Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups and redirection to different websites


  • This topic is locked This topic is locked
13 replies to this topic

#1 dm3635

dm3635

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 28 May 2010 - 01:04 PM

For the past few weeks I have been having problems whenever using IE8. Sometimes new windows pop up with a message box and the only way to close the window without clicking on the box is to open task manager and kill the process. More frequently, I am redirected to different websites like vip1127.com, infodigs.com, catalyst.com, etc. Redirection seems to occur most frequently after clicking on a link in a search engine like google or bing. Another popular site for redirection is wikipedia.org. It is impossible to go to wikipedia without repeated attempts.







DDS (Ver_10-03-17.01) - NTFSx86

Run by DLM at 9:47:59.17 on Fri 05/28/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1418 [GMT -4:00]



AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}



============== Running Processes ===============



C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

D:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

D:\Program Files\Microsoft IntelliType Pro\type32.exe

D:\Program Files\Microsoft IntelliPoint\point32.exe

svchost.exe

D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

D:\Program Files\HP\hpcoretech\hpcmpmgr.exe

D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\WINDOWS\system32\hphmon05.exe

D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

D:\Program Files\TVR\RecSche.exe

D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

D:\Program Files\Palm\HotSync.exe

D:\Program Files\Nikon\PictureProject\NkbMonitor.exe

D:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lvhidsvc.exe

D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

D:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\HPZipm12.exe

D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\wuauclt.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\DLM\Desktop\dds.scr



============== Pseudo HJT Report ===============



uStart Page = hxxp://news.google.com/nwshp?ie=UTF-8&hl=en&tab=wn

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {00000000-0000-0000-0000-000000000000} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [cdloader] "c:\documents and settings\dlm\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "d:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [type32] "d:\program files\microsoft intellitype pro\type32.exe"

mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\point32.exe"

mRun: [ATIPTA] d:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [ATICCC] "d:\program files\ati technologies\ati.ace\cli.exe" runtime

mRun: [HPHUPD05] d:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe

mRun: [HP Component Manager] "d:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [HP Software Update] "d:\program files\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HPHmon05] c:\windows\system32\hphmon05.exe

mRun: [AdobeCS4ServiceManager] "d:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] d:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Adobe Acrobat Speed Launcher] "d:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [NeroFilterCheck] d:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [RecSche] "d:\program files\tvr\RecSche.exe"

dRun: [ATICCC] "d:\program files\ati technologies\ati.ace\cli.exe" runtime

StartupFolder: c:\docume~1\dlm\startm~1\programs\startup\trillian.lnk - d:\program files\trillian\trillian.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - d:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - d:\program files\ati technologies\ati.ace\CLI.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - d:\program files\palm\HotSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - d:\program files\nikon\pictureproject\NkbMonitor.exe

IE: Append Link Target to Existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - d:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: magicjack.com\my

Trusted Zone: talk4free.com\reg

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230429812748

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab

TCP: {FBEA947D-8098-4CFD-BE3D-5CF802005207} = 67.90.152.122,67.107.71.186

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - d:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\windows\system32\acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL



================= FIREFOX ===================



FF - ProfilePath - c:\docume~1\dlm\applic~1\mozilla\firefox\profiles\deu4e6dm.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}



---- FIREFOX POLICIES ----

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);



============= SERVICES / DRIVERS ===============



R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [1979-12-31 116264]

R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [1979-12-31 19240]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-12-30 162768]

R1 enport;enport;c:\windows\system32\drivers\enport.sys [2010-5-26 4992]

R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-24 13400]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-30 19024]

R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-4-15 40384]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-24 69720]

R2 SBPIMSvc;SB Recovery Service;d:\program files\sunbelt software\counterspy\SBPIMSvc.exe [2010-4-19 181584]

R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-4-15 40384]

R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-4-15 40384]

S2 SBAMSvc;CounterSpy Antispyware;d:\program files\sunbelt software\counterspy\SBAMSvc.exe [2010-4-19 2726000]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-20 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-20 8456]

S3 max128k;max128k;c:\windows\system32\drivers\max128k.sys [2009-1-12 3840]

S3 OracleDBConsoledlm;OracleDBConsoledlm;g:\ora\dlm\orahome_1\bin\nmesrvc.exe [2010-1-20 25600]

S3 OracleHome1TNSListener;OracleHome1TNSListener;g:\ora\dlm\orahome_1\bin\tnslsnr --> g:\ora\dlm\orahome_1\bin\TNSLSNR [?]

S3 OracleServiceDLM;OracleServiceDLM;g:\ora\dlm\orahome_1\bin\oracle.exe dlm --> g:\ora\dlm\orahome_1\bin\ORACLE.EXE DLM [?]

S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [2008-12-29 19968]

S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-12-30 160640]

S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-12-30 5248]

S4 gupdate1c9b38f5390e10e;Google Update Service (gupdate1c9b38f5390e10e);d:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104]

S4 OracleJobSchedulerDLM;OracleJobSchedulerDLM;g:\ora\dlm\orahome_1\bin\extjob.exe dlm --> g:\ora\dlm\orahome_1\bin\extjob.exe DLM [?]



============== File Associations ===============



vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*



=============== Created Last 30 ================



2010-05-28 13:15:35 54 ----a-w- c:\documents and settings\dlm\defogger_reenable

2010-05-27 00:39:20 0 d-sh--w- C:\$RECYCLE.BIN

2010-05-26 14:34:25 92160 ----a-w- c:\windows\system32\enhkey.dll

2010-05-26 14:34:25 8192 ----a-w- c:\windows\system32\gsimrxnp.dll

2010-05-26 14:34:25 4992 ----a-w- c:\windows\system32\drivers\enport.sys

2010-05-26 14:34:25 293888 ----a-w- c:\windows\system32\drivers\gsimrx.sys

2010-05-26 14:34:25 0 d-----w- d:\program files\EnCase4

2010-05-25 21:15:02 141615 ----a-w- C:\MGlogs.zip

2010-05-25 21:14:56 0 d-----w- C:\MGtools

2010-05-25 20:21:24 0 d-sha-r- C:\cmdcons

2010-05-25 20:05:42 77312 ----a-w- c:\windows\MBR.exe

2010-05-25 20:05:41 98816 ----a-w- c:\windows\sed.exe

2010-05-25 20:05:41 256512 ----a-w- c:\windows\PEV.exe

2010-05-25 20:05:41 161792 ----a-w- c:\windows\SWREG.exe

2010-05-25 17:46:36 2391871 ----a-w- C:\MGtools.exe

2010-05-25 13:45:35 0 d-----w- c:\docume~1\dlm\applic~1\SUPERAntiSpyware.com

2010-05-25 13:45:35 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-05-25 13:45:28 0 d-----w- d:\program files\SUPERAntiSpyware

2010-05-24 21:55:27 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2010-05-24 21:55:27 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2010-05-24 21:45:35 0 d-----w- c:\docume~1\dlm\applic~1\Sunbelt

2010-05-24 21:45:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt

2010-05-24 21:45:26 0 d-----w- d:\program files\Sunbelt Software

2010-05-24 15:42:36 0 d-----w- d:\program files\Nero

2010-05-24 15:42:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero

2010-05-20 19:36:59 0 d-----w- d:\program files\DNA

2010-05-20 15:31:30 118824 ----a-w- c:\windows\system32\SilSupp.dll

2010-05-20 13:04:34 2128 ---ha-w- c:\windows\EPMBatch.ept

2010-05-20 12:45:59 86408 ----a-w- c:\windows\system32\setupempdrv03.exe

2010-05-20 12:45:59 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys

2010-05-20 12:45:59 1718912 ----a-w- c:\windows\system32\BootMan.exe

2010-05-20 12:45:59 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll

2010-05-20 12:45:59 13192 ----a-w- c:\windows\system32\epmntdrv.sys

2010-05-20 12:45:53 0 d-----w- d:\program files\EASEUS

2010-05-19 01:19:53 0 d-----w- c:\windows\Performance

2010-05-19 01:18:19 0 d-----w- d:\program files\Microsoft Windows 7 Upgrade Advisor

2010-05-19 00:45:59 0 d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP

2010-05-18 21:26:30 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-05-18 21:26:17 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-05-18 21:26:17 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-05-18 21:26:15 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-05-18 18:54:43 0 d-----w- d:\program files\Enigma Software Group

2010-05-18 18:54:08 0 d-----w- d:\program files\common files\Wise Installation Wizard

2010-05-18 12:28:44 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-17 21:38:52 0 d-----w- c:\docume~1\dlm\applic~1\Malwarebytes

2010-05-17 21:38:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-17 21:38:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-17 21:38:43 0 d-----w- d:\program files\Malwarebytes' Anti-Malware

2010-05-17 21:38:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-05-17 20:39:02 0 d-----w- d:\program files\BHODemon 2

2010-05-17 20:23:57 0 d-----w- d:\program files\MagicISO

2010-05-17 17:25:26 0 d-----w- c:\windows\system32\wbem\Repository

2010-05-16 21:00:15 0 d-----w- d:\program files\Microsoft

2010-05-16 21:00:08 0 d-----w- d:\program files\MSN Toolbar

2010-05-16 20:58:50 0 d-----w- d:\program files\MSN Toolbar Installer

2010-05-16 16:37:35 0 d-----w- d:\program files\Microsoft Reader

2010-05-12 20:27:32 0 d-----w- d:\program files\TV-Browser

2010-05-10 18:17:53 45392 ----a-r- c:\windows\system32\AdobePDF.dll

2010-05-10 18:17:53 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-05-10 17:38:54 14356 ----a-w- c:\windows\system32\nmesrvc_core_2010_5_10_13_38_54.dmp



==================== Find3M ====================



2010-05-26 14:34:25 49024 ----a-w- c:\windows\inf\gsiata.sys

2010-05-09 16:13:13 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT

2010-05-09 16:13:13 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT

2010-04-19 17:48:04 27984 ----a-w- c:\windows\system32\sbbd.exe

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

1999-06-11 14:42:26 27952 ----a-w- d:\program files\Readme.txt



============= FINISH: 9:49:13.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:59 PM

Posted 29 May 2010 - 11:17 PM

Hello, dm3635.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 dm3635

dm3635
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 30 May 2010 - 07:10 AM

Thank you aommaster for your assistance. I apologize if this post appears twice... my computer hangs when I try to make an update to this post so I am uploading from a linux laptop. Attached are the requested files.

