Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Volume problems and Pop ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 Dr_AJPR

Dr_AJPR

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 22 July 2010 - 12:59 AM

Hello
Recently my computer has been doing some weird stuff. I've been hearing some clicking sound as if Im opening files constantly then all of a sudden volume mutes and a pop up appears using internet explorer. Really annoying. I've tried to uninstall internet explorer, but i have not been successful. Ran anti-virus and anti-malware scans and nothing appears. Now I;ve been reading that other users have had this problem and based on what I have read Ive done the following to get things going:
1- paste dds log
2- paste attach.txt
3- Paste log from RkUnhooker

I also wanted to do the MBRchecker but im unable to download it because of forbidden access. Anyways here's what I have I hope Someone knows what to do. Thanks.

DDs Log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 23:34:47.76 on Wed 07/21/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.235 [GMT -4:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

svchost.exe 4
svchost.exe 4
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1141742783\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1141742783\ee\AOLServiceHost.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HostManager] c:\program files\common files\aol\1141742783\ee\AOLHostManager.exe
mRun: [<NO NAME>]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [OdTray.exe] "c:\program files\funk software\odyssey client\OdTray.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: OdysseyClient - odyEvent.dll
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.f-secure.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\y6ms34d3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\y6ms34d3.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-6 165456]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-10-28 583128]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-6 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-6 40384]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192160]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-17 202352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169632]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-15 54752]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-10-7 139936]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-1-16 814728]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-7 1247600]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-2-19 106496]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-6 40384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2006-11-17 102760]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061117.017\NAVENG.Sys [2006-11-17 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061117.017\NavEx15.Sys [2006-11-17 831880]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S2 gupdate1cafc4c16e9f1a8;Google Update Service (gupdate1cafc4c16e9f1a8);c:\program files\google\update\GoogleUpdate.exe [2010-5-25 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

=============== Created Last 30 ================

2010-07-22 03:29:55 0 ----a-w- c:\documents and settings\user\defogger_reenable
2010-07-22 03:08:46 0 d-----w- C:\d3cf9eb2ea5a6e30f8399ae9
2010-07-21 05:32:51 0 d-----w- c:\docume~1\user\applic~1\Ashampoo
2010-07-21 05:32:08 0 d-----w- c:\docume~1\alluse~1\applic~1\ashampoo
2010-07-21 05:31:07 0 d-----w- c:\program files\Ashampoo
2010-07-20 03:29:07 0 d-----w- c:\program files\iPod
2010-07-20 03:28:43 0 d-----w- c:\program files\iTunes
2010-07-20 03:13:30 0 d-----w- c:\program files\Bonjour
2010-07-14 18:30:03 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 13:33:18 34975 ----a-w- c:\windows\system32\~lwwuhst.lwt
2010-07-11 13:31:00 198640 ----a-w- c:\windows\system32\mci32.ocx
2010-07-11 13:31:00 0 d-----w- c:\program files\LWW USMLE
2010-07-11 13:30:59 570128 ----a-w- c:\windows\system32\Dao350.dll
2010-07-11 13:30:59 209408 ----a-w- c:\windows\system32\tabctl32.ocx
2010-07-11 13:30:59 135680 ----a-w- c:\windows\system32\DWSPY32.dll
2010-07-11 13:30:59 114688 ----a-w- c:\windows\system32\DWSHK32.ocx
2010-07-11 13:30:59 1008432 ----a-w- c:\windows\system32\mschrt20.ocx
2010-07-11 13:30:58 565248 ----a-w- c:\windows\system32\Sfttreex.ocx
2010-07-11 13:30:58 204907 ----a-w- c:\windows\system32\triedit.dll
2010-07-11 13:30:58 203576 ----a-w- c:\windows\system32\Richtx32.ocx
2010-07-11 13:30:58 192512 ----a-w- c:\windows\system32\LWWQBPlus01.ocx
2010-07-11 13:30:58 188416 ----a-w- c:\windows\system32\lwwotr02.ocx
2010-07-11 13:30:58 136184 ----a-w- c:\windows\system32\dhtmled.ocx
2010-07-06 15:01:11 38848 ----a-w- c:\windows\avastSS.scr
2010-07-06 15:00:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-06 14:04:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 14:04:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-06 14:04:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-04 02:15:05 0 d-----w- c:\docume~1\alluse~1\applic~1\TVU Networks
2010-07-04 02:15:01 0 d-----w- c:\documents and settings\user\LocalLow
2010-07-04 02:07:52 0 d-----w- c:\windows\system32\TVUAx
2010-06-23 21:42:26 0 d-----w- c:\program files\McAfee Security Scan

==================== Find3M ====================

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2006-10-13 16:10:19 17177896 ----a-w- c:\program files\Install_Messenger.exe

