Have serious unknown problem

Starting yesterday, 03/02 programs stopped loading. svchosts running multiple times using lots of cpu. McAfee Internet Security Suite Plus stopped working, then I removed it. Tried to install Kaspersky Internet Suite 2010, won't complete. SuperAntiSpyware stopped working, MalwareBytes Anti-Malware stops responding on certain file. Tried reinstalling both, same result. I did system restore to about two days ago, no impovement. DDS won't produce attach.txt, normal or safe. Gmer stops running safe or normal.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Fred at 12:31:28.71 on Wed 03/03/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.2523 [GMT -5:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\Pixart\Pac207\Monitor.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\RoboTask Lite\RoboTaskLite.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Windows\system32\lxblcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\java.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Kentdome\Vista Caller-ID\CallerID.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Fred\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mysite.verizon.net/fwi/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: IEPlugin Class: {cf7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\advanced system optimizer\IEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Visolve: {01c692bf-ff95-4583-91b6-23f8568749b7} - c:\program files\visolve\controlbar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [RoboTask Lite] c:\program files\robotask lite\RoboTaskLite.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.4\apdproxy.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\mog-o-~1.lnk - c:\program files\mog-o-matic\MogClient.exe
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\woopra.lnk - c:\program files\woopra\Woopra.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\3572475\program\Compaq Connections.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vistac~1.lnk - c:\windows\installer\{6101be40-84b8-48f2-89bf-7ffbf641d600}\_45738C77BC790C3EB3601A.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\eudora\EuShlExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\biey3q3p.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysite.verizon.net/fwi/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\biey3q3p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\biey3q3p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\fred\appdata\roaming\mozilla\plugins\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-23 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 5188096]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 125440]
R3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2009-3-23 505984]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-6-6 15144]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-2-19 13480]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-9-1 946816]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-20 38224]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-3 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-3 40552]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2008-5-21 34576]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-16 11520]

============== File Associations ===============

VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
jsefile\shell\open2\command=c:\windows\system32\CScript.exe "%1" %*

=============== Created Last 30 ================

2010-03-03 17:06:33 0 ----a-w- c:\users\fred\defogger_reenable
2010-03-03 13:28:55 77312 ----a-w- c:\windows\MBR.exe
2010-03-03 13:28:55 261632 ----a-w- c:\windows\PEV.exe
2010-03-03 13:21:39 0 d-s---w- C:\ComboFix
2010-03-03 07:38:11 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-03-01 20:02:23 0 d-----w- c:\users\fred\appdata\roaming\DiskSpaceFan
2010-03-01 20:02:16 0 d-----w- c:\program files\DiskSpaceFan
2010-02-19 23:47:27 0 d-----w- c:\users\fred\appdata\roaming\WTouch
2010-02-19 23:47:19 245032 ----a-w- c:\windows\system32\Touch_Tablet.dll
2010-02-19 23:44:12 13480 ----a-w- c:\windows\system32\drivers\WacomVTHid.sys
2010-02-19 23:44:12 0 d-----w- c:\program files\WTouch
2010-02-19 23:44:05 0 d-----w- c:\program files\TabletPlugins
2010-02-16 21:51:07 0 d-----w- c:\users\fred\appdata\roaming\McAfee
2010-02-15 03:50:35 0 d-----w- c:\program files\JRE
2010-02-15 02:59:39 0 d-----w- c:\users\fred\appdata\roaming\Registry Mechanic
2010-02-15 00:53:12 0 d-----w- c:\users\fred\appdata\roaming\OpenOffice.org
2010-02-14 17:56:04 0 d-----w- c:\program files\OpenOffice.org 3
2010-02-14 17:54:19 0 d-----w- c:\programdata\Sun
2010-02-13 20:11:22 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-02-13 20:11:22 506368 ----a-w- c:\windows\system32\msxml.dll
2010-02-13 20:11:22 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-02-13 20:11:22 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-02-13 20:11:20 0 d-----w- c:\program files\common files\PC Tools
2010-02-10 22:59:54 0 d-----w- c:\programdata\ATI
2010-02-10 04:20:02 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 04:20:02 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 04:18:38 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 04:18:37 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 01:37:06 0 d-----w- c:\users\fred\appdata\roaming\Azureus
2010-02-10 01:35:16 0 d-----w- c:\program files\Vuze
2010-02-07 19:48:57 383 ----a-w- C:\config.xml
2010-02-07 19:42:09 0 d-----w- c:\program files\Microsoft Research
2010-02-03 23:00:52 0 d-----w- c:\program files\common files\xing shared

==================== Find3M ====================

2010-03-03 07:34:50 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-03 07:34:50 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-03 07:34:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-19 22:35:20 3662 --sha-w- c:\programdata\KGyGaAvL.sys
2010-02-15 03:46:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-13 21:55:54 72080 ----a-w- c:\users\fred\g2mdlhlpx.exe
2010-02-02 02:55:19 231996 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-11 20:45:40 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-11 20:45:10 372736 ----a-w- c:\windows\system32\atieclxx.exe
2009-12-11 20:44:40 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-12-11 20:43:18 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-12-11 20:42:58 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-12-11 20:42:44 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-12-11 20:42:36 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-12-11 20:42:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-12-11 20:39:38 3060224 ----a-w- c:\windows\system32\atidxx32.dll
2009-12-11 20:35:34 400384 ----a-w- c:\windows\system32\aticfx32.dll
2009-12-11 20:26:00 13383168 ----a-w- c:\windows\system32\atioglxx.dll
2009-12-11 20:22:58 3601920 ----a-w- c:\windows\system32\atiumdag.dll
2009-12-11 20:11:30 50176 ----a-w- c:\windows\system32\coinst.dll
2009-12-11 20:04:50 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-11 20:04:50 2912768 ----a-w- c:\windows\system32\atiumdva.dll
2009-12-11 20:04:34 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-11 20:03:22 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-11 19:52:16 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-11 19:52:16 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-12-11 19:51:36 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-12-11 19:51:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2009-12-11 19:51:12 15360 ----a-w- c:\windows\system32\atigktxx.dll
2009-12-11 19:50:28 27136 ----a-w- c:\windows\system32\atiuxpag.dll
2009-12-11 19:50:12 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2009-12-11 19:49:46 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2009-12-08 20:52:17 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52:16 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-09-22 21:33:52 174 --sh--w- c:\program files\desktop.ini
2008-09-22 21:04:13 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfc.dat
2007-09-19 14:28:51 8 --sh--r- c:\windows\system32\3CFBE0E1F4.sys
2009-03-16 04:50:10 900 --sh--w- c:\windows\system32\KGyGaAvL.sys
2007-11-16 22:08:08 32768 --sh--w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007111620071117\index.dat
2008-08-30 17:52:16 32768 --sh--w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 12:42:37.78 ===============


Regards,

Fred

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. In the custom scan box paste the following:
   
   CODE
   netsvcs
   msconfig
   safebootminimal
   safebootnetwork
   activex
   drivers32
   %systemroot%\system32\*.dll /lockedfiles
   %systemroot%\Tasks\*.job /lockedfiles
   /md5start
   eventlog.dll
   scecli.dll
   netlogon.dll
   cngaudit.dll
   sceclt.dll
   ntelogon.dll
   logevent.dll
   iaStor.sys
   nvstor.sys
   atapi.sys
   IdeChnDr.sys
   viasraid.sys
   AGP440.sys
   vaxscsi.sys
   nvatabus.sys
   viamraid.sys
   nvata.sys
   nvgts.sys
   iastorv.sys
   ViPrt.sys
   eNetHook.dll
   ahcix86.sys
   KR10N.sys
   nvstor32.sys
   ahcix86s.sys
   nvrd32.sys
   /md5stop
   %systemroot%\*. /mp /s
6. Push the button.
7. Two reports will open, copy and paste them in a reply here:
   • OTL.txt <-- Will be opened
   • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Hi,

OTL will not run, either in normal or safe mode. Or as renamed to rightarrow.exe in either. It
just hangs on get drive names.

Have be trying lots of programs. Most all just end up not responding.

Did get a combofix to run overnight. About the only program to complete. Was trying to get anything to work!

Problem same as described originally.

Have also noticed that svchost.exe username network using lots of CPU almost all the time.

I will follow your intructions from here.