Logfile of random's system information tool 1.07 (written by random/random)
Run by DLM at 2010-05-30 07:40:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (26%) free of 26 GB
Total RAM: 2047 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:40:19 AM, on 5/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\hphmon05.exe
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Program Files\TVR\RecSche.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\Palm\HotSync.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lvhidsvc.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\QuoteTracker\stocks.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DLM\Desktop\RSIT.exe
D:\Program Files\trend micro\DLM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?ie=UTF-8&hl=en&tab=wn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD05] D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RecSche] "d:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\DLM\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O4 - Startup: Trillian.lnk = D:\Program Files\Trillian\trillian.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HotSync Manager.lnk = D:\Program Files\Palm\HotSync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_20.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre6\bin\npjpi160_20.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.intuit.com
O15 - Trusted Zone: my.magicjack.com
O15 - Trusted Zone: reg.talk4free.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-...vex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230429812748
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/acti...veX_Control.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBEA947D-8098-4CFD-BE3D-5CF802005207}: NameServer = 67.90.152.122,67.107.71.186
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OracleDBConsoledlm - Oracle Corporation - G:\ora\DLM\OraHome_1\bin\nmesrvc.exe
O23 - Service: OracleHome1TNSListener - Unknown owner - G:\ora\DLM\OraHome_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDLM - Oracle Corporation - g:\ora\dlm\orahome_1\bin\ORACLE.EXE
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - D:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe

--
End of file - 11034 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY35E134937I.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{611F51C1-05A8-4C8E-849E-697F640C199D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-01 279664]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"type32"=D:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"IntelliPoint"=D:\Program Files\Microsoft IntelliPoint\point32.exe [2003-05-15 163840]
"ATIPTA"=D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-29 344064]
"ATICCC"=D:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2004-09-29 28672]
"HPHUPD05"=D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-05-22 49152]
"HP Component Manager"=D:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-04-08 212992]
"HP Software Update"=D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2003-05-22 483328]
"AdobeCS4ServiceManager"=D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"avast5"=D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]
"Adobe Acrobat Speed Launcher"=D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"NeroFilterCheck"=D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"RecSche"=d:\Program Files\TVR\RecSche.exe [2004-05-10 454656]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"=C:\Documents and Settings\DLM\Application Data\mjusbsp\cdloader2.exe [2010-02-26 50520]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-28 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-05-07 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]
D:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2010-04-19 1291600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-28 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2009.lnk]
C:\WINDOWS\INSTAL~1\{C4609~1\SHORTC~2.EXE [2009-04-06 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DLM^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
D:\PROGRA~1\BHODEM~1\BHODemon.exe [2005-06-19 946176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
APC UPS Status.lnk - D:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
ATI CATALYST System Tray.lnk - D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
HotSync Manager.lnk - D:\Program Files\Palm\HotSync.exe
NkbMonitor.exe.lnk - D:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Documents and Settings\DLM\Start Menu\Programs\Startup
Trillian.lnk - D:\Program Files\Trillian\trillian.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-09-28 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBPIMSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary"
"G:\ora\DLM\OraHome_1\jdk\jre\bin\java.exe"="G:\ora\DLM\OraHome_1\jdk\jre\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"D:\Program Files\Java\jre6\bin\javaw.exe"="D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"D:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="D:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Program Files\EnCase4\encase.exe"="D:\Program Files\EnCase4\encase.exe:*:Disabled:EnCase"
"C:\Documents and Settings\DLM\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\DLM\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="D:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d51c81ae-d768-11dd-b2ad-0013d45b0a0a}]
shell\AutoRun\command - N:\MyPasswords.exe
shell\open\command - N:\MyPasswords.exe


======List of files/folders created in the last 2 months======

2010-05-30 07:40:11 ----D---- D:\Program Files\trend micro
2010-05-30 07:40:11 ----D---- C:\rsit
2010-05-27 13:29:31 ----A---- C:\RootRepeal report 05-27-10 (13-29-31).txt
2010-05-27 12:46:41 ----D---- C:\WINDOWS\Minidump
2010-05-26 20:39:20 ----SHD---- C:\$RECYCLE.BIN
2010-05-26 10:34:25 ----A---- C:\WINDOWS\system32\gsimrxnp.dll
2010-05-26 10:34:25 ----A---- C:\WINDOWS\system32\enhkey.dll
2010-05-26 06:58:54 ----SHD---- C:\RECYCLER
2010-05-25 17:14:56 ----D---- C:\MGtools
2010-05-25 16:35:06 ----A---- C:\ComboFix.txt
2010-05-25 16:21:24 ----RASHD---- C:\cmdcons
2010-05-25 16:05:42 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-25 16:05:42 ----A---- C:\WINDOWS\MBR.exe
2010-05-25 16:05:41 ----A---- C:\WINDOWS\zip.exe
2010-05-25 16:05:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-25 16:05:41 ----A---- C:\WINDOWS\SWSC.exe
2010-05-25 16:05:41 ----A---- C:\WINDOWS\SWREG.exe
2010-05-25 16:05:41 ----A---- C:\WINDOWS\sed.exe
2010-05-25 16:05:41 ----A---- C:\WINDOWS\PEV.exe
2010-05-25 16:05:41 ----A---- C:\WINDOWS\grep.exe
2010-05-25 16:05:15 ----D---- C:\WINDOWS\ERDNT
2010-05-25 16:00:33 ----D---- C:\Qoobox
2010-05-25 13:46:36 ----A---- C:\MGtools.exe
2010-05-25 09:45:35 ----D---- C:\Documents and Settings\DLM\Application Data\SUPERAntiSpyware.com
2010-05-25 09:45:35 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-25 09:45:28 ----D---- D:\Program Files\SUPERAntiSpyware
2010-05-24 17:45:35 ----D---- C:\Documents and Settings\DLM\Application Data\Sunbelt
2010-05-24 17:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2010-05-24 17:45:26 ----D---- D:\Program Files\Sunbelt Software
2010-05-24 15:59:36 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-24 11:44:56 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2010-05-24 11:42:36 ----D---- D:\Program Files\Nero
2010-05-24 11:42:36 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2010-05-21 12:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-05-21 11:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-05-21 11:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-05-21 11:58:20 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-05-21 11:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-05-21 11:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-05-21 11:58:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-05-21 11:58:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-05-21 11:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-05-21 11:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-05-21 11:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-05-21 11:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-05-21 11:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-05-21 11:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-05-21 11:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-05-21 11:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-05-21 11:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-05-21 11:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-05-21 11:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-05-21 11:56:16 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-05-21 11:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-21 11:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-21 11:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-05-21 11:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-05-21 11:55:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-05-20 15:36:59 ----D---- D:\Program Files\DNA
2010-05-20 11:31:30 ----A---- C:\WINDOWS\system32\SilSupp.dll
2010-05-20 08:45:59 ----A---- C:\WINDOWS\system32\setupempdrv03.exe
2010-05-20 08:45:59 ----A---- C:\WINDOWS\system32\EuEpmGdi.dll
2010-05-20 08:45:59 ----A---- C:\WINDOWS\system32\BootMan.exe
2010-05-20 08:45:53 ----D---- D:\Program Files\EASEUS
2010-05-18 21:19:53 ----D---- C:\WINDOWS\Performance
2010-05-18 21:18:19 ----D---- D:\Program Files\Microsoft Windows 7 Upgrade Advisor
2010-05-18 20:45:59 ----D---- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-18 20:45:36 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-05-18 14:54:43 ----D---- D:\Program Files\Enigma Software Group
2010-05-18 14:54:08 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2010-05-18 08:28:44 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-18 08:28:44 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-18 08:28:44 ----A---- C:\WINDOWS\system32\java.exe
2010-05-18 08:28:44 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-17 20:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-05-17 20:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-05-17 20:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-05-17 20:46:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-05-17 20:46:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-05-17 20:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-05-17 20:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-05-17 20:46:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-05-17 20:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-05-17 20:46:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-05-17 20:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-05-17 20:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-05-17 20:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-05-17 20:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-05-17 20:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-05-17 20:44:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-05-17 20:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-05-17 20:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-05-17 20:43:36 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-05-17 17:38:52 ----D---- C:\Documents and Settings\DLM\Application Data\Malwarebytes
2010-05-17 17:38:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2010-05-17 17:38:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-17 16:39:02 ----D---- D:\Program Files\BHODemon 2
2010-05-17 16:23:57 ----D---- D:\Program Files\MagicISO
2010-05-16 17:00:15 ----D---- D:\Program Files\Microsoft
2010-05-16 17:00:08 ----D---- D:\Program Files\MSN Toolbar
2010-05-16 16:59:42 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-05-16 16:59:41 ----D---- D:\Program Files\Common Files\Java
2010-05-16 16:58:50 ----D---- D:\Program Files\MSN Toolbar Installer
2010-05-16 12:37:35 ----D---- D:\Program Files\Microsoft Reader
2010-05-12 16:27:32 ----D---- D:\Program Files\TV-Browser
2010-05-10 14:17:53 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2010-05-10 14:17:53 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2010-04-19 13:48:04 ----A---- C:\WINDOWS\system32\sbbd.exe
2010-04-15 10:09:17 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software

