Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects and svchost.exe errors


  • This topic is locked This topic is locked
2 replies to this topic

#1 max122

max122

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 04 August 2010 - 01:11 AM

Hi,

I keep getting reditrects using firefox and my av keeps telling me I have a trojan and svchost.exe keeps giving me an error and starting my debugger program. Here are my logs. Any help would be greatly appreciated.

svchost.exe keeps sending several errors saying "an unhandled win32 exception occurred in svchost.exe [3456]." the error number changes.

Thanks in advance.

Max


DDS.txt LOG:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 17:07:44.75 on Tue 08/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.512 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 100803-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Speed Meter Pro\smp.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\7b9iy5f8.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [smp.exe] "c:\program files\pure networks\speed meter pro\smp.exe" -autorun -nosplash
mRun: [InstantBurn] c:\progra~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\update~1.lnk - c:\updateip\UpdateIP.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gwum.lnk - c:\program files\gigabyte\gigabyte windows utility manager\gwum.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvcapt~1.lnk - c:\program files\easy\tv capture\RemoteCtl.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: max-tech.net
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {ED02CA60-0F43-4D43-BEA7-8C5B0FAB512A} = 68.94.156.1,68.94.157.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7b9iy5f8.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\pdfforge toolbar\ff\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}(2)

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-25 114768]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-1-18 15784]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-10-7 61424]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-12 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-11-12 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-25 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-5-25 138680]
R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2003-6-25 266180]
R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2003-6-25 18944]
R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2003-6-25 13308]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2009-1-18 162344]
R2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2009-1-7 23352]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-8-2 6016]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-10-3 598856]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-5-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-5-25 352920]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\gigabyte windows utility manager\MARKFUN.W32 [2008-5-25 8236]
R3 WMIBIOS;%WMIBIOS.ServiceName%;c:\windows\system32\drivers\wmibios.sys [2008-5-25 18272]
R3 WMIINFO;WMIINFO Driver;c:\windows\system32\drivers\wmiinfo.sys [2008-5-25 21184]
S3 ElcomSoftDistributedAgent;Elcomsoft Distributed Agent;c:\program files\elcomsoft\distributed password recovery\esda.exe [2008-10-17 593680]
S3 huadio;huadio;C:\huadio.tmp [2008-5-25 5279]
S3 OlyUsbCam;OLYMPUS USB Camera;c:\windows\system32\drivers\OlyUsbCam.sys [2008-12-20 21952]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
S3 SIWIO;SIWIO;c:\windows\temp\SiwIo.sys [2010-7-16 8704]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-07-29 22:58:52 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-29 22:02:23 0 d-----w- c:\program files\AnVi
2010-07-21 16:56:09 0 d-----w- c:\program files\iPod
2010-07-21 16:54:12 0 d-----w- c:\program files\iTunes
2010-07-10 01:25:37 0 d-----w- c:\program files\Trend Micro
2010-07-09 05:55:02 0 d-----w- c:\program files\Free Window Registry Repair
2010-07-09 03:43:03 0 d-----w- c:\program files\XPMedic

==================== Find3M ====================

2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 16:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 17:09:52.70 ===============