Thanks,

Fred

Hi,

could you please provide the log from when you ran ComboFix. You will find the log in C:\combofix.txt.

regards myrti

Hi,

Here is c:\combofix.txt

ComboFix 10-03-04.02 - Fred 03/07/2010 5:03.3.1 - x86 NETWORK
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3582.3071 [GMT -5:00]
Running from: c:\users\Fred\Desktop\Combo-Fix.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
ADS - Windows: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2999670558-2758420469-3129876585-500
c:\windows\jestertb.dll
c:\windows\system32\tmp.reg
c:\windows\system32\twain_32.dll
c:\windows\system32\Ultra.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 11:36 . 2010-03-07 11:38 -------- d-----w- c:\users\Fred\AppData\Local\temp
2010-03-07 11:36 . 2010-03-07 11:36 -------- d-----w- c:\users\TEMP.Fred-PC\AppData\Local\temp
2010-03-07 11:36 . 2010-03-07 11:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-07 11:36 . 2010-03-07 11:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-07 09:52 . 2010-03-07 09:53 -------- d-----w- C:\32788R22FWJFW
2010-03-07 08:55 . 2010-03-07 08:55 93056 ----a-w- C:\kwldypob.sys
2010-03-07 06:29 . 2010-03-07 06:34 -------- d-----w- c:\program files\Svchost Fix Wizard
2010-03-07 06:29 . 2009-04-16 19:13 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-03-07 06:29 . 2009-04-16 19:13 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-03-07 06:16 . 2010-03-07 06:16 -------- d-----w- c:\program files\RegCure
2010-03-07 06:16 . 2010-03-07 06:16 -------- d-----w- c:\programdata\RegCure
2010-03-06 02:19 . 2010-03-06 02:19 -------- d-----w- c:\program files\Sophos
2010-03-06 00:40 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\07663842.sys
2010-03-06 00:40 . 2009-10-10 03:31 311312 ----a-w- c:\windows\system32\drivers\0766384.sys
2010-03-06 00:40 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\07663841.sys
2010-03-06 00:34 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\25825422.sys
2010-03-06 00:34 . 2009-10-10 03:31 311312 ----a-w- c:\windows\system32\drivers\2582542.sys
2010-03-06 00:34 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\25825421.sys
2010-03-06 00:16 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\41835662.sys
2010-03-06 00:16 . 2009-10-10 03:31 311312 ----a-w- c:\windows\system32\drivers\4183566.sys
2010-03-06 00:16 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\41835661.sys
2010-03-06 00:08 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\88396992.sys
2010-03-06 00:08 . 2009-10-10 03:31 311312 ----a-w- c:\windows\system32\drivers\8839699.sys
2010-03-06 00:08 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\88396991.sys
2010-03-05 23:18 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\85710942.sys
2010-03-05 23:18 . 2009-10-10 03:31 311312 ----a-w- c:\windows\system32\drivers\8571094.sys
2010-03-05 23:18 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\85710941.sys
2010-03-05 23:17 . 2010-03-07 03:30 -------- d-----w- c:\programdata\Kaspersky Lab
2010-03-05 23:16 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\61669202.sys
2010-03-05 23:16 . 2009-10-10 03:31 311312 ----a-w- c:\windows\system32\drivers\6166920.sys
2010-03-05 23:16 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\61669201.sys
2010-03-05 20:43 . 2010-03-07 07:44 439816 ----a-w- c:\users\Fred\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-05 18:33 . 2010-03-05 18:33 -------- d-----w- c:\program files\Trend Micro
2010-03-05 16:55 . 2010-03-05 16:55 -------- d-----w- c:\users\Fred\AppData\Roaming\SUPERAntiSpyware.com
2010-03-05 16:55 . 2010-03-05 16:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-04 23:31 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 23:31 . 2010-03-06 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-04 23:31 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 23:31 . 2010-03-03 23:31 -------- d-----w- c:\program files\ESET
2010-03-03 07:38 . 2010-03-03 07:38 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-03-01 20:02 . 2010-03-01 20:11 -------- d-----w- c:\users\Fred\AppData\Roaming\DiskSpaceFan
2010-03-01 20:02 . 2010-03-01 20:02 -------- d-----w- c:\program files\DiskSpaceFan
2010-02-22 20:06 . 2009-12-16 21:05 471040 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\biey3q3p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-02-22 20:06 . 2009-12-16 21:05 347136 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\biey3q3p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-02-22 20:06 . 2009-12-16 21:05 340992 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\biey3q3p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-02-22 20:06 . 2009-12-16 21:05 43008 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\biey3q3p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-02-22 20:06 . 2009-12-16 21:05 1452032 ----a-w- c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\biey3q3p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-02-19 23:47 . 2010-02-19 23:47 -------- d-----w- c:\users\Fred\AppData\Roaming\WTouch
2010-02-19 23:47 . 2009-11-23 20:53 245032 ----a-w- c:\windows\system32\Touch_Tablet.dll
2010-02-19 23:44 . 2010-02-19 23:47 -------- d-----w- c:\program files\WTouch
2010-02-19 23:44 . 2009-07-09 14:16 13480 ----a-w- c:\windows\system32\drivers\WacomVTHid.sys
2010-02-19 23:44 . 2010-02-19 23:44 -------- d-----w- c:\program files\TabletPlugins
2010-02-16 21:54 . 2009-09-30 17:11 288096 ----a-r- c:\users\Fred\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-02-16 21:51 . 2010-02-16 21:51 -------- d-----w- c:\users\Fred\AppData\Roaming\McAfee
2010-02-15 03:50 . 2010-02-15 03:50 -------- d-----w- c:\program files\JRE
2010-02-15 02:59 . 2010-02-15 02:59 -------- d-----w- c:\users\Fred\AppData\Roaming\Registry Mechanic
2010-02-15 00:53 . 2010-02-15 05:41 1 ----a-w- c:\users\Fred\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-15 00:53 . 2010-02-15 00:53 -------- d-----w- c:\users\Fred\AppData\Roaming\OpenOffice.org
2010-02-14 17:56 . 2010-02-15 03:50 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-13 20:11 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2010-02-13 20:11 . 2010-02-13 20:11 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-10 22:59 . 2010-02-10 22:59 -------- d-----w- c:\programdata\ATI
2010-02-10 22:39 . 2010-02-10 22:39 10134 ----a-r- c:\users\Fred\AppData\Roaming\Microsoft\Installer\{590B3F7B-C516-B2A0-0F9A-085FBD1D4432}\ARPPRODUCTICON.exe
2010-02-10 04:20 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 04:20 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 04:18 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 04:18 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 01:37 . 2010-02-18 19:03 -------- d-----w- c:\users\Fred\AppData\Roaming\Azureus
2010-02-10 01:35 . 2010-02-12 20:53 -------- d-----w- c:\program files\Vuze
2010-02-10 00:09 . 2010-02-10 00:09 -------- d-----w- c:\users\TEMP.Fred-PC\AppData\Roaming\TuneUp Software
2010-02-10 00:09 . 2010-02-10 00:09 -------- d-----w- c:\users\TEMP.Fred-PC\AppData\Roaming\IObit
2010-02-10 00:09 . 2010-02-10 00:09 -------- d-----w- c:\users\TEMP.Fred-PC\AppData\Roaming\WTablet
2010-02-07 19:48 . 2010-02-07 19:48 -------- d-----w- c:\users\Fred\AppData\Local\Microsoft_Research
2010-02-07 19:42 . 2010-02-07 19:42 -------- d-----w- c:\program files\Microsoft Research