======List of files/folders modified in the last 2 months======

2010-05-30 07:39:54 ----D---- D:\Program Files\QuoteTracker
2010-05-30 07:39:34 ----D---- C:\WINDOWS\Prefetch
2010-05-30 07:19:15 ----D---- C:\WINDOWS\Temp
2010-05-29 10:04:02 ----D---- C:\WINDOWS\system32
2010-05-29 10:04:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-29 10:02:30 ----HD---- C:\WINDOWS\inf
2010-05-29 10:02:30 ----D---- C:\WINDOWS
2010-05-29 10:02:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-28 09:43:02 ----D---- D:\Program Files\Trillian
2010-05-27 13:27:29 ----D---- C:\WINDOWS\system32\drivers
2010-05-27 13:02:07 ----D---- C:\Documents and Settings\DLM\Application Data\mjusbsp
2010-05-27 12:51:43 ----D---- C:\WINDOWS\pss
2010-05-26 20:38:28 ----D---- C:\Documents and Settings\DLM\Application Data\uTorrent
2010-05-26 18:13:47 ----D---- C:\Documents and Settings
2010-05-26 10:18:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-05-25 16:33:50 ----SD---- C:\WINDOWS\Tasks
2010-05-25 16:31:33 ----A---- C:\WINDOWS\system.ini
2010-05-25 16:26:15 ----D---- C:\WINDOWS\AppPatch
2010-05-25 16:26:13 ----D---- D:\Program Files\Common Files
2010-05-25 16:21:30 ----RASH---- C:\boot.ini
2010-05-25 13:38:46 ----D---- D:\Program Files\Combined Community Codec Pack
2010-05-25 13:37:16 ----D---- D:\Program Files\Logitech
2010-05-25 13:24:49 ----A---- C:\WINDOWS\win.ini
2010-05-25 13:24:49 ----A---- C:\Boot.bak
2010-05-25 13:19:12 ----SHD---- C:\WINDOWS\Installer
2010-05-25 13:19:11 ----D---- C:\Config.Msi
2010-05-25 13:19:07 ----D---- D:\Program Files\Java
2010-05-24 17:36:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-24 15:59:25 ----D---- D:\Program Files\Google
2010-05-24 15:42:25 ----RSD---- C:\WINDOWS\assembly
2010-05-24 15:42:19 ----D---- C:\WINDOWS\WinSxS
2010-05-24 15:42:17 ----D---- D:\Program Files\Common Files\Intuit
2010-05-24 14:51:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-24 13:40:30 ----D---- C:\Temp
2010-05-24 11:44:04 ----D---- D:\Program Files\Common Files\Ahead
2010-05-24 10:02:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-24 10:02:37 ----D---- C:\WINDOWS\Debug
2010-05-23 20:52:21 ----D---- D:\Program Files\uTorrent
2010-05-23 15:59:15 ----D---- D:\Program Files\Mozilla Firefox
2010-05-23 11:43:11 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-23 11:01:31 ----D---- D:\Program Files\Teletext
2010-05-23 10:59:07 ----D---- D:\Program Files\TVR
2010-05-22 12:28:34 ----RASH---- C:\BOOTSECT.BAK
2010-05-22 12:28:32 ----D---- C:\Boot
2010-05-21 13:53:35 ----D---- C:\WINDOWS\Microsoft.NET
2010-05-21 12:02:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-21 11:58:25 ----D---- C:\WINDOWS\ie8updates
2010-05-21 11:57:48 ----D---- D:\Program Files\Movie Maker
2010-05-21 11:57:20 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-21 11:56:05 ----D---- D:\Program Files\Internet Explorer
2010-05-21 11:55:49 ----D---- D:\Program Files\Outlook Express
2010-05-20 15:49:54 ----HD---- D:\Program Files\InstallShield Installation Information
2010-05-20 15:47:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-20 15:32:17 ----D---- C:\Documents and Settings\DLM\Application Data\Download Manager
2010-05-19 13:36:41 ----D---- D:\Program Files\Quicken WillMaker Plus 2009
2010-05-18 22:47:45 ----D---- D:\Program Files\7-Zip
2010-05-18 21:49:33 ----D---- C:\Documents and Settings\DLM\Application Data\Adobe
2010-05-18 20:45:33 ----RSD---- C:\WINDOWS\Fonts
2010-05-18 20:45:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-05-18 17:19:52 ----D---- C:\WINDOWS\addins
2010-05-17 20:38:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-05-17 18:20:23 ----D---- D:\Program Files\QuickTime
2010-05-17 18:14:22 ----D---- D:\Program Files\Apple Software Update
2010-05-17 13:25:46 ----D---- C:\WINDOWS\system32\config
2010-05-17 13:25:26 ----D---- C:\WINDOWS\system32\wbem
2010-05-17 13:25:26 ----D---- C:\WINDOWS\Registration
2010-05-17 13:22:48 ----D---- D:\Program Files\MSN
2010-05-16 17:00:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-05-16 16:59:56 ----D---- D:\Program Files\Common Files\Microsoft Shared
2010-05-10 10:36:27 ----D---- D:\Program Files\CCleaner
2010-04-30 11:51:08 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-15 10:12:08 ----D---- D:\Program Files\Alwil Software
2010-04-14 12:47:03 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 enport;enport; \??\C:\WINDOWS\system32\drivers\enport.sys []
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2010-01-04 13400]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2010-01-04 69720]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-09-28 800256]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-05-14 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-05-14 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-05-14 21488]
R3 LVCap138;TV Card Capture Driver; C:\WINDOWS\system32\DRIVERS\lvcap138.sys [2003-08-27 307328]
R3 lvtuner;Mercury TV Card WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\tvtuner.sys [2004-09-20 16512]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-08-12 36864]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-06-06 70656]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-08-12 311552]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2003-05-15 19072]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\yukonwxp.sys [2003-10-23 174336]
S0x02000000 OMSCAN;OMSCAN; \Sys []
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\DOCUME~1\DLM\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 fgldapoc;fgldapoc; \??\C:\DOCUME~1\DLM\LOCALS~1\Temp\fgldapoc.sys []
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\System32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 max128k;max128k; C:\WINDOWS\system32\drivers\max128k.sys [2004-07-03 3840]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VisorUsb;Handspring USB; C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2000-06-01 19968]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
S4 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2005-12-12 176193]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-09-28 405504]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 LvHidSvc;Remote HID Service; C:\WINDOWS\system32\lvhidsvc.exe [2004-03-25 32256]
R2 SBPIMSvc;SB Recovery Service; D:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [2010-04-19 181584]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-05-14 65795]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-09-29 516096]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe []
S2 SBAMSvc;CounterSpy Antispyware; D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2010-04-19 2726000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 OracleDBConsoledlm;OracleDBConsoledlm; G:\ora\DLM\OraHome_1\bin\nmesrvc.exe [2007-09-13 25600]
S3 OracleHome1TNSListener;OracleHome1TNSListener; G:\ora\DLM\OraHome_1\BIN\TNSLSNR []
S3 OracleServiceDLM;OracleServiceDLM; g:\ora\dlm\orahome_1\bin\ORACLE.EXE [2007-10-03 89702400]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 gupdate1c9b38f5390e10e;Google Update Service (gupdate1c9b38f5390e10e); D:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-02 133104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 OracleJobSchedulerDLM;OracleJobSchedulerDLM; g:\ora\dlm\orahome_1\Bin\extjob.exe [2007-10-03 102400]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-05-30 07:40:23

======Uninstall list======

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->D:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.65-->"D:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe AIR-->D:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->D:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Any DVD Cloner Platinum 1.0.3-->"D:\Program Files\Any DVD Cloner Platinum\unins000.exe"
APC PowerChute Personal Edition-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUSDVD-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ATI - Software Uninstall Utility-->D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{CDC131DB-C744-460C-832E-6E0C25AB6F03}
ATI Control Panel-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
avast! Free Antivirus-->D:\Program Files\Alwil Software\Avast5\aswRunDll.exe "D:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BHODemon 2.0.0.23-->"D:\Program Files\BHODemon 2\unins000.exe"
BitPim 1.0.7.20100117-->"D:\Program Files\BitPim\unins000.exe"
Capture NX 2-->D:\Program Files\Nikon\Capture NX 2\uninstall.exe
CCleaner-->"D:\Program Files\CCleaner\uninst.exe"
CleanUp!-->D:\Program Files\CleanUp!\uninstall.exe
Color Efex Pro 3.0 Complete-->D:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Color Efex Pro 3.0 Complete\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dfine 2.0-->D:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Dfine 2.0\uninstall.exe
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->D:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EASEUS Partition Master 5.8.1 Home Edition-->"D:\Program Files\EASEUS\EASEUS Partition Master 5.8.1 Home Edition\unins000.exe"
EasyBCD 1.7.2-->D:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe
ffdshow [rev 2844] [2009-03-30]-->"D:\Program Files\Combined Community Codec Pack\Filters\FFDShow\unins000.exe"
Google Toolbar for Internet Explorer-->"D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hallmark Card Studio 2009-->MsiExec.exe /X{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}
Handmark LIST ANYTHING: MobileDB Super Pak-->C:\WINDOWS\unvise32.exe D:\Program Files\Handmark\MobileDB\uninstal.log
HijackThis 2.0.2-->"J:\Download\spyware\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Software Update-->MsiExec.exe /X{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}
Java™ 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LG USB Modem driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Logitech Harmony Remote Software 7-->D:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic ISO Maker v5.5 (build 0281)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Moraff's MoreJongg 7.1-->C:\WINDOWS\iun506.exe D:\Program Files\Moraff's MoreJongg\irunin.ini
Mozilla Firefox (3.5.6)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero 7 Essentials-->MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
nik Color Efex Pro 2.0 Complete-->C:\WINDOWS\unvise32.exe D:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\nik Color Efex Pro 2.0 Complete\uninstal.log
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
NVIDIA nForce Drivers-->C:\WINDOWS\System32\NVUninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Photosmart 140,240,7200,7600,7700,7900 Series-->D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
PictureProject In Touch Downloader 1.0-->D:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Quicken WillMaker Plus 2009-->C:\WINDOWS\unvise32.exe D:\Program Files\Quicken WillMaker Plus 2009\uninstal.log
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
QuoteTracker-->"D:\Program Files\QuoteTracker\unins000.exe"
REALbasic 2009r2-->MsiExec.exe /X{20982B10-4880-408B-9323-CB041A70AE7C}
REALbasic 2009r3-->MsiExec.exe /X{90920FC4-F921-4E04-BAD3-3674F379E444}
REALbasic 2009r4-->MsiExec.exe /X{6BFF5C9D-61C9-4429-900A-160301447BC9}
Remote Control USB Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sharpener Pro 3.0-->D:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Sharpener Pro 3.0\uninstall.exe
Silver Efex Pro-->D:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Silver Efex Pro\uninstall.exe
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
StockTwits Desktop Beta-->msiexec /qb /x {34172F01-6CE6-5DCB-A2AC-50B39171562C}
StockTwits Desktop Beta-->MsiExec.exe /I{34172F01-6CE6-5DCB-A2AC-50B39171562C}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPERAntiSpyware-->"D:\Program Files\SUPERAntiSpyware\SASUNINST.EXE" /NOUI
Sure Delete 5.1.1-->"D:\Program Files\Sure Delete\unins000.exe"
TD AMERITRADE StrategyDesk 3.2-->"D:\Program Files\InstallShield Installation Information\{626306CE-DF96-4CBD-B019-094B1A1C2434}\setup.exe" -runfromtemp -l0x0009 -removeonly
TD AMERITRADE StrategyDesk 3.4_2 (D:\Program Files\TD AMERITRADE\StrategyDesk)-->"D:\Program Files\InstallShield Installation Information\{3EE75283-0BF7-4D84-9060-77718F5FDEA6}\setup.exe" -runfromtemp -l0x0009 -removeonly
Trillian-->D:\Program Files\Trillian\Trillian.exe /uninstall
TV Player Classic 6.0-->"D:\Program Files\TVPlayerClassic\unins000.exe"
TVR-->d:\Program Files\TVR\Uninstal.EXE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viveza-->D:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Viveza\uninstall.exe
Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
XNResourceEditor 3.0.0.1-->"D:\Program Files\XN Resource Editor\unins000.exe"
XP Codec Pack-->D:\Program Files\XP Codec Pack\Uninstall.exe

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: DOLPHIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 66075
Source Name: DCOM
Time Written: 20100516054705.000000-240
Event Type: error
User: DOLPHIN\DLM

Computer Name: DOLPHIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 66074
Source Name: DCOM
Time Written: 20100516054645.000000-240
Event Type: error
User: DOLPHIN\DLM

Computer Name: DOLPHIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 66073
Source Name: DCOM
Time Written: 20100516054625.000000-240
Event Type: error
User: DOLPHIN\DLM

Computer Name: DOLPHIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 66072
Source Name: DCOM
Time Written: 20100516054605.000000-240
Event Type: error
User: DOLPHIN\DLM

Computer Name: DOLPHIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 66071
Source Name: DCOM
Time Written: 20100516054545.000000-240
Event Type: error
User: DOLPHIN\DLM

=====Application event log=====

Computer Name: DOLPHIN
Event Code: 1517
Message: Windows saved user DOLPHIN\DLM registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 731
Source Name: Userenv
Time Written: 20091205150859.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DOLPHIN
Event Code: 1001
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'PPTDesignFilesAdditional' failed during request for component '{A06C8594-1FFF-4F6F-B240-81D9D35B62E7}'

Record Number: 725
Source Name: MsiInstaller
Time Written: 20091204173415.000000-300
Event Type: warning
User: DOLPHIN\DLM

Computer Name: DOLPHIN
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module googletoolbardynamic_32_d5b8545f3cfb02d4.dll, version 6.2.1910.1554, fault address 0x00104532.