============= FINISH: 23:35:41.87 ===============



attach.txt:

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/19/2006 12:55:16 PM
System Uptime: 7/21/2010 8:02:07 PM (3 hours ago)
Processor: Intel® Pentium® M processor 1.73GHz | N/A | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 14.79 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\21AB8C98004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\21AB8C98004603
Service: NIC1394

==== System Restore Points ===================

RP1000: 4/29/2010 7:14:54 PM - Removed NBC Direct Beta
RP1001: 5/1/2010 12:36:46 PM - System Checkpoint
RP1002: 5/2/2010 6:04:09 PM - System Checkpoint
RP1003: 5/3/2010 7:18:13 PM - System Checkpoint
RP1004: 5/4/2010 11:17:50 PM - System Checkpoint
RP1005: 5/6/2010 5:34:50 AM - System Checkpoint
RP1006: 5/8/2010 12:53:11 AM - System Checkpoint
RP1007: 5/9/2010 1:36:33 PM - System Checkpoint
RP1008: 5/10/2010 2:12:02 PM - System Checkpoint
RP1009: 5/11/2010 3:38:36 PM - System Checkpoint
RP1010: 5/12/2010 3:00:47 AM - Software Distribution Service 3.0
RP1011: 5/14/2010 3:45:55 AM - System Checkpoint
RP1012: 5/15/2010 4:58:27 PM - System Checkpoint
RP1013: 5/17/2010 12:13:16 AM - System Checkpoint
RP1014: 5/18/2010 2:34:14 AM - System Checkpoint
RP1015: 5/19/2010 10:36:08 PM - System Checkpoint
RP1016: 5/21/2010 12:40:58 AM - System Checkpoint
RP1017: 5/23/2010 2:47:34 AM - System Checkpoint
RP1018: 5/24/2010 6:45:10 AM - System Checkpoint
RP1019: 5/25/2010 6:27:17 PM - System Checkpoint
RP1020: 5/26/2010 12:53:41 AM - Installed Mega Manager
RP1021: 5/26/2010 3:00:24 AM - Software Distribution Service 3.0
RP1022: 5/27/2010 3:00:44 AM - Software Distribution Service 3.0
RP1023: 5/28/2010 4:25:07 PM - System Checkpoint
RP1024: 5/29/2010 10:42:32 PM - System Checkpoint
RP1025: 5/31/2010 2:06:32 AM - System Checkpoint
RP1026: 6/1/2010 2:24:11 AM - System Checkpoint
RP1027: 6/2/2010 3:41:52 AM - System Checkpoint
RP1028: 6/3/2010 6:43:40 AM - System Checkpoint
RP1029: 6/4/2010 9:29:37 AM - System Checkpoint
RP1030: 6/4/2010 11:02:37 PM - Installed iTunes
RP1031: 6/5/2010 12:29:34 PM - Software Distribution Service 3.0
RP1032: 6/8/2010 11:07:58 PM - System Checkpoint
RP1033: 6/10/2010 8:34:33 PM - System Checkpoint
RP1034: 6/11/2010 3:01:05 AM - Software Distribution Service 3.0
RP1035: 6/12/2010 3:50:58 PM - System Checkpoint
RP1036: 6/13/2010 9:32:00 PM - System Checkpoint
RP1037: 6/14/2010 11:29:25 PM - System Checkpoint
RP1038: 6/16/2010 11:14:15 PM - System Checkpoint
RP1039: 6/17/2010 11:52:58 PM - System Checkpoint
RP1040: 6/19/2010 1:54:34 AM - System Checkpoint
RP1041: 6/20/2010 4:23:42 AM - System Checkpoint
RP1042: 6/21/2010 6:14:00 PM - System Checkpoint
RP1043: 6/23/2010 5:52:51 AM - Software Distribution Service 3.0
RP1044: 6/24/2010 7:54:20 AM - System Checkpoint
RP1045: 6/26/2010 4:15:55 AM - System Checkpoint
RP1046: 6/27/2010 4:43:36 AM - System Checkpoint
RP1047: 6/28/2010 10:31:14 PM - System Checkpoint
RP1048: 6/29/2010 11:39:41 PM - System Checkpoint
RP1049: 7/1/2010 2:46:10 AM - System Checkpoint
RP1050: 7/2/2010 3:35:03 AM - System Checkpoint
RP1051: 7/3/2010 6:45:10 AM - System Checkpoint
RP1052: 7/4/2010 9:05:26 AM - System Checkpoint
RP1053: 7/5/2010 2:54:59 PM - System Checkpoint
RP1054: 7/6/2010 11:00:40 AM - avast! Free Antivirus Setup
RP1055: 7/6/2010 11:15:29 AM - Restore Operation
RP1056: 7/7/2010 3:58:26 PM - System Checkpoint
RP1057: 7/8/2010 5:20:42 PM - System Checkpoint
RP1058: 7/10/2010 11:39:54 AM - System Checkpoint
RP1059: 7/11/2010 5:05:47 PM - System Checkpoint
RP1060: 7/12/2010 10:16:44 PM - System Checkpoint
RP1061: 7/13/2010 9:46:46 AM - Software Distribution Service 3.0
RP1062: 7/14/2010 11:25:04 AM - System Checkpoint
RP1063: 7/15/2010 10:52:11 AM - Software Distribution Service 3.0
RP1064: 7/16/2010 9:11:48 PM - System Checkpoint
RP1065: 7/18/2010 2:46:29 PM - System Checkpoint
RP1066: 7/19/2010 5:47:59 PM - System Checkpoint
RP1067: 7/20/2010 9:50:13 PM - System Checkpoint
RP1068: 7/21/2010 3:42:38 AM - Restore Operation
RP1069: 7/21/2010 1:39:15 PM - Restore Operation