DDS Attach Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/25/2008 2:33:41 AM
System Uptime: 8/1/2010 7:25:40 PM (46 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE1000-G
Processor: Intel® Pentium® 4 CPU 3.00GHz | Socket 478 | 3014/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 54.409 GiB free.
D: is FIXED (NTFS) - 317 GiB total, 24.869 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 37.706 GiB free.
F: is CDROM ()
G: is Removable
I: is CDROM ()
J: is CDROM ()
L: is FIXED (NTFS) - 932 GiB total, 835.707 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP912: 5/4/2010 11:52:16 PM - System Checkpoint
RP913: 5/6/2010 12:44:12 AM - System Checkpoint
RP914: 5/6/2010 2:03:30 PM - Software Distribution Service 3.0
RP915: 5/7/2010 2:55:03 PM - System Checkpoint
RP916: 5/8/2010 3:54:51 PM - System Checkpoint
RP917: 5/9/2010 4:01:45 PM - System Checkpoint
RP918: 5/10/2010 12:52:30 PM - Software Distribution Service 3.0
RP919: 5/11/2010 6:09:34 PM - System Checkpoint
RP920: 5/12/2010 8:42:19 PM - System Checkpoint
RP921: 5/13/2010 3:00:42 AM - Software Distribution Service 3.0
RP922: 5/13/2010 9:14:04 PM - Software Distribution Service 3.0
RP923: 5/14/2010 10:19:16 PM - System Checkpoint
RP924: 5/15/2010 10:50:32 PM - System Checkpoint
RP925: 5/16/2010 11:50:06 PM - System Checkpoint
RP926: 5/17/2010 5:58:53 PM - Software Distribution Service 3.0
RP927: 5/18/2010 6:07:20 PM - System Checkpoint
RP928: 5/19/2010 6:12:56 PM - System Checkpoint
RP929: 5/20/2010 7:49:19 PM - System Checkpoint
RP930: 5/20/2010 8:50:00 PM - Software Distribution Service 3.0
RP931: 5/21/2010 9:44:37 PM - System Checkpoint
RP932: 5/22/2010 9:51:36 PM - System Checkpoint
RP933: 5/23/2010 9:52:45 PM - System Checkpoint
RP934: 5/24/2010 5:22:00 PM - Software Distribution Service 3.0
RP935: 5/25/2010 5:33:46 PM - System Checkpoint
RP936: 5/26/2010 3:00:38 AM - Software Distribution Service 3.0
RP937: 5/27/2010 3:51:21 AM - System Checkpoint
RP938: 5/28/2010 1:47:51 AM - Software Distribution Service 3.0
RP939: 5/29/2010 1:54:35 AM - System Checkpoint
RP940: 5/30/2010 2:09:38 AM - System Checkpoint
RP941: 5/31/2010 2:53:11 AM - System Checkpoint
RP942: 5/31/2010 9:04:16 AM - Software Distribution Service 3.0
RP943: 6/1/2010 10:35:51 AM - System Checkpoint
RP944: 6/2/2010 10:53:33 AM - System Checkpoint
RP945: 6/3/2010 11:54:54 AM - System Checkpoint
RP946: 6/6/2010 12:44:58 PM - System Checkpoint
RP947: 6/9/2010 9:32:53 PM - System Checkpoint
RP948: 6/10/2010 10:09:17 PM - System Checkpoint
RP949: 6/14/2010 6:01:18 PM - System Checkpoint
RP950: 6/14/2010 10:47:50 PM - Removed Logitech QuickCam
RP951: 6/15/2010 12:49:22 PM - Restore Operation
RP952: 6/15/2010 1:18:14 PM - Installed Java™ 6 Update 20
RP953: 6/17/2010 8:08:44 PM - Installed EmailSender
RP954: 6/19/2010 12:51:26 AM - Restore Operation
RP955: 6/19/2010 1:59:52 PM - Restore Operation
RP956: 6/20/2010 10:34:59 PM - System Checkpoint
RP957: 6/21/2010 11:18:00 PM - System Checkpoint
RP958: 6/23/2010 12:25:02 AM - Restore Operation
RP959: 7/2/2010 2:11:00 PM - System Checkpoint
RP960: 7/7/2010 1:42:18 PM - System Checkpoint
RP961: 7/8/2010 1:45:58 PM - System Checkpoint
RP962: 7/9/2010 11:46:21 AM - Restore Operation
RP963: 7/10/2010 11:58:08 AM - System Checkpoint
RP964: 7/19/2010 10:28:00 AM - System Checkpoint
RP965: 7/20/2010 12:35:30 PM - System Checkpoint
RP966: 7/21/2010 12:45:36 PM - System Checkpoint
RP967: 7/22/2010 1:16:59 PM - System Checkpoint
RP968: 7/23/2010 1:52:44 PM - System Checkpoint
RP969: 7/24/2010 2:53:22 PM - System Checkpoint
RP970: 7/28/2010 7:51:30 PM - System Checkpoint
RP971: 7/29/2010 5:49:07 PM - Windows Defender Checkpoint
RP972: 7/29/2010 5:53:48 PM - Restore Operation
RP973: 8/1/2010 8:00:34 PM - System Checkpoint