Record Number: 691
Source Name: Application Error
Time Written: 20091127220524.000000-300
Event Type: error
User:

Computer Name: DOLPHIN
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module googletoolbardynamic_32_d5b8545f3cfb02d4.dll, version 6.2.1910.1554, fault address 0x00104532.

Record Number: 678
Source Name: Application Error
Time Written: 20091124170831.000000-300
Event Type: error
User:

Computer Name: DOLPHIN
Event Code: 1517
Message: Windows saved user DOLPHIN\DLM registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 638
Source Name: Userenv
Time Written: 20091118072927.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;G:\ora\DLM\OraHome_1\bin;D:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\Common Files\DivX Shared;D:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-30 08:00:56
Windows 5.1.2600 Service Pack 3
Running: wgfick1p.exe; Driver: C:\DOCUME~1\DLM\LOCALS~1\Temp\fgldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF758D49E]

---- Modules - GMER 1.0.15 ----

Module \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804D7000-806EDA80 (2189952 bytes)
Module \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EE000-8070E300 (131840 bytes)
Module \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) F7987000-F7989000 (8192 bytes)
Module \WINDOWS\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) F7897000-F789A000 (12288 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F75A8000-F75D6000 (188416 bytes)
Module \WINDOWS\System32\DRIVERS\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) F7989000-F798B000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) F7597000-F75A8000 (69632 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) F75F7000-F7601000 (40960 bytes)
Module ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F7607000-F7617000 (65536 bytes)
Module \WINDOWS\System32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) F7617000-F7625000 (57344 bytes)
Module compbatt.sys (Composite Battery Driver/Microsoft Corporation) F789B000-F789E000 (12288 bytes)
Module \WINDOWS\System32\DRIVERS\BATTC.SYS (Battery Class Driver/Microsoft Corporation) F789F000-F78A3000 (16384 bytes)
Module pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7A4F000-F7A50000 (4096 bytes)
Module \WINDOWS\System32\DRIVERS\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) F7707000-F770E000 (28672 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) F7627000-F7632000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) F74D8000-F74F7000 (126976 bytes)
Module dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) F798B000-F798D000 (8192 bytes)
Module dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) F74B2000-F74D8000 (155648 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) F770F000-F7714000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) F7637000-F7644000 (53248 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F749A000-F74B2000 (98304 bytes)
Module si3112r.sys (Serial ATA RAID miniport driver/Silicon Image, Inc) F747A000-F749A000 (131072 bytes)
Module \WINDOWS\system32\drivers\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) F7462000-F747A000 (98304 bytes)
Module SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc) F78A3000-F78A7000 (16384 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) F7647000-F7650000 (36864 bytes)
Module \WINDOWS\System32\DRIVERS\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) F7657000-F7664000 (53248 bytes)
Module fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) F7442000-F7462000 (131072 bytes)
Module sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) F7430000-F7442000 (73728 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7667000-F7670000 (36864 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) F7870000-F7887000 (94208 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) F7B52000-F7BDF000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F7843000-F7870000 (184320 bytes)
Module nv_agp.sys (NVIDIA nForce AGP Filter/NVIDIA Corporation) F7717000-F771C000 (20480 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) F7829000-F7843000 (106496 bytes)
Module \SystemRoot\System32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) F7697000-F76A7000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\amdk7.sys (Processor Device Driver/Microsoft Corporation) F76F7000-F7701000 (40960 bytes)
Module \SystemRoot\System32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) F7757000-F775C000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9C70000-B9C94000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) F775F000-F7767000 (32768 bytes)
Module \SystemRoot\System32\DRIVERS\NVENET.sys (NVIDIA nForce MCP Networking Driver./NVIDIA Corporation) B9C5E000-B9C70000 (73728 bytes)
Module \SystemRoot\system32\drivers\nvax.sys (NVIDIA® nForce™ MCP Audio Enumerator/NVIDIA Corporation) F7587000-F7590000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\yukonwxp.sys (NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter/Marvell Semiconductor Inc.) B9C33000-B9C5E000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\lvcap138.sys ( WDM Capture Driver/Philips) B9BE7000-B9C33000 (311296 bytes)
Module \SystemRoot\system32\DRIVERS\STREAM.SYS (WDM CODEC Class Device Driver 2.0/Microsoft Corporation) BA2B7000-BA2C4000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) B9BC4000-B9BE7000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) BA2A7000-BA2B2000 (45056 bytes)
Module \SystemRoot\System32\Drivers\AFS2K.SYS (Audio File System/Oak Technology Inc.) BA297000-BA2A0000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) BA287000-BA297000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) BA277000-BA286000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B9AE6000-B9BC4000 (909312 bytes)
Module \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B9AD2000-B9AE6000 (81920 bytes)
Module \SystemRoot\System32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) F7767000-F776E000 (28672 bytes)
Module \SystemRoot\System32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) BA267000-BA277000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) BAFD4000-BAFD8000 (16384 bytes)
Module \SystemRoot\System32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) B9ABE000-B9AD2000 (81920 bytes)
Module \SystemRoot\System32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA257000-BA264000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\point32.sys (Point32.sys/Microsoft Corporation) F776F000-F7774000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) F7777000-F777D000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) B9F6B000-B9F71000 (24576 bytes)
Module \SystemRoot\system32\drivers\msmpu401.sys (MPU401 Adapter Driver/Microsoft Corporation) F7A97000-F7A98000 (4096 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) B9A9A000-B9ABE000 (147456 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) BA247000-BA256000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\gameenum.sys (Game Port Enumerator/Microsoft Corporation) BAFD0000-BAFD3000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) F7A98000-F7A99000 (4096 bytes)
Module \SystemRoot\System32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) BA237000-BA244000 (53248 bytes)
Module \SystemRoot\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) BAFCC000-BAFCF000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) B9A83000-B9A9A000 (94208 bytes)
Module \SystemRoot\System32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) BA227000-BA232000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) B9E5D000-B9E69000 (49152 bytes)
Module \SystemRoot\System32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) B9F63000-B9F68000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) B9A72000-B9A83000 (69632 bytes)
Module \SystemRoot\System32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) B9E4D000-B9E56000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) B9F5B000-B9F60000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) B9F53000-B9F58000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\loop.sys (Loopback Network Driver/Microsoft Corporation) F79B3000-F79B5000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) B9A42000-B9A72000 (196608 bytes)
Module \SystemRoot\System32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) B9E3D000-B9E47000 (40960 bytes)
Module \SystemRoot\System32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) F79B5000-F79B7000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) B99E4000-B9A42000 (385024 bytes)
Module \SystemRoot\System32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) BAFB0000-BAFB4000 (16384 bytes)
Module \SystemRoot\System32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) B9E2D000-B9E3C000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) F79B7000-F79B9000 (8192 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) F7557000-F7561000 (40960 bytes)
Module \SystemRoot\system32\drivers\nvapu.sys (NVIDIA® nForce™ Audio Driver/NVIDIA Corporation) B926F000-B92BC000 (315392 bytes)
Module \SystemRoot\system32\drivers\nvmcp.sys (NVIDIA® nForce™ MCP APU Audio Library/NVIDIA Corporation) B917E000-B926F000 (987136 bytes)
Module \SystemRoot\system32\drivers\nvarm.sys (NVIDIA® nForce™ APU Resource Manager/NVIDIA Corporation) B916D000-B917E000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\tvtuner.sys (TV Tuner Driver/Philips) F77F7000-F77FC000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) F77FF000-F7804000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) B4440000-B4442000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) B0B7E000-B0B7F000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) B443E000-B4440000 (8192 bytes)
Module \??\C:\WINDOWS\system32\drivers\SBREdrv.sys (Anti-Rootkit Engine/Sunbelt Software) A026B000-A0281000 (90112 bytes)
Module \SystemRoot\System32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) F774F000-F7757000 (32768 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) B8803000-B8809000 (24576 bytes)
Module \SystemRoot\System32\Drivers\mnmdd.SYS (Frame buffer simulator/Microsoft Corporation) B443C000-B443E000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) B443A000-B443C000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) B87FB000-B8800000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) B87F3000-B87FB000 (32768 bytes)
Module \SystemRoot\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) B784F000-B7852000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) A0238000-A024B000 (77824 bytes)
Module \SystemRoot\System32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) A01DF000-A0238000 (364544 bytes)
Module \SystemRoot\System32\Drivers\aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) B7951000-B795B000 (40960 bytes)
Module \SystemRoot\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) A01B7000-A01DF000 (163840 bytes)
Module \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) A0195000-A01B7000 (139264 bytes)
Module \SystemRoot\System32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) B7941000-B794A000 (36864 bytes)
Module \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) B4438000-B443A000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) A016F000-A0195000 (155648 bytes)
Module \SystemRoot\System32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) B7921000-B792A000 (36864 bytes)
Module \??\D:\Program_Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) A014D000-A016F000 (139264 bytes)
Module \SystemRoot\System32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) B6AE3000-B6AF2000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) B783F000-B7842000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) B6AD3000-B6ADC000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) B60D6000-B60DD000 (28672 bytes)
Module \??\D:\Program_Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) B87CB000-B87D1000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) A0122000-A014D000 (176128 bytes)
Module \SystemRoot\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) A00B2000-A0122000 (458752 bytes)
Module \SystemRoot\System32\Drivers\Fips.SYS (FIPS Crypto Driver/Microsoft Corporation) B6AC3000-B6ACE000 (45056 bytes)
Module \??\C:\WINDOWS\system32\drivers\enport.sys B4432000-B4434000 (8192 bytes)
Module \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) A008B000-A00B2000 (159744 bytes)
Module \SystemRoot\System32\Drivers\Aavmker4.SYS (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/ALWIL Software) B87BB000-B87C1000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) B780E000-B7815000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) B7806000-B780C000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) B77FE000-B7805000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) B6A93000-B6AA0000 (53248 bytes)
Module \SystemRoot\System32\Drivers\Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) A0067000-A008B000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) B6864000-B6868000 (16384 bytes)
Module \SystemRoot\System32\Drivers\dump_diskdump.sys B61EA000-B61EE000 (16384 bytes)
Module \SystemRoot\System32\Drivers\dump_si3112r.sys A0047000-A0067000 (131072 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C4000 (1851392 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) B4A99000-B4A9C000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) B60CE000-B60D3000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BF9C4000-BF9D6000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) B09F0000-B09F1000 (4096 bytes)
Module \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.) BF9D6000-BFA0F000 (233472 bytes)
Module \SystemRoot\System32\ati2cqag.dll (Central Memory Manager / Queue Server Module/ATI Technologies Inc.) BFA0F000-BFA4B000 (245760 bytes)
Module \SystemRoot\System32\ati3duag.dll (ati3duag.dll/ATI Technologies Inc. ) BFA4B000-BFC72000 (2256896 bytes)
Module \SystemRoot\System32\ativvaxx.dll (Radeon Video Acceleration Universal Driver/ATI Technologies Inc. ) BFC72000-BFCE8000 (483328 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\drivers\sbapifs.sys (Sunbelt ActiveProtection Filter/Sunbelt Software) F7577000-F7587000 (65536 bytes)
Module \SystemRoot\System32\Drivers\aswFsBlk.SYS (avast! File System Access Blocking Driver/ALWIL Software) BAFF0000-BAFF3000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) B874C000-B8750000 (16384 bytes)
Module \SystemRoot\System32\Drivers\aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) 9DFB8000-9DFCF000 (94208 bytes)
Module \SystemRoot\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) 9DE8B000-9DEA0000 (86016 bytes)
Module \SystemRoot\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) B8D5E000-B8D6D000 (61440 bytes)
Module \SystemRoot\System32\Drivers\Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) BAF0F000-BAF1F000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) 9DCA0000-9DCCD000 (184320 bytes)
Module \SystemRoot\System32\Drivers\ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation) F79F7000-F79F9000 (8192 bytes)
Module \SystemRoot\System32\Drivers\adfs.SYS (Adobe Drive File System Driver/Adobe Systems, Inc.) 9DC8F000-9DCA0000 (69632 bytes)
Module \SystemRoot\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) 9D9B8000-9DA0F000 (356352 bytes)
Module \SystemRoot\System32\Drivers\aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software) F77B7000-F77BC000 (20480 bytes)
Module \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) 9CF52000-9CF93000 (266240 bytes)
Module \??\C:\DOCUME~1\DLM\LOCALS~1\Temp\fgldapoc.sys (GMER) 9C1A5000-9C1BC000 (94208 bytes)
Module \SystemRoot\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) 9B6C3000-9B6EE000 (176128 bytes)
Module \WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 7C900000-7C9B2000 (729088 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process D:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/ALWIL Software) 172
Process D:\Program Files\TVR\RecSche.EXE 388
Process D:\Program Files\Microsoft IntelliPoint\point32.exe (Point32.exe/Microsoft Corporation) 416
Process D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero Home/Nero AG) 464
Process D:\Program Files\Microsoft IntelliType Pro\type32.exe (Type32.exe/Microsoft Corporation) 476
Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 484
Process D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (GoogleToolbarNotifier/Google Inc.) 504
Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 584
Process D:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) 684
Process C:\WINDOWS\system32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 756
Process D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (CLI.EXE/ATI Technologies Inc.) 816
Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 832
Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 856
Process D:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe (avast! Antivirus/ALWIL Software) 868
Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 908
Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 920
Process D:\Program Files\Palm\HotSync.exe (HotSync® Manager Application/Palm Computing, Inc.) 1060
Process C:\WINDOWS\system32\ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 1092
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1112
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1188
Process D:\Program Files\Nikon\PictureProject\NkbMonitor.exe (PictureProject Monitor/Nikon Corporation) 1228
Process C:\WINDOWS\system32\ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 1320
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1396
Process C:\WINDOWS\explorer.exe (Windows Explorer/Microsoft Corporation) 1428
Process D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (CLI.EXE/ATI Technologies Inc.) 1452
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1488
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1552
Process D:\Program Files\HP\hpcoretech\hpcmpmgr.exe (HP Framework Component Manager Service/Hewlett-Packard Company) 1712
Process D:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe 1724
Process D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (Battery backup management service/American Power Conversion Corporation) 1756
Process C:\WINDOWS\system32\hphmon05.exe (HPHmon05/Hewlett-Packard) 1768
Process D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (AcroTray/Adobe Systems Inc.) 1920
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1924
Process D:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) 2000
Process C:\WINDOWS\system32\lvhidsvc.exe (TV Remote HID Service/Philips) 2220
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2304
Process D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero Home/Nero AG) 2436
Process D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (PowerChute system tray power icon/American Power Conversion Corporation) 2508
Process D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero Home/Nero AG) 2528
Process C:\WINDOWS\system32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 2676
Process D:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe (Plug-in Manager Service/Sunbelt Software) 2708
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2768
Process C:\Documents and Settings\DLM\Desktop\gmer\wgfick1p.exe 3572
Process C:\WINDOWS\system32\wuauclt.exe (Windows Update/Microsoft Corporation) 3852
Process C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) 4024