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 08:08 . 2008-12-03 02:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-07 04:08 . 2007-10-13 16:46 -------- d-----w- c:\users\Fred\AppData\Roaming\WTablet
2010-03-07 03:46 . 2008-06-03 21:36 -------- d-----w- c:\programdata\Google Updater
2010-03-05 20:23 . 2008-03-20 14:47 691 ----a-w- c:\users\Fred\AppData\Roaming\GetValue.vbs
2010-03-05 20:23 . 2008-03-20 14:47 35 ----a-w- c:\users\Fred\AppData\Roaming\SetValue.bat
2010-03-05 20:23 . 2008-03-20 14:47 35 ----a-w- c:\users\Fred\AppData\Roaming\SetValue.bat
2010-03-05 15:58 . 2007-09-22 04:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-05 15:44 . 2007-12-03 17:35 1356 ----a-w- c:\users\Fred\AppData\Local\d3d9caps.dat
2010-03-03 09:23 . 2007-09-18 15:19 -------- d-----w- c:\programdata\FLEXnet
2010-03-03 08:05 . 2009-11-04 03:16 -------- d-----w- c:\programdata\McAfee
2010-03-03 08:05 . 2009-11-04 03:36 -------- d-----w- c:\program files\McAfee
2010-03-03 08:04 . 2009-11-04 03:36 -------- d-----w- c:\program files\Common Files\McAfee
2010-03-03 05:39 . 2007-09-18 05:36 143888 ----a-w- c:\users\Fred\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-03 03:56 . 2007-12-09 04:54 -------- d-----w- c:\users\Fred\AppData\Roaming\StumbleUpon
2010-03-03 01:20 . 2008-09-12 21:19 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-28 19:43 . 2007-03-29 20:35 -------- d-----w- c:\programdata\Microsoft Help
2010-02-19 23:43 . 2007-10-06 15:10 -------- d-----w- c:\program files\Tablet
2010-02-19 22:35 . 2007-12-21 22:13 3662 --sha-w- c:\programdata\KGyGaAvL.sys
2010-02-19 22:35 . 2007-12-21 22:13 3662 --sha-w- c:\programdata\KGyGaAvL.sys
2010-02-16 23:40 . 2009-11-04 03:40 -------- d-----w- c:\program files\SiteAdvisor
2010-02-15 04:15 . 2007-12-22 16:41 -------- d-----w- c:\program files\Common Files\Java
2010-02-15 04:11 . 2007-09-18 06:27 -------- d-----w- c:\program files\Java
2010-02-15 03:46 . 2008-11-27 15:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-13 21:55 . 2009-06-13 22:57 72080 ----a-w- c:\users\Fred\g2mdlhlpx.exe
2010-02-12 01:21 . 2007-09-22 17:55 -------- d-----w- c:\program files\Eudora
2010-02-12 00:44 . 2007-03-29 20:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-11 03:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 23:00 . 2009-03-15 01:25 -------- d-----w- c:\program files\ATI
2010-02-10 22:39 . 2009-03-15 01:25 -------- d-----w- c:\program files\ATI Technologies
2010-02-10 17:31 . 2009-09-15 19:55 -------- d-----r- c:\program files\Skype
2010-02-10 00:55 . 2009-11-24 01:14 -------- d-----w- c:\users\Fred\AppData\Roaming\Dropbox
2010-02-09 17:12 . 2007-09-23 17:57 -------- d-----w- c:\users\Fred\AppData\Roaming\Winamp
2010-02-04 00:29 . 2008-09-12 21:19 -------- d-----w- c:\users\Fred\AppData\Roaming\Thunderbird
2010-02-03 23:00 . 2010-02-03 23:00 -------- d-----w- c:\program files\Common Files\xing shared
2010-02-02 02:55 . 2008-06-04 04:12 231996 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-02 02:53 . 2007-09-19 15:45 -------- d-----w- c:\users\Fred\AppData\Roaming\Apple Computer
2010-02-02 02:52 . 2010-02-02 02:51 -------- d-----w- c:\program files\Safari
2010-01-27 00:26 . 2007-09-18 06:29 -------- d-----w- c:\program files\Google
2010-01-24 11:01 . 2009-03-24 00:01 -------- d-----w- c:\program files\SmartFTP Client
2010-01-20 01:28 . 2008-02-16 23:01 -------- d-----w- c:\programdata\Corel
2010-01-02 06:38 . 2010-01-21 20:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 20:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 20:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 04:19 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 04:19 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 04:19 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 04:19 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 04:19 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 04:19 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 04:19 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 04:19 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 04:19 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 04:19 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 12:43 . 2009-12-17 12:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-11 21:03 . 2009-12-11 21:03 5188096 ----a-w- c:\windows\system32\drivers\atipmdag.sys
2009-12-11 21:03 . 2009-12-11 21:03 5188096 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-12-11 20:45 . 2009-12-11 20:45 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-11 20:45 . 2009-12-11 20:45 372736 ----a-w- c:\windows\system32\atieclxx.exe
2009-12-11 20:44 . 2009-12-11 20:44 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-12-11 20:43 . 2009-03-15 03:42 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-12-11 20:42 . 2009-03-15 03:42 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-12-11 20:42 . 2009-12-11 20:42 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-12-11 20:42 . 2009-12-11 20:42 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-12-11 20:42 . 2009-12-11 20:42 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-12-11 20:39 . 2009-12-11 20:39 3060224 ----a-w- c:\windows\system32\atidxx32.dll
2009-12-11 20:35 . 2009-12-11 20:35 400384 ----a-w- c:\windows\system32\aticfx32.dll
2009-12-11 20:26 . 2009-12-11 20:26 13383168 ----a-w- c:\windows\system32\atioglxx.dll
2009-12-11 20:22 . 2009-03-15 03:42 3601920 ----a-w- c:\windows\system32\atiumdag.dll
2009-12-11 20:11 . 2009-12-11 20:11 50176 ----a-w- c:\windows\system32\coinst.dll
2009-12-11 20:04 . 2009-12-11 20:04 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-11 20:04 . 2009-03-15 03:42 2912768 ----a-w- c:\windows\system32\atiumdva.dll
2009-12-11 20:04 . 2009-12-11 20:04 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-11 20:03 . 2009-12-11 20:03 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-11 19:52 . 2009-12-11 19:52 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-11 19:52 . 2009-12-11 19:52 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-12-11 19:52 . 2009-12-11 19:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-12-11 19:51 . 2009-12-11 19:51 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-12-11 19:51 . 2009-12-11 19:51 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2009-12-11 19:51 . 2009-12-11 19:51 15360 ----a-w- c:\windows\system32\atigktxx.dll
2009-12-11 19:50 . 2009-12-11 19:50 125440 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2009-12-11 19:50 . 2009-12-11 19:50 27136 ----a-w- c:\windows\system32\atiuxpag.dll
2009-12-11 19:50 . 2009-12-11 19:50 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2009-12-11 19:49 . 2009-12-11 19:49 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2009-12-08 20:52 . 2010-02-10 04:19 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 04:19 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 04:19 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-01 23:45 . 2009-05-01 23:45 135680 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-19 14:28 . 2007-09-19 14:28 8 --sha-r- c:\windows\System32\3CFBE0E1F4.sys
2009-03-16 04:50 . 2007-09-19 14:28 900 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-01-19 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys

[-] 2008-01-19 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys

[-] 2008-01-19 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys

[-] 2008-01-19 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll

[-] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe

[-] 2008-01-19 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll

[-] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[-] 2008-01-19 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll

[-] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[-] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll

[-] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[-] 2008-01-19 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\System32\services.exe

[-] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[-] 2008-01-19 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe

[-] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[-] 2008-01-19 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe

[-] 2009-04-11 . 0C2236FB7195A1CF2A632D530349E673 . 1686016 . . [5.82] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
[-] 2008-01-19 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll

[-] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
[-] 2008-01-19 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll

[-] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
[-] 2008-04-18 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\System32\es.dll

[-] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll
[-] 2008-01-19 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\System32\imm32.dll

[-] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[-] 2009-02-13 . DB6E3731E6F5C8AE2843F80B5787F7C6 . 888832 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll

[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll

[-] 2008-01-19 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\System32\lpk.dll

[-] 2010-01-02 . DF4D546A6E1C8D0F4FC10FCC9E422763 . 5942784 . . [8.00.6001.18702] . . c:\windows\System32\mshtml.dll
[-] 2009-08-27 . E9C51FD04019DC14CAE9CEDE3C7B08E3 . 5942272 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22918_none_f6b3057751153c65\mshtml.dll
[-] 2009-08-27 . 7172C1681283EC40A8DA9ED4180FF390 . 5940224 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18828_none_f61e98c037ffb88c\mshtml.dll
[-] 2009-05-12 . 5F3B323A3758C9B156B199F54A888882 . 5936128 . . [8.00.6001.22874] . . c:\windows\SoftwareDistribution\Download\7825d2f301c03b6bb63b926dc19881f5\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22874_none_f66e22e151498188\mshtml.dll
[-] 2009-05-09 . 89CCF8069B59780BDEF45E345E671347 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\7825d2f301c03b6bb63b926dc19881f5\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18783_none_f5d8b5e03834e458\mshtml.dll
[-] 2009-04-11 . A4D04D404AFC1D30EDA01EE50D27AA51 . 3596288 . . [7.00.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18005_none_152e8ba81f4b4668\mshtml.dll
[-] 2008-10-02 . 3E3D3E24BD1F862CD1A772C0DAD3F134 . 3578880 . . [7.00.6001.18148] . . c:\windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\mshtml.dll
[-] 2008-10-02 . 713D3D802424C56F28A3AC21F843D9E4 . 3593216 . . [7.00.6000.16757] . . c:\windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\mshtml.dll
[-] 2008-10-02 . 56942EB5D17DFA38CA0B2B234BB578A3 . 3579392 . . [7.00.6001.22278] . . c:\windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\mshtml.dll
[-] 2008-10-02 . 34311116C0A994BD82D7732D0950999C . 3594752 . . [7.00.6000.20927] . . c:\windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\mshtml.dll

[-] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll
[-] 2008-01-19 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\System32\msvcrt.dll
[-] 2004-08-05 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\SMINST\msvcrt.dll

[-] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[-] 2008-01-19 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll

[-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[-] 2008-01-19 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll

[-] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6002.18005_none_a505176cf9fa2abd\powrprof.dll
[-] 2008-01-19 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll

[-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[-] 2008-01-19 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll

[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll

[-] 2008-01-19 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe

[-] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6002.18005_none_e52851e7e21463cb\tapisrv.dll
[-] 2008-01-19 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll

[-] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[-] 2008-01-19 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll

[-] 2008-01-19 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe

[-] 2010-01-02 . 91B8712BDC74295DA14A08F519B70D65 . 916480 . . [8.00.6001.18702] . . c:\windows\System32\wininet.dll
[-] 2009-08-27 . D0DD9439DB3C927209CFFE095AA1F097 . 916480 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22918_none_e558e658d0bed32f\wininet.dll
[-] 2009-08-27 . E3AB6EBE520E1898663B011D2FC0DF11 . 916480 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\fa8c2d28d4f83f2d821668f4c68d7ffc\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18828_none_e4c479a1b7a94f56\wininet.dll
[-] 2009-05-12 . 4BEDA2520729640D927E09A51AB916C4 . 915456 . . [8.00.6001.22874] . . c:\windows\SoftwareDistribution\Download\7825d2f301c03b6bb63b926dc19881f5\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
[-] 2009-05-09 . D78B62CC91F043CED52F23F0085E7FE2 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\7825d2f301c03b6bb63b926dc19881f5\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
[-] 2009-04-11 . 8777B44511D8BCCF47B5A7CBDC02DE11 . 828416 . . [7.00.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll
[-] 2008-10-02 . C373C19F10601C1AFE7E40907AE48694 . 827392 . . [7.00.6001.18148] . . c:\windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll
[-] 2008-10-02 . 8BF7D225505A4ADA25D9444E91811CEA . 826368 . . [7.00.6000.16757] . . c:\windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll
[-] 2008-10-02 . 6B2591CDCEFEB8451594288426677CBB . 827904 . . [7.00.6001.22278] . . c:\windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll
[-] 2008-10-02 . C85EF7DE97ABBF00B16AD11EDFEAC637 . 827904 . . [7.00.6000.20927] . . c:\windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll

[-] 2008-01-19 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll

[-] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[-] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\explorer.exe

[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll

[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe

[-] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[-] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll

[-] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6002.18005_none_8b517ec580991c4d\regsvc.dll
[-] 2008-01-19 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll

[-] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404\schedsvc.dll
[-] 2008-01-19 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll

[-] 2008-01-19 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll

[-] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[-] 2008-01-19 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll

[-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll

[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll

[-] 2008-01-19 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-02 20:44 325000 ------w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboTask Lite"="c:\program files\RoboTask Lite\RoboTaskLite.exe" [2008-03-26 615424]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-19 160592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-03 198160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-01 1838592]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-14 600000]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-5-10 546816]
MOG-O-MATIC.lnk - c:\program files\MOG-O-MATIC\MogClient.exe [2007-11-11 677888]
Woopra.lnk - c:\program files\Woopra\Woopra.exe [2008-7-29 508416]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vista Caller-ID.lnk - c:\windows\Installer\{6101BE40-84B8-48F2-89BF-7FFBF641D600}\_45738C77BC790C3EB3601A.exe [2008-4-21 10134]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2007-3-29 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Eudora\EuShlExt.dll" [2005-11-14 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 19:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 18:21 2213160 ------w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-04-09 05:15 648504 ------w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-23 01:49 13539872 ------w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-23 01:49 92704 ------w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2009-10-14 20:42 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking9\Ereg.ini
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="removed"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-05-14 715248]
R1 07663841;07663841;c:\windows\system32\DRIVERS\07663841.sys [2009-09-25 128016]
R1 25825421;25825421;c:\windows\system32\DRIVERS\25825421.sys [2009-09-25 128016]
R1 41835661;41835661;c:\windows\system32\DRIVERS\41835661.sys [2009-09-25 128016]
R1 61669201;61669201;c:\windows\system32\DRIVERS\61669201.sys [2009-09-25 128016]
R1 85710941;85710941;c:\windows\system32\DRIVERS\85710941.sys [2009-09-25 128016]
R1 88396991;88396991;c:\windows\system32\DRIVERS\88396991.sys [2009-09-25 128016]
R1 SABKUTIL;SABKUTIL;c:\users\Fred\Desktop\SABKUTIL.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Fred\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Fred\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-12-04 946816]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 5188096]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 125440]
R3 cpuz131;cpuz131;c:\users\Fred\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2008-05-21 34576]
R3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-10 505984]
R3 rootbeer;rootbeer;c:\windows\system32\drivers\rootbeer.sys [x]
R3 SASENUM;SASENUM;c:\users\Fred\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-16 11520]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]
R4 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R4 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
R4 VundoFixSvc;VundoFix Service;VundoFixSVC.exe [x]
R4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S0 07663842;07663842 Boot Guard Driver;c:\windows\system32\DRIVERS\07663842.sys [2009-10-22 37392]
S0 25825422;25825422 Boot Guard Driver;c:\windows\system32\DRIVERS\25825422.sys [2009-10-22 37392]
S0 41835662;41835662 Boot Guard Driver;c:\windows\system32\DRIVERS\41835662.sys [2009-10-22 37392]
S0 61669202;61669202 Boot Guard Driver;c:\windows\system32\DRIVERS\61669202.sys [2009-10-22 37392]
S0 85710942;85710942 Boot Guard Driver;c:\windows\system32\DRIVERS\85710942.sys [2009-10-22 37392]
S0 88396992;88396992 Boot Guard Driver;c:\windows\system32\DRIVERS\88396992.sys [2009-10-22 37392]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 19:37]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:08]

2010-03-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-11 11:07]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 01:25]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 01:25]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\VERSION 2\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\users\Fred\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Fred\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 06:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A916788E-14BA-C917-6694-8E98615249A3}\InProcServer32*]
"japdjenlicbbhfbebcce"=hex:6a,61,61,66,6b,61,6a,6e,66,62,6f,6b,6c,6c,61,61,6e,
70,65,66,00,00
"iapddehhciibopmcdg"=hex:6a,61,61,66,6c,61,6b,6e,61,65,67,70,70,63,63,64,69,6f,
6b,6b,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1f,a0,84,35,4c,77,de,c9,da,c9,ec,48,f5,b2,30,d3,aa,94,c6,5b,a1,
2b,49,5e,b8,38,1c,22,57,15,13,8d,59,21,fe,6a,0a,3d,7a,4a,ef,b9,cf,9a,24,d4,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:1f,a0,84,35,4c,77,de,c9,da,c9,ec,48,f5,b2,30,d3,aa,94,c6,5b,a1,
2b,49,5e,b8,38,1c,22,57,15,13,8d,59,21,fe,6a,0a,3d,7a,4a,ef,b9,cf,9a,24,d4,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-07 07:58:51
ComboFix-quarantined-files.txt 2010-03-07 12:58
ComboFix2.txt 2008-10-20 18:17

Pre-Run: 66,744,586,240 bytes free
Post-Run: 66,507,948,032 bytes free

- - End Of File - - 7771EA4DC9283C281E4CD4E8F056A7F4

Regards,
Fred

Edited by myrti, 07 March 2010 - 03:43 PM.
removed serial number

Hi,

there are still loads of things left:
Firsth please:

• click on Start
• select run
• enter cmd and hit enter
• a black window will open.
• please enter the following text into that window and hit enter:
  sc start cryptsvc
• Let me know what appears on the command line.

If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.

Then open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

regards myrti

Hi,

I did the combofix script in normal mode but was taking forever. Then started it in safe mode. Worked alot faster, but after it rebooted and I entered the password it is again in normal mode.

There is an Administrator: Find 3M box that says "Preparing Log Report. Do not run any programs until ComboFix has finished.

Nothing seems to be happening. The hard drive blinks. Is this Combofix or something else?

Regards,

Fred

Hi,

this is not good. Please abort the scan

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click the SystemLook and copy/paste the following into the box
  
  CODE
  :dir
  C:\qoobox /s
• Hit the Look button. Let it finish the scan
• A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

regards myrti

Hi,

Hi,

When I went to abort the scan, I checked the taskmanager and saw that svchost.exe was using too much cpu. I killed the process and the comfix scan completed. :-) Posted log below after your first previous request.

Also, should I still do this from previous post: Please download SystemLook from jpshortstuff and save it to your Desktop..........