==== Installed Programs ======================


2600
2600_Help
2600Trb
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8 Professional - English, Franšais, Deutsch
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Age of Empires III
AHV content for Acrobat and Flash
AiO_Scan
AiOSoftware
AMS Photo Effects 2.15
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Art Explosion Label Factory Deluxe
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
Autodesk Design Review 2008
Avanquest update
avast! Antivirus
Bejeweled Deluxe 1.862
Belltech Greeting Card Designer - Extra Templates
Belltech Greeting Card Designer 5.2
Bonjour
BufferChm
Carleton H. Sheets Real Estate ToolKit version 7.0
CCScore
CloneDVD2
CoffeeCup Flash Form Builder
Combo Box
Copy
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
Coupon Printer for Windows
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CuteFTP 8 Professional
CyberLink BD Advisor 2.0
CyberLink DVD Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerDVD Copy
CyberLink PowerProducer
Destinations
Director
Distributed Password Recovery
DocProc
DocumentViewer
DriverAgent by eSupport.com
DriverAgent Plugin for Netscape by TouchStone Software
EditPlus 3
Enable S3 for USB Device
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fax
FlightGear v1.9.1
Free CD to MP3 Converter
Garmin City Navigator North America NT 2010.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Gigabyte Management Tools 2.0
Gigabyte Windows Utility Manager
GlassFish V2.1
GlassFish v3 Prelude
Google Updater
Graphic Workshop Professional 3
HijackThis 2.0.2
Home Inspection Lifeline v1.0.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
InstantShare
iTunes
Jalbum
Java Auto Updater
Java DB 10.4.1.3
Java™ 6 Update 20
Java™ 6 Update 6
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 13
kgcbase
Kodak EasyShare software
Live Search Maps Add-In for Microsoft Office Outlook
Magic ISO Maker v5.4 (build 0239)
magicolor 2200 DeskLaser
Marvell Miniport Driver
MediaCoder 0.6.1
Memeo AutoBackup
Memeo AutoSync
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft XML Parser
Mirage Driver 1.1
mIRC
Mobile Studio
MobileMe Control Panel
Motorola Driver Installation 3.2.0
Motorola Phone Tools
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (2.0.0.24)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nero 8
neroxml
NetBeans IDE 6.5.1
netbrdg
OfotoXMI
OLYMPUS Studio 2
OmniForm Premium 5.0
OpenAL
PanoStandAlone
Parlay Card Designer
PCI SoftV92 Modem
PDF Settings
PDFCreator
pdfforge Toolbar v1.1.2
PhotoGallery
PowerISO
ProductContext
Pure Networks Platform
QFolder
QuickTime
Readme
Realtek AC'97 Audio
Remote Module
ResumeMaker Professional
Ringtone Media Studio
Robot Arena 2
Safari
Scan
ScannerCopy
Screensaver Factory 5 Enterprise
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SFR
SHASTA
skin0001
SkinsHP1
SKINXSDK
SnagIt 9
SolSuite 2009 v9.0
Speed Meter Pro
SpreadsheetConverter
SpreadsheetConverter V5
staticcr
tooltips
TrayApp
TTS Wrapper
TurboCAD Deluxe 14
TurboTax 2008
TurboTax 2008 winiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 winiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TV Capture
Tweak UI
UltraLott Powerball and Mega Millions 1.2.6
UltraVNC v1.0.2
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
VCRedistSetup
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VPRINTOL
Vuze
Vuze Toolbar
WD Diagnostics
WebFldrs XP
WebReg
Window Washer
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/28/2007 2.2.0.0)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
Woofpool 2008
Woofpool 2009
World Championship Poker 2
WYSIWYG Web Builder 4.3.3
WYSIWYG Web Builder 5.5
Xilisoft Video Converter Ultimate
Xvid 1.1.3 final uninstall
Yahoo! BrowserPlus 2.6.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yahoo! Widgets