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\WINDOWS\system32\DRIVERS\a347bus.sys (Plug and Play BIOS Extension/ ) [DISABLED] a347bus
Service C:\WINDOWS\System32\Drivers\a347scsi.sys (SCSI miniport/ ) [DISABLED] a347scsi
Service (avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP/ALWIL Software) [SYSTEM] Aavmker4
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\System32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (ACPI Embedded Controller Driver/Microsoft Corporation) [DISABLED] ACPIEC
Service (Adobe Drive File System Driver/Adobe Systems, Inc.) [AUTO] adfs
Service AdobeDriveCS4_NP
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service (Audio File System/Oak Technology Inc.) [SYSTEM] AFS2K
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service C:\WINDOWS\System32\DRIVERS\amdk7.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] AmdK7
Service [DISABLED] amsint
Service D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (Battery backup management service/American Power Conversion Corporation) [AUTO] APC UPS Service
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\WINDOWS\System32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_1.1.4322
Service ASP.NET_2.0.50727
Service Aspi32
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service (avast! File System Access Blocking Driver/ALWIL Software) [AUTO] aswFsBlk
Service (avast! File System Filter Driver for Windows XP/ALWIL Software) [AUTO] aswMon2
Service (avast! TDI RDR Driver/ALWIL Software) [MANUAL] aswRdr
Service (avast! self protection module/ALWIL Software) [SYSTEM] aswSP
Service (avast! TDI Filter Driver/ALWIL Software) [SYSTEM] aswTdi
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\System32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati HotKey Poller
Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart
Service C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag
Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\System32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service D:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/ALWIL Software) [AUTO] avast! Antivirus
Service D:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/ALWIL Software) [MANUAL] avast! Mail Scanner
Service D:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/ALWIL Software) [MANUAL] avast! Web Scanner
Service (Battery Class Driver/Microsoft Corporation) BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\WINDOWS\System32\DRIVERS\bridge.sys (MAC Bridge Driver/Microsoft Corporation) [MANUAL] Bridge
Service C:\WINDOWS\System32\DRIVERS\bridge.sys (MAC Bridge Driver/Microsoft Corporation) [MANUAL] BridgeMP
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\DOCUME~1\DLM\LOCALS~1\Temp\catchme.sys [MANUAL] catchme
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] cisvc
Service Class
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service [DISABLED] CmdIde
Service C:\WINDOWS\System32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\WINDOWS\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\System32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINDOWS\system32\drivers\enport.sys [SYSTEM] enport
Service C:\WINDOWS\system32\epmntdrv.sys [MANUAL] epmntdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\EuGdiDrv.sys [MANUAL] EuGdiDrv
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\System32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service
Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\System32\DRIVERS\gameenum.sys (Game Port Enumerator/Microsoft Corporation) [MANUAL] gameenum
Service C:\WINDOWS\System32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service D:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [DISABLED] gupdate1c9b38f5390e10e
Service D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:\WINDOWS\System32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] hidusb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service [DISABLED] hpn
Service [DISABLED] hpt3xx
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service [DISABLED] IntelIde
Service C:\WINDOWS\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] ip6fw
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\System32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\System32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\WINDOWS\System32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\System32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\System32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service D:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service D:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [AUTO] LightScribeService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\WINDOWS\system32\DRIVERS\lvcap138.sys ( WDM Capture Driver/Philips) [MANUAL] LVCap138
Service C:\WINDOWS\system32\lvhidsvc.exe (TV Remote HID Service/Philips) [AUTO] LvHidSvc
Service C:\WINDOWS\system32\DRIVERS\tvtuner.sys (TV Tuner Driver/Philips) [MANUAL] lvtuner
Service C:\WINDOWS\system32\drivers\max128k.sys (MAX128K.sys/Freelance) [MANUAL] max128k
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Messenger
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\System32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\System32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS\System32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\DRIVERS\loop.sys (Loopback Network Driver/Microsoft Corporation) [MANUAL] msloop
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\WINDOWS\system32\drivers\msmpu401.sys (MPU401 Adapter Driver/Microsoft Corporation) [MANUAL] ms_mpu401
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) [MANUAL] NBService
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP
Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\System32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\WINDOWS\System32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero Home/Nero AG) [MANUAL] NMIndexingService
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA® nForce™ MCP Audio Enumerator/NVIDIA Corporation) [MANUAL] nvax
Service C:\WINDOWS\System32\DRIVERS\NVENET.sys (NVIDIA nForce MCP Networking Driver./NVIDIA Corporation) [MANUAL] NVENET
Service C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA® nForce™ Audio Driver/NVIDIA Corporation) [MANUAL] nvnforce
Service C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA nForce AGP Filter/NVIDIA Corporation) [BOOT] nv_agp
Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394
Service \Sys OMSCAN
Service G:\ora\DLM\OraHome_1\bin\nmesrvc.exe (Oracle Enterprise Manager executable/Oracle Corporation) [MANUAL] OracleDBConsoledlm
Service G:\ora\DLM\OraHome_1\BIN\TNSLSNR.exe [MANUAL] OracleHome1TNSListener
Service g:\ora\dlm\orahome_1\Bin\extjob.exe [DISABLED] OracleJobSchedulerDLM
Service g:\ora\dlm\orahome_1\bin\ORACLE.EXE (Oracle RDBMS Kernel Executable/Oracle Corporation) [MANUAL] OracleServiceDLM
Service D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service Outlook
Service C:\WINDOWS\System32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:\WINDOWS\System32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\System32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\IoctlSvc.exe [AUTO] PLFlash DeviceIoControl Service
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [MANUAL] Pml Driver HPZ12
Service C:\WINDOWS\system32\DRIVERS\point32.sys (Point32.sys/Microsoft Corporation) [MANUAL] Point32
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS\System32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\System32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\System32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\System32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\System32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\System32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:\WINDOWS\System32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\System32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASDIFSV
Service D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASKUTIL
Service D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe (Sunbelt Software Anti Malware Service/Sunbelt Software) [AUTO] SBAMSvc
Service C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) [SYSTEM] sbaphd
Service C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt ActiveProtection Filter/Sunbelt Software) [AUTO] sbapifs
Service SBHIPS
Service D:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe (Plug-in Manager Service/Sunbelt Software) [AUTO] SBPIMSvc
Service C:\WINDOWS\system32\drivers\SBREdrv.sys (Anti-Rootkit Engine/Sunbelt Software) [SYSTEM] SBRE
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort
Service C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\System32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\System32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [SYSTEM] Serial
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\WINDOWS\system32\drivers\si3112r.sys (Serial ATA RAID miniport driver/Silicon Image, Inc) [BOOT] si3112r
Service C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc) [BOOT] SiFilter
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\drivers\SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc) [BOOT] SiWinAcc
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP
Service SMSvcHost 3.0.0.0
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINDOWS\System32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\System32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\System32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\System32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\WINDOWS\System32\tlntsvr.exe (Telnet/Microsoft Corporation) [MANUAL] TlntSvr
Service C:\WINDOWS\system32\drivers\tmcomm.sys [AUTO] tmcomm
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\System32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio
Service C:\WINDOWS\system32\DRIVERS\lgusbbus.sys (LG CDMA USB Multi function Driver/LG Electronics Inc.) [MANUAL] usbbus
Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys (LG CDMA USB Diagnostics Driver/LG Electronics Inc.) [MANUAL] UsbDiag
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\System32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys (LG CDMA USB Modem Driver/LG Electronics Inc.) [MANUAL] USBModem
Service C:\WINDOWS\System32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\WINDOWS\System32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] usbstor
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service C:\WINDOWS\system32\DRIVERS\VisorUsb.sys (Handheld USB Device Driver/Handspring, Inc) [MANUAL] VisorUsb
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\System32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\System32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service D:\Program Files\Windows Media Player\WMPNetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service C:\WINDOWS\System32\DRIVERS\yukonwxp.sys (NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter/Marvell Semiconductor Inc.) [MANUAL] yukonwxp
Service {64060B18-2909-4A69-A877-15EB082CE57E}
Service {9980A743-8F3E-46A2-B4F6-BEA4078C027C}
Service {C59BA830-7A61-473F-B0EE-C8032A7E5763}
Service {D8567B55-3824-4A98-A416-2206ED3046C9}
Service {FBEA947D-8098-4CFD-BE3D-5CF802005207}