C:\Users\Fred>sc start cryptsvc

SERVICE_NAME: cryptsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 2040
FLAGS :

C:\Users\Fred>



ComboFix 10-03-04.02 - Fred 03/07/2010 17:17:57.4.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3582.3074 [GMT -5:00]
Running from: c:\users\Fred\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Fred\Desktop\CFScript.txt
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::
"c:\windows\system32\drivers\0766384.sys"
"c:\windows\system32\DRIVERS\07663842.sys"
"c:\windows\system32\drivers\2582542.sys"
"c:\windows\system32\DRIVERS\25825421.sys"
"c:\windows\system32\DRIVERS\25825422.sys"
"c:\windows\system32\drivers\4183566.sys"
"c:\windows\system32\DRIVERS\41835661.sys"
"c:\windows\system32\DRIVERS\41835662.sys"
"c:\windows\system32\DRIVERS\61669201.sys"
"c:\windows\system32\DRIVERS\61669202.sys"
"c:\windows\system32\drivers\8571094.sys"
"c:\windows\system32\DRIVERS\85710941.sys"
"c:\windows\system32\drivers\8839699.sys"
"c:\windows\system32\DRIVERS\88396991.sys"
"c:\windows\system32\DRIVERS\88396992.sys"
"c:\windows\system32\drivers\rootbeer.sys"

file zipped: c:\windows\system32\DRIVERS\07663841.sys
file zipped: c:\windows\system32\drivers\6166920.sys
file zipped: c:\windows\system32\DRIVERS\85710942.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\0766384.sys
c:\windows\system32\DRIVERS\07663841.sys
c:\windows\system32\DRIVERS\07663842.sys
c:\windows\system32\drivers\2582542.sys
c:\windows\system32\DRIVERS\25825421.sys
c:\windows\system32\DRIVERS\25825422.sys
c:\windows\system32\drivers\4183566.sys
c:\windows\system32\DRIVERS\41835661.sys
c:\windows\system32\DRIVERS\41835662.sys
c:\windows\system32\drivers\6166920.sys
c:\windows\system32\DRIVERS\61669201.sys
c:\windows\system32\DRIVERS\61669202.sys
c:\windows\system32\drivers\8571094.sys
c:\windows\system32\DRIVERS\85710941.sys
c:\windows\system32\DRIVERS\85710942.sys
c:\windows\system32\drivers\8839699.sys
c:\windows\system32\DRIVERS\88396991.sys
c:\windows\system32\DRIVERS\88396992.sys

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_07663841
-------\Legacy_07663842
-------\Legacy_25825421
-------\Legacy_25825422
-------\Legacy_41835661
-------\Legacy_41835662
-------\Legacy_61669201
-------\Legacy_61669202
-------\Legacy_85710941
-------\Legacy_85710942
-------\Legacy_88396991
-------\Legacy_88396992
-------\Legacy_ROOTBEER
-------\Service_07663841
-------\Service_07663842
-------\Service_25825421
-------\Service_25825422
-------\Service_41835661
-------\Service_41835662
-------\Service_61669201
-------\Service_61669202
-------\Service_85710941
-------\Service_85710942
-------\Service_88396991
-------\Service_88396992
-------\Service_rootbeer
-------\Service_VundoFixSvc


((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-07 23:24 . 2010-03-08 00:06 -------- d-----w- c:\users\Fred\AppData\Local\temp
2010-03-07 23:24 . 2010-03-07 23:24 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-03-07 23:24 . 2010-03-07 23:24 -------- d-----w- c:\users\TEMP.Fred-PC\AppData\Local\temp
2010-03-07 23:24 . 2010-03-07 23:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-07 23:24 . 2010-03-07 23:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-07 23:24 . 2010-03-07 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-07 22:09 . 2010-03-07 22:09 -------- d-----w- C:\32788R22FWJFW
2010-03-07 08:55 . 2010-03-07 08:55 93056 ----a-w- C:\kwldypob.sys
2010-03-07 06:29 . 2010-03-07 06:34 -------- d-----w- c:\program files\Svchost Fix Wizard
2010-03-07 06:29 . 2009-04-16 19:13 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-03-07 06:29 . 2009-04-16 19:13 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-03-07 06:16 . 2010-03-07 06:16 -------- d-----w- c:\program files\RegCure
2010-03-07 06:16 . 2010-03-07 06:16 -------- d-----w- c:\programdata\RegCure
2010-03-06 02:19 . 2010-03-06 02:19 -------- d-----w- c:\program files\Sophos
2010-03-05 23:17 . 2010-03-07 03:30 -------- d-----w- c:\programdata\Kaspersky Lab
2010-03-05 18:33 . 2010-03-05 18:33 -------- d-----w- c:\program files\Trend Micro
2010-03-05 16:55 . 2010-03-05 16:55 -------- d-----w- c:\users\Fred\AppData\Roaming\SUPERAntiSpyware.com
2010-03-05 16:55 . 2010-03-05 16:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-04 23:31 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 23:31 . 2010-03-06 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-04 23:31 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 23:31 . 2010-03-03 23:31 -------- d-----w- c:\program files\ESET
2010-03-03 07:38 . 2010-03-03 07:38 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-03-01 20:02 . 2010-03-01 20:11 -------- d-----w- c:\users\Fred\AppData\Roaming\DiskSpaceFan
2010-03-01 20:02 . 2010-03-01 20:02 -------- d-----w- c:\program files\DiskSpaceFan
2010-02-19 23:47 . 2010-02-19 23:47 -------- d-----w- c:\users\Fred\AppData\Roaming\WTouch
2010-02-19 23:47 . 2009-11-23 20:53 245032 ----a-w- c:\windows\system32\Touch_Tablet.dll
2010-02-19 23:44 . 2010-02-19 23:47 -------- d-----w- c:\program files\WTouch
2010-02-19 23:44 . 2009-07-09 14:16 13480 ----a-w- c:\windows\system32\drivers\WacomVTHid.sys
2010-02-19 23:44 . 2010-02-19 23:44 -------- d-----w- c:\program files\TabletPlugins
2010-02-16 21:51 . 2010-02-16 21:51 -------- d-----w- c:\users\Fred\AppData\Roaming\McAfee
2010-02-15 03:50 . 2010-02-15 03:50 -------- d-----w- c:\program files\JRE
2010-02-15 02:59 . 2010-02-15 02:59 -------- d-----w- c:\users\Fred\AppData\Roaming\Registry Mechanic
2010-02-15 00:53 . 2010-02-15 00:53 -------- d-----w- c:\users\Fred\AppData\Roaming\OpenOffice.org
2010-02-14 17:56 . 2010-02-15 03:50 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-13 20:11 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2010-02-13 20:11 . 2010-02-13 20:11 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-10 22:59 . 2010-02-10 22:59 -------- d-----w- c:\programdata\ATI
2010-02-10 04:20 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 04:20 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 04:18 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 04:18 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 01:37 . 2010-02-18 19:03 -------- d-----w- c:\users\Fred\AppData\Roaming\Azureus
2010-02-10 01:35 . 2010-02-12 20:53 -------- d-----w- c:\program files\Vuze
2010-02-10 00:09 . 2010-02-10 00:09 -------- d-----w- c:\users\TEMP.Fred-PC\AppData\Roaming\TuneUp Software
2010-02-10 00:09 . 2010-02-10 00:09 -------- d-----w- c:\users\TEMP.Fred-PC\AppData\Roaming\IObit
2010-02-10 00:09 . 2010-02-10 00:09 -------- d-----w- c:\users\TEMP.Fred-PC\AppData\Roaming\WTablet
2010-02-07 19:48 . 2010-02-07 19:48 -------- d-----w- c:\users\Fred\AppData\Local\Microsoft_Research
2010-02-07 19:42 . 2010-02-07 19:42 -------- d-----w- c:\program files\Microsoft Research

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 23:45 . 2009-05-01 23:45 135680 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-02 20:44 325000 ------w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-14 03:19 527296 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboTask Lite"="c:\program files\RoboTask Lite\RoboTaskLite.exe" [2008-03-26 615424]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-19 160592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-03 198160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-01 1838592]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-14 600000]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-5-10 546816]
MOG-O-MATIC.lnk - c:\program files\MOG-O-MATIC\MogClient.exe [2007-11-11 677888]
Woopra.lnk - c:\program files\Woopra\Woopra.exe [2008-7-29 508416]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2007-3-29 34520]
Vista Caller-ID.lnk - c:\windows\Installer\{6101BE40-84B8-48F2-89BF-7FFBF641D600}\_45738C77BC790C3EB3601A.exe [2008-4-21 10134]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2007-3-29 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Eudora\EuShlExt.dll" [2005-11-14 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 19:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 18:21 2213160 ------w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-04-09 05:15 648504 ------w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-23 01:49 13539872 ------w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-23 01:49 92704 ------w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2009-10-14 20:42 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking9\Ereg.ini
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R1 SABKUTIL;SABKUTIL;c:\users\Fred\Desktop\SABKUTIL.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Fred\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Fred\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-12-04 946816]
R3 cpuz131;cpuz131;c:\users\Fred\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2008-05-21 34576]
R3 SASENUM;SASENUM;c:\users\Fred\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-16 11520]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]
R4 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R4 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
R4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
R4 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-05-14 715248]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 5188096]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 125440]
S3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-10 505984]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 19:37]

2010-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:08]

2010-03-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-11 11:07]