==== Hosts File Hijack ======================

Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.f-secure.com
Hosts: 127.0.0.1 www.grisoft.com
Hosts: 127.0.0.1 www.kaspersky.com
Hosts: 127.0.0.1 www.mcafee.com
Hosts: 127.0.0.1 www.sophos.com
Hosts: 127.0.0.1 www.symantec.com
Hosts: 127.0.0.1 www.trendmicro.com
Hosts: 127.0.0.1 www.viruslist.com
Hosts: 127.0.0.1 www.virustotal.com

==== Installed Programs ======================

2010FredV2Step1
7-Zip 4.65
AAC Decoder
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Reader 8.2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 3.1.5.3033
AutoUpdate
avast! Free Antivirus
Bonjour
CiD Help
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Accelerator Plus (DAP)
FRED
Free Sound Recorder
Full Tilt Poker
Google Chrome
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 19
Java™ 6 Update 15
Java™ 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 3.2.0 Full
Malwarebytes' Anti-Malware
MCQE
Mega Manager
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MKV Splitter
Mobile Partner
Move Media Player
Mozilla Firefox (3.6.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NBC Direct Beta
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.5
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia Software Launcher
OpenCASE Media Agent
PaltalkScene
PC Connectivity Solution
Picasa 2
PokerStars
ProtectDisc Helper Driver 10
QuickTime
Safari
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 4.2
The Price is Right (remove only)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB925720)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USMLE Board Simulator
Usmleworld Sim Exam V2
Usmleworld Step1 QBank
Usmleworld Step1 QBank V2
Usmleworld Step2 QBank V2
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.15
VeohProxy
VLC media player 1.0.0
WD Diagnostics
WD Drive Manager (x86)
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Toolbar
YouTube Downloader 2.5.6

==== Event Viewer Messages From Past Week ========

7/19/2010 8:24:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the VzCdbSvc service.
7/19/2010 11:12:40 AM, error: Service Control Manager [7034] - The Symantec Core LC service terminated unexpectedly. It has done this 4 time(s).
7/16/2010 12:03:52 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
7/15/2010 10:51:31 AM, error: Service Control Manager [7034] - The Symantec Core LC service terminated unexpectedly. It has done this 3 time(s).
7/14/2010 9:35:55 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00166F9D891E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/14/2010 7:56:37 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00166F9D891E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================