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  gmer.log   108.49KB   9 downloads
  • Attached File  info.txt   30.36KB   8 downloads
  • Attached File  log.txt   40.9KB   8 downloads

Edited by aommaster, 30 May 2010 - 12:11 PM.


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:59 PM

Posted 30 May 2010 - 12:15 PM

Hello, dm3635.
Please copy and paste logs directly into your reply, since it'll make it easier for me to read.

P2P Program Warning!

uTorrent

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




It appears that you have previous run Combofix. Please post up the results of the combofix log located at c:\Combofix.txt

Also, I would like to bring to your attention Combofix's disclaimer:
QUOTE
You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Running Combofix without a helper's instructions can render your computer unbootable. See this topic for more information on Combofix. If you are getting help elsewhere, let me know so we can avoid confusion.


In your next reply, please include the following:
  • Combofix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 dm3635

dm3635
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 30 May 2010 - 01:57 PM

Yes, I will remove utorrent as advised. Here is the combofix.txt...

ComboFix 10-05-24.07 - DLM 05/25/2010 16:22:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1622 [GMT -4:00]
Running from: c:\documents and settings\DLM\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sstray.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-25 17:46 . 2010-05-25 17:46 2391871 ----a-w- C:\MGtools.exe
2010-05-25 17:27 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\DLM\Application Data\mjusbsp\in00000\setup.exe
2010-05-25 17:27 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\DLM\Application Data\mjusbsp\ar00000\install.exe
2010-05-25 17:26 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2010-05-25 13:46 . 2010-05-25 13:46 63488 ----a-w- c:\documents and settings\DLM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-25 13:46 . 2010-05-25 13:46 52224 ----a-w- c:\documents and settings\DLM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-25 13:46 . 2010-05-25 13:46 117760 ----a-w- c:\documents and settings\DLM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-25 13:45 . 2010-05-25 13:45 -------- d-----w- c:\documents and settings\DLM\Application Data\SUPERAntiSpyware.com
2010-05-25 13:45 . 2010-05-25 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-25 13:45 . 2010-05-25 13:45 -------- d-----w- d:\program files\SUPERAntiSpyware
2010-05-24 21:55 . 2010-01-04 10:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-05-24 21:55 . 2010-01-04 10:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-05-24 21:45 . 2010-05-24 21:45 -------- d-----w- c:\documents and settings\DLM\Application Data\Sunbelt
2010-05-24 21:45 . 2010-05-24 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-05-24 21:45 . 2010-05-24 21:45 -------- d-----w- d:\program files\Sunbelt Software
2010-05-24 15:44 . 2010-05-24 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-05-24 15:42 . 2010-05-24 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-05-24 15:42 . 2010-05-24 15:42 -------- d-----w- d:\program files\Nero
2010-05-23 19:56 . 2010-05-23 19:56 -------- d-----w- c:\documents and settings\DLM\Local Settings\Application Data\Temp
2010-05-20 19:51 . 2010-05-20 19:51 -------- d-----w- c:\documents and settings\DLM\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
2010-05-20 19:36 . 2010-05-24 18:21 -------- d-----w- d:\program files\DNA
2010-05-20 15:31 . 2007-08-28 23:04 118824 ----a-w- c:\windows\system32\SilSupp.dll
2010-05-20 12:45 . 2010-04-27 02:10 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-05-20 12:45 . 2010-02-23 15:51 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-05-20 12:45 . 2010-02-23 15:51 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-05-20 12:45 . 2010-02-23 15:51 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-05-20 12:45 . 2010-02-23 15:51 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-05-20 12:45 . 2010-05-20 12:45 -------- d-----w- d:\program files\EASEUS
2010-05-19 01:19 . 2010-05-19 01:19 -------- d-----w- c:\windows\Performance
2010-05-19 01:19 . 2010-05-19 01:19 -------- d-----w- c:\documents and settings\DLM\Local Settings\Application Data\Microsoft Corporation
2010-05-19 01:18 . 2010-05-19 01:18 -------- d-----w- d:\program files\Microsoft Windows 7 Upgrade Advisor
2010-05-19 00:45 . 2010-05-19 00:46 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-19 00:45 . 2010-05-19 00:45 -------- d-----w- c:\documents and settings\DLM\Local Settings\Application Data\Apple
2010-05-19 00:45 . 2010-05-19 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-18 21:26 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-18 21:26 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-18 21:26 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-18 21:26 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-18 18:54 . 2010-05-18 18:54 -------- d-----w- d:\program files\Enigma Software Group
2010-05-18 18:54 . 2010-05-18 18:54 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-05-18 12:28 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-17 21:38 . 2010-05-17 21:38 -------- d-----w- c:\documents and settings\DLM\Application Data\Malwarebytes
2010-05-17 21:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 21:38 . 2010-05-17 21:38 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-05-17 21:38 . 2010-05-17 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 21:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 20:39 . 2010-05-17 21:04 -------- d-----w- d:\program files\BHODemon 2
2010-05-17 20:23 . 2010-05-17 20:24 -------- d-----w- d:\program files\MagicISO
2010-05-17 17:25 . 2010-05-17 17:25 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-16 21:00 . 2010-05-16 21:00 -------- d-----w- d:\program files\Microsoft
2010-05-16 21:00 . 2010-05-16 21:00 -------- d-----w- d:\program files\MSN Toolbar
2010-05-16 20:59 . 2010-05-25 17:19 -------- d-----w- d:\program files\Common Files\Java
2010-05-16 20:58 . 2010-05-17 17:22 -------- d-----w- d:\program files\MSN Toolbar Installer
2010-05-16 17:31 . 2010-05-16 17:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-16 16:37 . 2010-05-17 17:24 -------- d-----w- d:\program files\Microsoft Reader
2010-05-12 20:27 . 2010-05-12 20:42 -------- d-----w- d:\program files\TV-Browser
2010-05-10 18:17 . 2008-04-07 09:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-10 18:17 . 2008-04-07 09:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 17:38 . 2009-01-12 02:49 -------- d-----w- d:\program files\Combined Community Codec Pack
2010-05-25 17:37 . 2008-12-29 14:20 -------- d-----w- d:\program files\Logitech
2010-05-25 17:28 . 2009-11-05 16:08 -------- d-----w- c:\documents and settings\DLM\Application Data\mjusbsp
2010-05-25 17:27 . 2008-12-29 17:56 -------- d-----w- d:\program files\Trillian
2010-05-25 17:19 . 2009-02-18 19:11 -------- d-----w- d:\program files\Java
2010-05-25 17:18 . 2008-12-29 13:03 -------- d-----w- d:\program files\QuoteTracker
2010-05-25 13:08 . 2008-12-29 22:57 -------- d-----w- c:\documents and settings\DLM\Application Data\uTorrent
2010-05-24 19:59 . 2008-12-29 00:32 -------- d-----w- d:\program files\Google
2010-05-24 19:42 . 2009-02-24 16:06 -------- d-----w- d:\program files\Common Files\Intuit
2010-05-24 15:44 . 2009-11-04 22:55 -------- d-----w- d:\program files\Common Files\Ahead
2010-05-24 14:02 . 2009-03-20 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-24 00:52 . 2008-12-29 22:57 -------- d-----w- d:\program files\uTorrent
2010-05-23 15:01 . 2008-12-28 02:56 -------- d-----w- d:\program files\Teletext
2010-05-23 14:59 . 2008-12-28 02:56 -------- d-----w- d:\program files\TVR
2010-05-20 19:49 . 2008-12-29 14:20 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-05-20 19:32 . 2009-01-15 01:19 -------- d-----w- c:\documents and settings\DLM\Application Data\Download Manager
2010-05-19 17:36 . 2009-01-07 22:48 -------- d-----w- d:\program files\Quicken WillMaker Plus 2009
2010-05-19 02:47 . 2009-12-20 04:04 -------- d-----w- d:\program files\7-Zip
2010-05-19 00:45 . 2008-12-29 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-17 22:20 . 2008-12-29 21:39 -------- d-----w- d:\program files\QuickTime
2010-05-17 22:14 . 2010-01-14 14:41 -------- d-----w- d:\program files\Apple Software Update
2010-05-16 17:52 . 2008-12-28 02:30 85008 ----a-w- c:\documents and settings\DLM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 14:36 . 2008-12-29 13:00 -------- d-----w- d:\program files\CCleaner
2010-05-09 16:13 . 2008-12-31 15:59 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-05-09 16:13 . 2008-12-29 21:41 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-04-19 17:48 . 2010-04-19 17:48 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-04-15 14:12 . 2008-12-28 02:34 -------- d-----w- d:\program files\Alwil Software
2010-04-15 14:11 . 2009-12-11 17:19 4819048 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-15 14:09 . 2010-04-15 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-14 16:47 . 2008-12-30 19:08 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2008-12-30 19:08 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2008-12-30 19:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2008-12-30 19:08 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2008-12-30 19:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2008-12-30 19:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2008-12-30 19:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2008-12-30 19:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2008-12-30 19:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-17 13:43 . 2009-11-11 07:16 79488 ----a-w- c:\documents and settings\DLM\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:15 . 2001-08-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 23:51 . 2010-02-26 23:51 138584 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\ug00000\magicJack.dll
2010-02-26 23:51 . 2010-03-02 12:47 6870864 ---ha-w- c:\documents and settings\DLM\Application Data\mjusbsp\Upgrade\setup1.exe
2010-02-26 23:51 . 2010-02-26 23:51 6870864 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\ug00000\setup.exe
2010-02-26 23:51 . 2010-02-26 23:51 705936 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\magicJackLoader.exe
2010-02-26 23:51 . 2010-02-26 23:51 480608 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\octvqe1_apiw.dll
2010-02-26 23:51 . 2010-02-26 23:51 214360 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\TjVista.dll
2010-02-26 23:50 . 2010-02-26 23:50 324952 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\TjIpSys.dll
2010-02-26 23:50 . 2010-02-26 23:50 615792 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\SJHandsetMagicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 87384 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\st00000\mjsetup.exe
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\st00000\magicJack.dll
2010-02-26 23:50 . 2010-02-26 23:50 138584 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\magicJack.dll
2010-02-26 23:46 . 2010-02-26 23:46 12526424 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\magicJack.exe
2010-02-26 23:45 . 2010-03-02 12:47 743872 ---ha-w- c:\documents and settings\DLM\Application Data\mjusbsp\Upgrade\install1.exe
2010-02-26 23:45 . 2010-02-26 23:45 743872 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\ug00000\install.exe
2010-02-26 23:45 . 2010-02-26 23:45 87384 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\in00000\mjsetup.exe
2010-02-26 23:45 . 2010-02-26 23:45 138584 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\in00000\magicJack.dll
2010-02-26 23:44 . 2010-02-26 23:44 138584 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\lr00000\magicJack.dll
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 441704 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-02-26 23:43 . 2010-02-26 23:43 50520 ----a-w- c:\documents and settings\DLM\Application Data\mjusbsp\cdloader2.exe
2010-02-25 06:24 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
1999-06-11 14:42 . 2009-03-15 22:16 27952 ----a-w- d:\program files\Readme.txt
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\DLM\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-29 39408]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="d:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"ATIPTA"="d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"ATICCC"="d:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 28672]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"HPHUPD05"="d:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152]
"HP Component Manager"="d:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]
"HP Software Update"="d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="d:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SBAMTray"="d:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-04-19 1291600]
"RemoteControl"="d:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-11-01 32768]
"RecSche"="d:\program files\TVR\RecSche.exe" [2004-05-10 454656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="d:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-09-29 28672]