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 01:25]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 01:25]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-04 17:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\VERSION 2\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 18:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x864791F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8c3c0322
\Driver\ACPI -> acpi.sys @ 0x82f39d4c
\Driver\atapi -> 0x864781f8
IoDeviceObjectType -> SecurityProcedure -> 0x85c23b20
\Device\Harddisk0\DR0 -> SecurityProcedure -> 0x85c23b20
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1f,a0,84,35,4c,77,de,c9,da,c9,ec,48,f5,b2,30,d3,aa,94,c6,5b,a1,
2b,49,5e,b8,38,1c,22,57,15,13,8d,59,21,fe,6a,0a,3d,7a,4a,ef,b9,cf,9a,24,d4,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:1f,a0,84,35,4c,77,de,c9,da,c9,ec,48,f5,b2,30,d3,aa,94,c6,5b,a1,
2b,49,5e,b8,38,1c,22,57,15,13,8d,59,21,fe,6a,0a,3d,7a,4a,ef,b9,cf,9a,24,d4,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.EXE'(744)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\RoboTask Lite\idlehook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\taskmgr.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-03-07 20:00:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-08 00:59
ComboFix2.txt 2010-03-07 12:58
ComboFix3.txt 2008-10-20 18:17

Pre-Run: 67,245,518,848 bytes free
Post-Run: 66,993,762,304 bytes free

- - End Of File - - 424A29BC2981A50230FC97E9FB23C2C0
Upload was successful


Regards,

Fred

Hi again,

Posting SystemLook log:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:27 on 07/03/2010 by Fred (Administrator - Elevation successful)

========== dir ==========

C:\qoobox - Parameters: "/s"

---Files---
Add-Remove Programs.txt --a--- 10442 bytes [18:15 20/10/2008] [00:58 08/03/2010]
CFScript_used_2010-03-07_17.17.26.txt --a--- 1141 bytes [22:17 07/03/2010] [20:55 07/03/2010]
ComboFix-quarantined-files.txt --a--- 10038 bytes [12:58 07/03/2010] [00:59 08/03/2010]
ComboFix2.txt --a--- 54354 bytes [18:17 20/10/2008] [12:58 07/03/2010]
ComboFix3.txt --a--- 26653 bytes [18:17 20/10/2008] [18:17 20/10/2008]
image001.gif --a--- 1057 bytes [01:00 08/03/2010] [13:00 31/08/2000]
snapshot@2008-10-20_14.14.33.38_B.dat ------ 2001846 bytes [18:14 20/10/2008] [18:14 20/10/2008]
SnapShot@2010-03-07_11.39.57.dat --a--- 3508626 bytes [12:57 07/03/2010] [12:57 07/03/2010]

C:\qoobox\BackEnv d----- [02:45 05/03/2010]
appdata.folder.dat --a--- 230 bytes [02:46 05/03/2010] [02:46 05/03/2010]
cache.folder.dat --a--- 458 bytes [02:46 05/03/2010] [02:46 05/03/2010]
Cookies.folder.dat --a--- 119 bytes [02:46 05/03/2010] [02:46 05/03/2010]
desktop.folder.dat --a--- 164 bytes [02:46 05/03/2010] [02:46 05/03/2010]
favorites.folder.dat --a--- 202 bytes [02:46 05/03/2010] [02:46 05/03/2010]
localappdata.folder.dat --a--- 200 bytes [02:46 05/03/2010] [02:46 05/03/2010]
LocalSettings.folder.dat --a--- 200 bytes [02:46 05/03/2010] [02:46 05/03/2010]
mypictures.folder.dat --a--- 170 bytes [02:46 05/03/2010] [02:46 05/03/2010]
personal.folder.dat --a--- 176 bytes [02:46 05/03/2010] [02:46 05/03/2010]
Profiles.Folder.dat --a--- 230 bytes [02:46 05/03/2010] [02:45 05/03/2010]
Profiles.Folder.folder.dat --a--- 271 bytes [02:46 05/03/2010] [02:46 05/03/2010]
programs.folder.dat --a--- 633 bytes [02:46 05/03/2010] [02:46 05/03/2010]
SetPath.bat --a--- 4950 bytes [02:46 05/03/2010] [02:45 05/03/2010]
startmenu.folder.dat --a--- 433 bytes [02:46 05/03/2010] [02:46 05/03/2010]
startup.folder.dat --a--- 705 bytes [02:46 05/03/2010] [02:46 05/03/2010]
SysPath.dat --a--- 1121 bytes [02:46 05/03/2010] [02:45 05/03/2010]
templates.folder.dat --a--- 426 bytes [02:46 05/03/2010] [02:46 05/03/2010]

C:\qoobox\Quarantine d----- [17:20 20/10/2008]
catchme.log --a--- 433 bytes [17:32 20/10/2008] [22:17 07/03/2010]
[4]-Submit_2010-03-07_17.17.26.zip --a--- 274854 bytes [22:17 07/03/2010] [01:00 08/03/2010]

C:\qoobox\Quarantine\C d----- [17:23 20/10/2008]

C:\qoobox\Quarantine\C\ProgramData d----- [17:30 20/10/2008]

C:\qoobox\Quarantine\C\ProgramData\Microsoft d----- [17:30 20/10/2008]

C:\qoobox\Quarantine\C\ProgramData\Microsoft\Network d----- [17:30 20/10/2008]

C:\qoobox\Quarantine\C\ProgramData\Microsoft\Network\Downloader d----- [17:30 20/10/2008]
qmgr0.dat.vir --a--- 4194304 bytes [17:53 20/10/2008] [15:58 07/03/2010]
qmgr1.dat.vir --a--- 4194304 bytes [17:53 20/10/2008] [15:58 07/03/2010]

C:\qoobox\Quarantine\C\Users d----- [17:26 20/10/2008]

C:\qoobox\Quarantine\C\Users\Fred d----- [17:26 20/10/2008]

C:\qoobox\Quarantine\C\Users\Fred\AppData d----- [17:26 20/10/2008]

C:\qoobox\Quarantine\C\Users\Fred\AppData\Roaming d----- [17:26 20/10/2008]

C:\qoobox\Quarantine\C\Users\Fred\AppData\Roaming\Adobe d----- [17:26 20/10/2008]
crc.dat.vir ------ 54 bytes [15:33 20/10/2008] [15:34 20/10/2008]
Player.exe.bak.vir ------ 1 bytes [15:07 20/10/2008] [15:07 20/10/2008]

C:\qoobox\Quarantine\C\WINDOWS d----- [17:24 20/10/2008]
BMd92ee2f5.txt.vir ------ 17785 bytes [04:13 16/03/2008] [21:56 12/04/2008]
BMd92ee2f5.xml.vir ------ 101110 bytes [04:13 16/03/2008] [21:14 12/04/2008]
jestertb.dll.vir --a--- 20992 bytes [22:55 01/05/2009] [22:55 01/05/2009]
pskt.ini.vir ------ 22 bytes [04:13 16/03/2008] [20:38 12/04/2008]

C:\qoobox\Quarantine\C\WINDOWS\System32 d----- [17:29 20/10/2008]
tmp.reg.vir --a--- 6024 bytes [14:44 20/03/2008] [20:23 05/03/2010]
TWAIN_32.DLL.vir --a--- 77312 bytes [08:45 01/11/2007] [08:45 01/11/2007]
Ultra.dll.vir --a--- 0 bytes [14:16 19/09/2007] [14:16 19/09/2007]

C:\qoobox\Quarantine\C\WINDOWS\System32\drivers d----- [22:53 07/03/2010]
0766384.sys.vir --a--- 311312 bytes [00:40 06/03/2010] [03:31 10/10/2009]
07663841.sys.vir --a--- 128016 bytes [00:40 06/03/2010] [21:59 25/09/2009]
07663842.sys.vir --a--- 37392 bytes [00:40 06/03/2010] [17:54 22/10/2009]
2582542.sys.vir --a--- 311312 bytes [00:34 06/03/2010] [03:31 10/10/2009]
25825421.sys.vir --a--- 128016 bytes [00:34 06/03/2010] [21:59 25/09/2009]
25825422.sys.vir --a--- 37392 bytes [00:34 06/03/2010] [17:54 22/10/2009]
4183566.sys.vir --a--- 311312 bytes [00:16 06/03/2010] [03:31 10/10/2009]
41835661.sys.vir --a--- 128016 bytes [00:16 06/03/2010] [21:59 25/09/2009]
41835662.sys.vir --a--- 37392 bytes [00:16 06/03/2010] [17:54 22/10/2009]
6166920.sys.vir --a--- 311312 bytes [23:16 05/03/2010] [03:31 10/10/2009]
61669201.sys.vir --a--- 128016 bytes [23:16 05/03/2010] [21:59 25/09/2009]
61669202.sys.vir --a--- 37392 bytes [23:16 05/03/2010] [17:54 22/10/2009]
8571094.sys.vir --a--- 311312 bytes [23:18 05/03/2010] [03:31 10/10/2009]
85710941.sys.vir --a--- 128016 bytes [23:18 05/03/2010] [21:59 25/09/2009]
85710942.sys.vir --a--- 37392 bytes [23:18 05/03/2010] [17:54 22/10/2009]
8839699.sys.vir --a--- 311312 bytes [00:08 06/03/2010] [03:31 10/10/2009]
88396991.sys.vir --a--- 128016 bytes [00:08 06/03/2010] [21:59 25/09/2009]
88396992.sys.vir --a--- 37392 bytes [00:08 06/03/2010] [17:54 22/10/2009]

