A>
[Lookup on Wikipedia]
  <file://C:\Program Files\ieSpell\wikipedia.HTM, N/A>

==================================
Running Processes
[PID: 500 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]
[PID: 880 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[\\?\globalroot\systemroot\system32\UACivkosibsdp.dll]  [N/A, ]
[PID: 1132 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\systemroot\system32\UACuyuwfpfllk.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1328 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\systemroot\system32\UACuyuwfpfllk.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1444 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\systemroot\system32\UACuyuwfpfllk.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1564 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\systemroot\system32\UACuyuwfpfllk.dll]  [N/A, ]
[PID: 1844 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  [ALWIL Software, 4, 8, 1351, 0]
	[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1351, 0]
	[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1351, 0]
	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1351, 0]
[PID: 1932 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 604 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\systemroot\system32\UACuyuwfpfllk.dll]  [N/A, ]
[PID: 636 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe]  [Lavasoft AB, 7, 0, 1, 6]
	[C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll]  [Lavasoft AB, 7, 0, 1, 6]
	[C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll]  [PKWARE, Inc., 8.4.219.0]
	[C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll]  [N/A, ]
[PID: 652 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.50.39.0]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
[PID: 668 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,6,2]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
[PID: 696 / SYSTEM][C:\WINDOWS\system32\CTsvcCDA.exe]  [Creative Technology Ltd, 1.0.1.0]
[PID: 788 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 1092 / SYSTEM][C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe]  [N/A, ]
	[C:\WINDOWS\system32\BORLNDMM.DLL]  [Inprise Corporation, 5.0.12.34]
	[C:\WINDOWS\system32\CC3260MT.DLL]  [Borland Corporation, 0.0.0.0 (informal build)]
[PID: 1248 / SYSTEM][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe]  [Rocket Division Software, 2.6.1 Build 0x20050401]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1624 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\systemroot\system32\UACuyuwfpfllk.dll]  [N/A, ]
[PID: 1728 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2280 / Administrator][C:\Documents and Settings\Administrator\Desktop\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 2288 / Administrator][C:\Documents and Settings\Administrator\Desktop\sreng2\SREbdddb224.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Documents and Settings\Administrator\Desktop\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[\\?\globalroot\Device\__max++>\96A34D3E.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   Error. []
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1		localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 636, C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 696, C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1092, C:\PROGRAM FILES\LINKSYS\WIRELESS NETWORK PC CARD\NICSERV.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1248, C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2280, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] WGASetup.job
		C:\WINDOWS\system32\KB905474\wgasetup.exe 
[Enabled] User_Feed_Synchronization-{983B36B4-AFF6-40C9-AEEB-3F3ADC7CDD61}.job
		C:\WINDOWS\system32\msfeedssync.exe 
[Enabled] AppleSoftwareUpdate.job
		C:\Program Files\Apple Software Update\SoftwareUpdate.exe 

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


BC AdBot (Login to Remove)

 


#2 lpfam11

lpfam11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 October 2009 - 07:29 PM

Can anyone help me with this please!!!!

#3 lpfam11

lpfam11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 11 October 2009 - 11:26 AM

Can someone give me an Avenger script based on above?

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:04 PM

Posted 22 October 2009 - 02:01 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:04 PM

Posted 26 October 2009 - 07:44 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users