c:\documents and settings\DLM\Start Menu\Programs\Startup\
BHODemon 2.0.lnk - d:\program files\BHODemon 2\BHODemon.exe [2005-6-19 946176]
Trillian.lnk - d:\program files\Trillian\trillian.exe [2010-2-10 1930592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - d:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-12-29 221247]
ATI CATALYST System Tray.lnk - d:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-9-29 28672]
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2009-4-6 237568]
HotSync Manager.lnk - d:\program files\Palm\HotSync.exe [2008-12-29 282624]
NkbMonitor.exe.lnk - d:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-12-29 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"g:\\ora\\DLM\\OraHome_1\\jdk\\jre\\bin\\java.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Documents and Settings\\DLM\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5060:UDP"= 5060:UDP:magicjack
"5070:UDP"= 5070:UDP:magicjack

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [12/30/2008 11:19 AM 5248]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [12/31/1979 8:00 PM 116264]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [12/31/1979 8:00 PM 19240]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/30/2008 3:08 PM 162768]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/24/2010 5:55 PM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/30/2008 3:08 PM 19024]
R2 SBAMSvc;CounterSpy Antispyware;d:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [4/19/2010 1:48 PM 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/24/2010 5:55 PM 69720]
R2 SBPIMSvc;SB Recovery Service;d:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [4/19/2010 1:47 PM 181584]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [12/30/2008 11:19 AM 160640]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/20/2010 8:45 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/20/2010 8:45 AM 8456]
S3 max128k;max128k;c:\windows\system32\drivers\max128k.sys [1/12/2009 5:45 PM 3840]
S3 OracleDBConsoledlm;OracleDBConsoledlm;g:\ora\DLM\OraHome_1\BIN\nmesrvc.exe [1/20/2010 9:04 PM 25600]
S3 OracleHome1TNSListener;OracleHome1TNSListener;g:\ora\DLM\OraHome_1\BIN\TNSLSNR --> g:\ora\DLM\OraHome_1\BIN\TNSLSNR [?]
S3 OracleServiceDLM;OracleServiceDLM;g:\ora\dlm\orahome_1\bin\ORACLE.EXE DLM --> g:\ora\dlm\orahome_1\bin\ORACLE.EXE DLM [?]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\VisorUsb.sys [12/29/2008 12:34 PM 19968]
S4 gupdate1c9b38f5390e10e;Google Update Service (gupdate1c9b38f5390e10e);d:\program files\Google\Update\GoogleUpdate.exe [4/2/2009 8:34 AM 133104]
S4 OracleJobSchedulerDLM;OracleJobSchedulerDLM;g:\ora\dlm\orahome_1\Bin\extjob.exe DLM --> g:\ora\dlm\orahome_1\Bin\extjob.exe DLM [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-01 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard76002003-04-08 17:45Y35E134937I.job
- d:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 17:45]

2010-05-25 c:\windows\Tasks\HP Usg Daily.job
- d:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2008-12-29 13:03]

2010-05-25 c:\windows\Tasks\User_Feed_Synchronization-{611F51C1-05A8-4C8E-849E-697F640C199D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/nwshp?ie=UTF-8&hl=en&tab=wn
IE: Append Link Target to Existing PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: {FBEA947D-8098-4CFD-BE3D-5CF802005207} = 67.90.152.122,67.107.71.186
FF - ProfilePath - c:\documents and settings\DLM\Application Data\Mozilla\Firefox\Profiles\deu4e6dm.default\
FF - plugin: c:\documents and settings\DLM\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-SunJavaUpdateSched - d:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-Oracle BPM COM Bridge (4065) - d:\orabpmstudiohome\bin\combridge.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleHome1TNSListener]
"ImagePath"="g:\ora\DLM\OraHome_1\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\WININET.dll
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-25 16:35:03
ComboFix-quarantined-files.txt 2010-05-25 20:34

Pre-Run: 6,307,020,800 bytes free
Post-Run: 6,356,447,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN

- - End Of File - - 5EB67B18E7BE299AC94F36A6D5B10BEB


#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:59 PM

Posted 30 May 2010 - 02:57 PM

Hello, dm3635.
We need to disable TeaTimer
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Uncheck the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy


NEXT:

We need to run TDSSKiller
  1. Download TDSSKiller and save it to your Desktop.
  2. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  3. Go to Start > Run and copy and paste the following into the text field. (make sure you include the quote marks and do not include the word "Code") Then press OK.
    CODE
    "%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\Desktop\TDSSKiller.txt" -v

    **Note:If it says "Hidden service detected" DO NOT type anything in. Just press Enter.
  4. When it is done, a log file should be created on your desktop called "TDSSKiller.txt" please copy and paste the contents of that file here

In your next reply, please include the following:
  • TDSSKiller.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 dm3635

dm3635
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 30 May 2010 - 03:35 PM

Resident "SDHelper" (Internet Explorer bad download blocker) active and Resident "TeaTimer" (Protection for over-all system settings) active were not checked in SpyBot Search and Destroy, so I closed SpyBot Search and Destroy and followed the rest of your instructions. Here is the contents of TDSSKiller.txt. I will wait your instruction before rebooting. - thanks


16:29:31:718 3056 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
16:29:31:718 3056 ================================================================================
16:29:31:718 3056 SystemInfo:

16:29:31:718 3056 OS Version: 5.1.2600 ServicePack: 3.0
16:29:31:718 3056 Product type: Workstation
16:29:31:718 3056 ComputerName: DOLPHIN
16:29:31:718 3056 UserName: DLM
16:29:31:718 3056 Windows directory: C:\WINDOWS
16:29:31:718 3056 Processor architecture: Intel x86
16:29:31:718 3056 Number of processors: 1
16:29:31:718 3056 Page size: 0x1000
16:29:31:734 3056 Boot type: Normal boot
16:29:31:734 3056 ================================================================================
16:29:32:156 3056 Initialize success
16:29:32:156 3056
16:29:32:156 3056 Scanning Services ...
16:29:32:281 3056 Raw services enum returned 384 services
16:29:32:312 3056
16:29:32:312 3056 Scanning Drivers ...
16:29:32:796 3056 a347bus (1f61cacacb521215f39061789147968c) C:\WINDOWS\system32\DRIVERS\a347bus.sys
16:29:32:828 3056 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) C:\WINDOWS\System32\Drivers\a347scsi.sys
16:29:32:859 3056 Aavmker4 (94321612e022baed249bf6bc2b9ddf9e) C:\WINDOWS\system32\drivers\Aavmker4.sys
16:29:32:906 3056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:29:32:937 3056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:29:32:968 3056 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
16:29:33:015 3056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:29:33:046 3056 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
16:29:33:078 3056 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
16:29:33:156 3056 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
16:29:33:187 3056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:29:33:250 3056 aswFsBlk (7f7135c14ed4fb190aa75cb1fd1f14e8) C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:29:33:281 3056 aswMon2 (71a24fc1564c39cf834acec3396577e6) C:\WINDOWS\system32\drivers\aswMon2.sys
16:29:33:296 3056 aswRdr (9a2f01e6bcece7a1a1f39846e392cd41) C:\WINDOWS\system32\drivers\aswRdr.sys
16:29:33:328 3056 aswSP (7df85e2e544b505ee74d734a394e39c7) C:\WINDOWS\system32\drivers\aswSP.sys
16:29:33:359 3056 aswTdi (9e82102b7249ef33a1cc132f26afeac4) C:\WINDOWS\system32\drivers\aswTdi.sys
16:29:33:375 3056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:29:33:406 3056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:29:33:484 3056 ati2mtag (aae41c74db4dd34e8e97cb3a7a92c0b6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:29:33:515 3056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:29:33:546 3056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:29:33:578 3056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:29:33:609 3056 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
16:29:33:609 3056 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
16:29:33:734 3056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:29:33:750 3056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:29:33:781 3056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:29:33:796 3056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:29:33:812 3056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:29:33:859 3056 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:29:33:890 3056 Disk (cf93df4b2703965c0f453cc4ee0ca4e7) C:\WINDOWS\system32\DRIVERS\disk.sys
16:29:33:890 3056 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: cf93df4b2703965c0f453cc4ee0ca4e7, Fake md5: 044452051f3e02e7963599fc8f4f3e25
16:29:33:890 3056 File "C:\WINDOWS\system32\DRIVERS\disk.sys" infected by TDSS rootkit ... 16:29:34:531 3056 Backup copy found, using it..
16:29:34:562 3056 will be cured on next reboot
16:29:34:687 3056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:29:34:781 3056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:29:34:796 3056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:29:34:828 3056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:29:34:843 3056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:29:34:875 3056 enport (dd779e6d3193b758e635dcdedd0952e5) C:\WINDOWS\system32\drivers\enport.sys
16:29:34:921 3056 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
16:29:34:921 3056 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
16:29:34:953 3056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:29:34:984 3056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:29:35:000 3056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:29:35:015 3056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:29:35:046 3056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:29:35:078 3056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:29:35:093 3056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:29:35:109 3056 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
16:29:35:125 3056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:29:35:140 3056 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
16:29:35:156 3056 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:29:35:218 3056 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:29:35:218 3056 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:29:35:234 3056 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:29:35:265 3056 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
16:29:35:328 3056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:29:35:359 3056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:29:35:406 3056 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:29:35:421 3056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:29:35:437 3056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:29:35:468 3056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:29:35:500 3056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:29:35:515 3056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:29:35:546 3056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:29:35:562 3056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:29:35:593 3056 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
16:29:35:625 3056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:29:35:671 3056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:29:35:718 3056 LVCap138 (205b02b2c69b312041e0cdf24b5ba2d8) C:\WINDOWS\system32\DRIVERS\lvcap138.sys
16:29:35:750 3056 lvtuner (fcaf5b1b8fc324a153580df00ad578d3) C:\WINDOWS\system32\DRIVERS\tvtuner.sys
16:29:35:781 3056 max128k (87a8459780fa39034c629ecad865b5fa) C:\WINDOWS\system32\drivers\max128k.sys
16:29:35:796 3056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:29:35:828 3056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:29:35:875 3056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:29:35:890 3056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:29:35:921 3056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:29:35:968 3056 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:29:35:984 3056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:29:36:015 3056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:29:36:031 3056 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
16:29:36:046 3056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:29:36:078 3056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:29:36:109 3056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:29:36:140 3056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:29:36:156 3056 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
16:29:36:171 3056 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:29:36:203 3056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:29:36:234 3056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:29:36:250 3056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:29:36:265 3056 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:29:36:281 3056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:29:36:296 3056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:29:36:328 3056 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:29:36:343 3056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:29:36:359 3056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:29:36:375 3056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:29:36:390 3056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:29:36:421 3056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:29:36:500 3056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:29:36:531 3056 nvax (a9af177d2543315108bd974e469f4d45) C:\WINDOWS\system32\drivers\nvax.sys
16:29:36:562 3056 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys
16:29:36:593 3056 nvnforce (ab0f1072ac0e24567effcb0c4f3499f5) C:\WINDOWS\system32\drivers\nvapu.sys
16:29:36:625 3056 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
16:29:36:671 3056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:29:36:671 3056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:29:36:718 3056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:29:36:750 3056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:29:36:765 3056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:29:36:796 3056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:29:36:812 3056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:29:36:843 3056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:29:36:875 3056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:29:36:968 3056 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
16:29:36:968 3056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:29:37:000 3056 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:29:37:015 3056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:29:37:046 3056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:29:37:078 3056 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:29:37:140 3056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:29:37:171 3056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:29:37:187 3056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:29:37:187 3056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:29:37:203 3056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:29:37:218 3056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:29:37:234 3056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:29:37:265 3056 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:29:37:281 3056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:29:37:359 3056 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:29:37:375 3056 SASKUTIL (61db0d0756a99506207fd724e3692b25) D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:29:37:453 3056 sbaphd (ac62ea25bea53ced3ba537324c5714d4) C:\WINDOWS\system32\drivers\sbaphd.sys
16:29:37:468 3056 sbapifs (9215ce4563c5d1e402c85e5cfbf51488) C:\WINDOWS\system32\drivers\sbapifs.sys
16:29:37:515 3056 SBRE (06cf3163f98aa1b8b6812b7d2d60941a) C:\WINDOWS\system32\drivers\SBREdrv.sys
16:29:37:546 3056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:29:37:578 3056 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:29:37:578 3056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:29:37:609 3056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:29:37:640 3056 si3112r (3da2f680bfc8e92a535cea5a5d80ac37) C:\WINDOWS\system32\drivers\si3112r.sys
16:29:37:656 3056 SiFilter (d893aa1d1ee007b7ab1b16e1099e9f17) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
16:29:37:671 3056 SiWinAcc (d893aa1d1ee007b7ab1b16e1099e9f17) C:\WINDOWS\system32\drivers\SiWinAcc.sys
16:29:37:703 3056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:29:37:718 3056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:29:37:734 3056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:29:37:781 3056 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
16:29:37:828 3056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:29:37:859 3056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:29:37:875 3056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:29:37:921 3056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:29:38:000 3056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:29:38:046 3056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:29:38:078 3056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:29:38:093 3056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:29:38:140 3056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:29:38:187 3056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:29:38:234 3056 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:29:38:265 3056 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
16:29:38:296 3056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:29:38:312 3056 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
16:29:38:359 3056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:29:38:375 3056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:29:38:421 3056 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
16:29:38:421 3056 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:29:38:437 3056 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:29:38:468 3056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:29:38:468 3056 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:29:38:500 3056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:29:38:546 3056 VisorUsb (7608c8327d19ecec1c21f5630a8dedb6) C:\WINDOWS\system32\DRIVERS\VisorUsb.sys
16:29:38:562 3056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:29:38:593 3056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:29:38:625 3056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:29:38:640 3056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:29:38:671 3056 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:29:38:703 3056 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:29:38:734 3056 yukonwxp (4fd408e42b3e516732e607bed06f39fb) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
16:29:38:734 3056 Reboot required for cure complete..
16:29:38:765 3056 Cure on reboot scheduled successfully
16:29:38:765 3056
16:29:38:765 3056 Completed
16:29:38:765 3056
16:29:38:765 3056 Results:
16:29:38:765 3056 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:29:38:765 3056 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:29:38:765 3056
16:29:38:765 3056 KLMD(ARK) unloaded successfully


#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:59 PM

Posted 30 May 2010 - 03:40 PM

Hi!

Are you still getting redirected now? Looks like TDSSKiller may have gotten the infection for us.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 dm3635

dm3635
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 30 May 2010 - 03:50 PM

thumbup.gif So far so good. I rebooted and have done a few google searches without being redirected. Thank you very much!!!!!! clapping.gif

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:59 PM

Posted 30 May 2010 - 03:52 PM

Hello, dm3635.
Good to hear smile.gif Let's make sure we haven't missed anything, and then we can clean up.

We need to run an ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the Eset Smart Installer icon on your desktop.
  4. Check the "YES, I accept the Terms of Use"
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check Scan archives
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push "List of found threats"
  11. Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the "<<Back" button.
  13. Push Finish

In your next reply, please include the following:
  • Eset Scan Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 dm3635

dm3635
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 31 May 2010 - 06:09 AM

Hello aommaster,

ESET scan found a few more threats, which I have cleaned by checking the remove threats box and clicking start. Here is the ESET scan log....

H:\PhotoShop\Adobe.Photoshop.CS5.Extended.v12\Adobe CS5\payloads\AdobeAIR1.5.3-mul\AdobeAIRInstaller.exe NSIS/TrojanDownloader.Agent.NBW trojan deleted - quarantined
H:\PhotoShop\Adobe.Photoshop.CS5.Extended.v12\Adobe CS5\payloads\AdobeAMP1.8-mul\AdobeAIRInstaller.exe NSIS/TrojanDownloader.Agent.NBW trojan deleted - quarantined
H:\System Volume Information\_restore{B6B6D5D6-CF6B-417F-8A15-CD41B546EE7F}\RP589\A2127597.exe NSIS/TrojanDownloader.Agent.NBW trojan deleted - quarantined
H:\System Volume Information\_restore{B6B6D5D6-CF6B-417F-8A15-CD41B546EE7F}\RP589\A2127598.exe NSIS/TrojanDownloader.Agent.NBW trojan deleted - quarantined


#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:59 PM

Posted 31 May 2010 - 12:12 PM

Hello, dm3635.
Perfect!

We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".

NEXT:

We need to enable TeaTimer
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Check the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Make Firefox more secure
    Firefox is a relatively safe browser compared to Internet Explorer. However, if you'd still like to enhance security, consider some of these extensions:
    • NoScript: Add-on which automatically blocks Javascript and Java from running on sites.
    • Firekeeper: Add-on which aims to protect your from malicious websites which may exploit browser and code security flaws.
    • KeyScrambler: Add-on that protects your passwords from being detected by keyloggers.
  4. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  5. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  6. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 dm3635

dm3635
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 31 May 2010 - 03:39 PM

aommaster, thank you so much for your assistance!!! clapping.gif thumbup.gif

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:59 PM

Posted 31 May 2010 - 03:42 PM

My pleasure smile.gif

Since this problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please send me a PM with the address of this thread. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users