C:\qoobox\Quarantine\Registry_backups d----- [17:20 20/10/2008]
AddRemove-Active WebCam.reg.dat --a--- 532 bytes [12:58 07/03/2010] [12:58 07/03/2010]
AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat --a--- 720 bytes [12:58 07/03/2010] [12:58 07/03/2010]
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A}.reg.dat --a--- 1264 bytes [12:58 07/03/2010] [12:58 07/03/2010]
BHO-{b3ebbdf9-54bd-4f42-9dd5-4f9635e8320e}.reg.dat ------ 333 bytes [18:14 20/10/2008] [18:14 20/10/2008]
HKCU-Run-Player.reg.dat ------ 144 bytes [18:14 20/10/2008] [18:14 20/10/2008]
HKCU-Run-updateMgr.reg.dat ------ 189 bytes [18:14 20/10/2008] [18:14 20/10/2008]
HKCU-Run-VZVidgets.reg.dat ------ 95 bytes [18:14 20/10/2008] [18:14 20/10/2008]
HKCU-RunOnce-Application Restart #2.reg.dat ------ 448 bytes [18:14 20/10/2008] [18:14 20/10/2008]
HKLM-Run-RegistryMechanic.reg.dat ------ 103 bytes [18:14 20/10/2008] [18:14 20/10/2008]
Legacy_07663841.reg.dat --a--- 1044 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_07663842.reg.dat --a--- 1136 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_25825421.reg.dat --a--- 1044 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_25825422.reg.dat --a--- 1136 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_41835661.reg.dat --a--- 1044 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_41835662.reg.dat --a--- 1136 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_61669201.reg.dat --a--- 1044 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_61669202.reg.dat --a--- 1136 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_85710941.reg.dat --a--- 1044 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_85710942.reg.dat --a--- 1136 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_88396991.reg.dat --a--- 1044 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_88396992.reg.dat --a--- 1136 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Legacy_NPF.reg.dat ------ 1046 bytes [17:30 20/10/2008] [17:30 20/10/2008]
Legacy_ROOTBEER.reg.dat --a--- 1044 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_07663841.reg.dat --a--- 1212 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_07663842.reg.dat --a--- 1746 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_25825421.reg.dat --a--- 1212 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_25825422.reg.dat --a--- 1746 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_41835661.reg.dat --a--- 1212 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_41835662.reg.dat --a--- 1746 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_61669201.reg.dat --a--- 1212 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_61669202.reg.dat --a--- 1746 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_85710941.reg.dat --a--- 1212 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_85710942.reg.dat --a--- 1746 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_88396991.reg.dat --a--- 1212 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_88396992.reg.dat --a--- 1746 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_NPF.reg.dat ------ 1176 bytes [17:30 20/10/2008] [17:30 20/10/2008]
Service_rootbeer.reg.dat --a--- 820 bytes [22:37 07/03/2010] [22:37 07/03/2010]
Service_VundoFixSvc.reg.dat --a--- 736 bytes [22:37 07/03/2010] [22:37 07/03/2010]
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}.reg.dat --a--- 366 bytes [12:57 07/03/2010] [12:57 07/03/2010]
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}.reg.dat --a--- 366 bytes [12:57 07/03/2010] [12:57 07/03/2010]
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}.reg.dat --a--- 366 bytes [12:57 07/03/2010] [12:57 07/03/2010]
tcpip.reg --a--- 5410 bytes [17:29 20/10/2008] [22:36 07/03/2010]
Toolbar-Locked.reg.dat --a--- 173 bytes [12:57 07/03/2010] [12:57 07/03/2010]

-=End Of File=-

Regards,

Fred

Hi,

this is looking good, how is the pc doing?

regards myrti

Hi,

Nothing much different. PC only functional in safe mode. In normal mode, svchost.exe uses most of cpu almost all of the time.

Don't the logs show suspicious items?

When I said before that the combofix scan completed when I killed the svchost.exe process I should mention that it started again right away.

What about the results of: sc start cryptsvc

and combofix with CFscript.txt?

Also to get any functionality I have all non-microsoft services turned off, plus a few others.

Regards,

Fred

Hi,

could you please run tdsskiller:

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Let me know if that improces anything. Please also post a fresh OTL log.

regards myrti

Hi,

17:10:54:543 4068 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
17:10:54:543 4068 ================================================================================
17:10:54:543 4068 SystemInfo:

17:10:54:543 4068 OS Version: 6.0.6001 ServicePack: 1.0
17:10:54:543 4068 Product type: Workstation
17:10:54:543 4068 ComputerName: FRED-PC
17:10:54:543 4068 UserName: Fred
17:10:54:543 4068 Windows directory: C:\Windows
17:10:54:543 4068 Processor architecture: Intel x86
17:10:54:543 4068 Number of processors: 1
17:10:54:543 4068 Page size: 0x1000
17:10:54:543 4068 Boot type: Normal boot
17:10:54:543 4068 ================================================================================
17:10:54:543 4068 UnloadDriverW: NtUnloadDriver error 2
17:10:54:543 4068 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
17:10:54:699 4068 Initialize success
17:10:54:699 4068
17:10:54:699 4068 Scanning Services ...
17:10:54:699 4068 wfopen_ex: Trying to open file C:\Windows\system32\config\system
17:10:54:699 4068 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:10:54:699 4068 wfopen_ex: Trying to KLMD file open
17:10:54:699 4068 wfopen_ex: File opened ok (Flags 2)
17:10:54:746 4068 wfopen_ex: Trying to open file C:\Windows\system32\config\software
17:10:54:870 4068 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
17:10:54:870 4068 wfopen_ex: Trying to KLMD file open
17:10:54:870 4068 wfopen_ex: File opened ok (Flags 2)
17:11:04:168 4068 GetAdvancedServicesInfo: Raw services enum returned 501 services
17:11:04:184 4068 fclose_ex: Trying to close file C:\Windows\system32\config\system
17:11:04:184 4068 fclose_ex: Trying to close file C:\Windows\system32\config\software
17:11:04:184 4068
17:11:04:184 4068 Scanning Kernel memory ...
17:11:04:184 4068 Devices to scan: 9
17:11:04:184 4068
17:11:04:184 4068 Driver Name: USBSTOR
17:11:04:184 4068 IRP_MJ_CREATE : 883AE500
17:11:04:184 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:184 4068 IRP_MJ_CLOSE : 883AE500
17:11:04:184 4068 IRP_MJ_READ : 883AE500
17:11:04:184 4068 IRP_MJ_WRITE : 883AE500
17:11:04:184 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:184 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:184 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:184 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:184 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:184 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:184 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:184 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:184 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:184 4068 IRP_MJ_DEVICE_CONTROL : 883AE500
17:11:04:184 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 883AE500
17:11:04:184 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:184 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:184 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:184 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:184 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:184 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:184 4068 IRP_MJ_POWER : 883AE500
17:11:04:184 4068 IRP_MJ_SYSTEM_CONTROL : 883AE500
17:11:04:184 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:184 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:184 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:230 4068 siohd: 0
17:11:04:230 4068 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
17:11:04:230 4068
17:11:04:230 4068 Driver Name: USBSTOR
17:11:04:230 4068 IRP_MJ_CREATE : 883AE500
17:11:04:230 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:230 4068 IRP_MJ_CLOSE : 883AE500
17:11:04:230 4068 IRP_MJ_READ : 883AE500
17:11:04:246 4068 IRP_MJ_WRITE : 883AE500
17:11:04:246 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:246 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:246 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:246 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:246 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:246 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:246 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:246 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:246 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:246 4068 IRP_MJ_DEVICE_CONTROL : 883AE500
17:11:04:246 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 883AE500
17:11:04:246 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:246 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:246 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:246 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:246 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:246 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:246 4068 IRP_MJ_POWER : 883AE500
17:11:04:246 4068 IRP_MJ_SYSTEM_CONTROL : 883AE500
17:11:04:246 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:246 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:246 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:246 4068 siohd: 0
17:11:04:308 4068 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
17:11:04:308 4068
17:11:04:308 4068 Driver Name: USBSTOR
17:11:04:308 4068 IRP_MJ_CREATE : 883AE500
17:11:04:308 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:308 4068 IRP_MJ_CLOSE : 883AE500
17:11:04:308 4068 IRP_MJ_READ : 883AE500
17:11:04:308 4068 IRP_MJ_WRITE : 883AE500
17:11:04:308 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:308 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:308 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:308 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:308 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:308 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:308 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:308 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:308 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:308 4068 IRP_MJ_DEVICE_CONTROL : 883AE500
17:11:04:308 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 883AE500
17:11:04:308 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:308 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:308 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:308 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:308 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:308 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:308 4068 IRP_MJ_POWER : 883AE500
17:11:04:308 4068 IRP_MJ_SYSTEM_CONTROL : 883AE500
17:11:04:308 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:308 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:308 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:308 4068 siohd: 0
17:11:04:371 4068 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
17:11:04:371 4068
17:11:04:371 4068 Driver Name: USBSTOR
17:11:04:371 4068 IRP_MJ_CREATE : 883AE500
17:11:04:371 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:371 4068 IRP_MJ_CLOSE : 883AE500
17:11:04:371 4068 IRP_MJ_READ : 883AE500
17:11:04:371 4068 IRP_MJ_WRITE : 883AE500
17:11:04:371 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:371 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:371 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:371 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:371 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:371 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:371 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:371 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:371 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:371 4068 IRP_MJ_DEVICE_CONTROL : 883AE500
17:11:04:371 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 883AE500
17:11:04:371 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:371 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:371 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:371 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:371 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:371 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:371 4068 IRP_MJ_POWER : 883AE500
17:11:04:371 4068 IRP_MJ_SYSTEM_CONTROL : 883AE500
17:11:04:371 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:371 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:371 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:371 4068 siohd: 0
17:11:04:418 4068 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
17:11:04:418 4068
17:11:04:418 4068 Driver Name: USBSTOR
17:11:04:418 4068 IRP_MJ_CREATE : 883AE500
17:11:04:418 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:418 4068 IRP_MJ_CLOSE : 883AE500
17:11:04:418 4068 IRP_MJ_READ : 883AE500
17:11:04:418 4068 IRP_MJ_WRITE : 883AE500
17:11:04:418 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:418 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:418 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:418 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:418 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:418 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:418 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:418 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:418 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:418 4068 IRP_MJ_DEVICE_CONTROL : 883AE500
17:11:04:418 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 883AE500
17:11:04:418 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:418 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:418 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:418 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:418 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:418 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:418 4068 IRP_MJ_POWER : 883AE500
17:11:04:418 4068 IRP_MJ_SYSTEM_CONTROL : 883AE500
17:11:04:418 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:418 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:418 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:418 4068 siohd: 0
17:11:04:449 4068 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
17:11:04:449 4068
17:11:04:449 4068 Driver Name: USBSTOR
17:11:04:449 4068 IRP_MJ_CREATE : 883AE500
17:11:04:449 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:449 4068 IRP_MJ_CLOSE : 883AE500
17:11:04:449 4068 IRP_MJ_READ : 883AE500
17:11:04:449 4068 IRP_MJ_WRITE : 883AE500
17:11:04:449 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:449 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:449 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:449 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:449 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:449 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:449 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:449 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:449 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:449 4068 IRP_MJ_DEVICE_CONTROL : 883AE500
17:11:04:449 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 883AE500
17:11:04:449 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:449 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:449 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:449 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:449 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:449 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:449 4068 IRP_MJ_POWER : 883AE500
17:11:04:449 4068 IRP_MJ_SYSTEM_CONTROL : 883AE500
17:11:04:449 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:449 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:449 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:449 4068 siohd: 0
17:11:04:511 4068 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
17:11:04:511 4068
17:11:04:511 4068 Driver Name: USBSTOR
17:11:04:511 4068 IRP_MJ_CREATE : 883AE500
17:11:04:511 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:511 4068 IRP_MJ_CLOSE : 883AE500
17:11:04:511 4068 IRP_MJ_READ : 883AE500
17:11:04:511 4068 IRP_MJ_WRITE : 883AE500
17:11:04:511 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:511 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:511 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:511 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:511 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:511 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:511 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:511 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:511 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:511 4068 IRP_MJ_DEVICE_CONTROL : 883AE500
17:11:04:511 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 883AE500
17:11:04:511 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:511 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:511 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:511 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:511 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:511 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:511 4068 IRP_MJ_POWER : 883AE500
17:11:04:511 4068 IRP_MJ_SYSTEM_CONTROL : 883AE500
17:11:04:511 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:511 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:511 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:511 4068 siohd: 0
17:11:04:574 4068 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
17:11:04:574 4068
17:11:04:574 4068 Driver Name: nvstor32
17:11:04:574 4068 IRP_MJ_CREATE : 864791F8
17:11:04:574 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:574 4068 IRP_MJ_CLOSE : 864791F8
17:11:04:574 4068 IRP_MJ_READ : 8282F013
17:11:04:574 4068 IRP_MJ_WRITE : 8282F013
17:11:04:574 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:574 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:574 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:574 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:574 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:574 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:574 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:574 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:574 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:574 4068 IRP_MJ_DEVICE_CONTROL : 864791F8
17:11:04:574 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 864791F8
17:11:04:574 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:574 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:574 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:574 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:574 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:574 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:574 4068 IRP_MJ_POWER : 864791F8
17:11:04:574 4068 IRP_MJ_SYSTEM_CONTROL : 864791F8
17:11:04:574 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:574 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:574 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:620 4068 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
17:11:04:620 4068 sion
17:11:04:730 4068 C:\Windows\system32\DRIVERS\nvstor32.sys - Verdict: Clean
17:11:04:730 4068
17:11:04:730 4068 Driver Name: nvstor32
17:11:04:730 4068 IRP_MJ_CREATE : 864791F8
17:11:04:730 4068 IRP_MJ_CREATE_NAMED_PIPE : 8282F013
17:11:04:730 4068 IRP_MJ_CLOSE : 864791F8
17:11:04:730 4068 IRP_MJ_READ : 8282F013
17:11:04:730 4068 IRP_MJ_WRITE : 8282F013
17:11:04:730 4068 IRP_MJ_QUERY_INFORMATION : 8282F013
17:11:04:730 4068 IRP_MJ_SET_INFORMATION : 8282F013
17:11:04:730 4068 IRP_MJ_QUERY_EA : 8282F013
17:11:04:730 4068 IRP_MJ_SET_EA : 8282F013
17:11:04:730 4068 IRP_MJ_FLUSH_BUFFERS : 8282F013
17:11:04:730 4068 IRP_MJ_QUERY_VOLUME_INFORMATION : 8282F013
17:11:04:730 4068 IRP_MJ_SET_VOLUME_INFORMATION : 8282F013
17:11:04:730 4068 IRP_MJ_DIRECTORY_CONTROL : 8282F013
17:11:04:730 4068 IRP_MJ_FILE_SYSTEM_CONTROL : 8282F013
17:11:04:730 4068 IRP_MJ_DEVICE_CONTROL : 864791F8
17:11:04:730 4068 IRP_MJ_INTERNAL_DEVICE_CONTROL : 864791F8
17:11:04:730 4068 IRP_MJ_SHUTDOWN : 8282F013
17:11:04:730 4068 IRP_MJ_LOCK_CONTROL : 8282F013
17:11:04:730 4068 IRP_MJ_CLEANUP : 8282F013
17:11:04:730 4068 IRP_MJ_CREATE_MAILSLOT : 8282F013
17:11:04:730 4068 IRP_MJ_QUERY_SECURITY : 8282F013
17:11:04:730 4068 IRP_MJ_SET_SECURITY : 8282F013
17:11:04:730 4068 IRP_MJ_POWER : 864791F8
17:11:04:730 4068 IRP_MJ_SYSTEM_CONTROL : 864791F8
17:11:04:730 4068 IRP_MJ_DEVICE_CHANGE : 8282F013
17:11:04:730 4068 IRP_MJ_QUERY_QUOTA : 8282F013
17:11:04:730 4068 IRP_MJ_SET_QUOTA : 8282F013
17:11:04:776 4068 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
17:11:04:776 4068 sion
17:11:04:792 4068 C:\Windows\system32\DRIVERS\nvstor32.sys - Verdict: Clean
17:11:04:792 4068
17:11:04:792 4068 Completed
17:11:04:792 4068
17:11:04:792 4068 Results:
17:11:04:792 4068 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
17:11:04:792 4068 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:11:04:792 4068 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:11:04:792 4068
17:11:04:792 4068 KLMD(ARK) unloaded successfully


No improvement. Very difficult to do much in normal mode.

Same as before:
OTL will not run, either in normal or safe mode. renamed to rightarrow.exe. It
just hangs on get drive names.

Regards,

Fred

Hi,

the CFScript removed a lot of illegit services. Have you noted any difference?
The search with systemlook was only meant as an alternative when ComboFix wouldn't finish, so that i could see what was quarantined.
cryptsvc is a windows service, it is needed to run signature checks on Windows files. ComboFix was reporting all files as corrupted, since cryptsvc wasn't running. I started it so the checks could be run. It should be disabled after a reboot.

The situation on your PC is unchanged?

Please provide a new log from OTL.
regards myrti