RKUnhooker Report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xAA3DB000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4083712 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xF63BF000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3325952 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2058368 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2058368 bytes
0x804D7000 RAW 2058368 bytes
0x804D7000 WMIxWDM 2058368 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6765000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1052672 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA293000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 999424 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF075000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xA8792000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061117.017\NavEx15.Sys 827392 bytes (Symantec Corporation, AV Engine)
0xAA1E2000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 724992 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA9488000 C:\WINDOWS\system32\drivers\acedrv10.sys 593920 bytes (Protect Software GmbH, Filter Driver ProtectDisc)
0xF7311000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9F56000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA9EF4000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 401408 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xAA02C000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver)
0xAA156000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF62A2000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xA885C000 C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 360448 bytes (Symantec Corporation, AutoProtect)
0xA9341000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA85FF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6346000 C:\WINDOWS\system32\drivers\acehlp10.sys 245760 bytes (Protect Software GmbH, ProtectDisc Filter Driver)
0xAA0FA000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 241664 bytes (Symantec Corporation, Network Dispatch Driver)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 212992 bytes (Intel Corporation, Component GHAL Driver)
0xAA387000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF744D000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF72E4000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA9541000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA7369000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA9FED000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA98CC000 C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20071011.001\symidsco.sys 176128 bytes (Symantec Corporation, IDS Core Driver)
0xA98F7000 C:\WINDOWS\System32\Drivers\SYMFW.SYS 167936 bytes (Symantec Corporation, Firewall Filter Driver)
0xAA0B0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA9EB0000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xF6399000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF672B000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)
0xF6323000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6708000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAA08E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAA3B9000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAA0D8000 C:\Program Files\Symantec\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 135168 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xAA135000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131712 bytes
0x806CE000 C:\WINDOWS\system32\hal.dll 131712 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73C7000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF73FF000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF741E000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xA9ED7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF66EB000 C:\WINDOWS\system32\drivers\tifmsony.sys 118784 bytes (Texas Instruments, tifmsony.sys)
0xF72C9000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73E7000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9DD0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF6382000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 94208 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xA96D5000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xF739E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF630C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA73E4000 C:\DOCUME~1\user\LOCALS~1\Temp\uwrdqpod.sys 94208 bytes
0xA8D64000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xAA018000 C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 81920 bytes (Symantec Corporation, SAVRTPEL)
0xF6751000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA1AF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA8780000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061117.017\NAVENG.Sys 73728 bytes (Symantec Corporation, AV Engine)
0xF73B5000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF743C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF62FB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF772C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76AC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF6896000 C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys 61440 bytes (Funk Software, Inc., Odyssey Intermediate Driver)
0xF758C000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF68E6000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8FA9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76BC000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF759C000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF68F6000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF75DC000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF768C000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF68D6000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75BC000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA9E48000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF68B6000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF775C000 C:\WINDOWS\System32\Drivers\SYMIDS.SYS 49152 bytes (Symantec Corporation, IDS Filter Driver)
0xF769C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75AC000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF68C6000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA9AB8000 C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 45056 bytes (Symantec Corporation, NDIS Filter Driver)
0xF76DC000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF6876000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xA9AC8000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
0xF6886000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75CC000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF770C000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF773C000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF767C000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF757C000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF68A6000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF76FC000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8DB1000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF75EC000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF76EC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78DC000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF790C000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7894000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7944000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77FC000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF797C000 C:\WINDOWS\System32\Drivers\SYMDNS.SYS 28672 bytes (Symantec Corporation, DNS Filter Driver)
0xF793C000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF78BC000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78AC000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78B4000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78A4000 C:\WINDOWS\System32\Drivers\SonyNC.sys 24576 bytes (Sony Corporation, Sony Notebook Control driver)
0xF78EC000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF788C000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78FC000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF796C000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF7904000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7804000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78CC000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78D4000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78C4000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF794C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA9EA0000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7994000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7A5C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA9575000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A78000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9C7C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7998000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xA9DA4000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF798C000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7990000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF624A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A48000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7A4C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A68000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6ABF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA9D50000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF7AB0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AB8000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AAE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A80000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A7C000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AB2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AB4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B28000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xF7AA0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AAA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A7E000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B5C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C59000 C:\WINDOWS\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xF7CBE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BFD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B45000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B44000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x03C10000 Hidden Image-->CSMInterface.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 110592 bytes
0x04520000 Hidden Image-->antlr.runtime.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 118784 bytes
0x037C0000 Hidden Image-->AdvertisingComponent.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 167936 bytes
0x03250000 Hidden Image-->log4net.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 258048 bytes
0x03380000 Hidden Image-->AssetEventScheduler.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 28672 bytes
0x03300000 Hidden Image-->inteldh_csharp.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 28672 bytes
0x03DD0000 Hidden Image-->System.Data.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 2961408 bytes
0x032D0000 Hidden Image-->EMCommon.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 36864 bytes
0x04430000 Hidden Image-->Common.Logging.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 36864 bytes
0x041E0000 Hidden Image-->Downloader.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 45056 bytes
0x04900000 Hidden Image-->WMDMWrapper.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 462848 bytes
0x043A0000 Hidden Image-->Spring.Core.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 503808 bytes
0x04C80000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 507904 bytes
0x010F0000 Hidden Image-->AMS.Profile.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 53248 bytes
0x032A0000 Hidden Image-->CSMRemotable.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 53248 bytes
0x03CF0000 Hidden Image-->VistaDB.NET20.dll [ EPROCESS 0x8577BC88 ] PID: 2188, 757760 bytes

Here is the MBRcheck

MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Merged posts. ~ OB

Edited by Orange Blossom, 27 July 2010 - 11:54 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:25 AM

Posted 28 July 2010 - 12:16 PM

Hi,

If you still need help with this post a fresh dds.txt log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:25 AM

Posted 05 August 2010 - 04:06 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users