==== Event Viewer Messages From Past Week ========

8/3/2010 12:04:33 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 10 time(s).
8/3/2010 12:04:33 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 10 time(s).
8/3/2010 12:04:33 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/3/2010 12:01:18 PM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 9 time(s).
8/3/2010 12:01:18 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 9 time(s).
8/3/2010 11:58:03 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 5 time(s).
8/3/2010 11:58:03 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 5 time(s).
8/3/2010 11:58:03 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 8 time(s).
8/3/2010 11:54:48 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 7 time(s).
8/3/2010 11:22:28 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
8/3/2010 11:22:28 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 3 time(s).
8/3/2010 11:22:28 AM, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s).
8/3/2010 11:22:28 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).
8/3/2010 1:07:37 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
8/3/2010 1:07:37 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
8/3/2010 1:07:37 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/3/2010 1:07:37 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
8/2/2010 8:54:14 AM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/2/2010 8:54:14 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/2/2010 8:54:14 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/2/2010 8:54:14 AM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
7/30/2010 8:38:15 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/29/2010 6:04:10 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/29/2010 6:04:10 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/29/2010 5:52:47 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
7/29/2010 5:52:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
7/29/2010 5:52:05 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/29/2010 5:38:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/29/2010 5:36:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/29/2010 5:35:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/29/2010 5:34:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
7/29/2010 5:34:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2010 5:34:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2010 5:34:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2010 5:34:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/29/2010 5:34:58 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2010 6:55:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.
7/28/2010 6:55:09 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2010 6:55:09 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2010 6:34:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
7/28/2010 6:34:03 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2010 6:33:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VNC Server service to connect.
7/28/2010 6:33:14 PM, error: Service Control Manager [7000] - The VNC Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================


Unhooker Log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBFA35000 C:\WINDOWS\System32\ati3duag.dll 1146880 bytes (ATI Technologies Inc. , ati3duag.dll)
0xF5C29000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF5DB8000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 720896 bytes (ATI Technologies Inc., ATI Radeon Miniport Driver)
0xF5B7D000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF5A72000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 630784 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF7688000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9FE3A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF59EC000 C:\WINDOWS\system32\drivers\ALCXSENS.SYS 401408 bytes (Sensaura Ltd, Sensaura WDM 3D Audio Driver)
0xBF9D6000 C:\WINDOWS\System32\ati2dvag.dll 389120 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF5936000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA0129000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9DE33000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9D539000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5D4A000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF5B4B000 C:\WINDOWS\system32\drivers\BT848.sys 204800 bytes
0xF5994000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF77DF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9E176000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF765B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9FEAA000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF5B20000 C:\WINDOWS\system32\DRIVERS\yukonwxp.sys 176128 bytes (Marvell Semiconductor Inc., NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter)
0x9FF1F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x9E94A000 C:\WINDOWS\System32\Drivers\CLBUDF.SYS 159744 bytes (CyberLink Corporation., UDF File System Driver )
0xF7789000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9FE14000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF5A4E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5D80000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5D27000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9FEFD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9DA2A000 C:\Program Files\CyberLink\PowerDVD8\000.fcl 135168 bytes (Cyberlink Corp., FCL Driver)
0x9E971000 C:\WINDOWS\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7751000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77AF000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7641000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7771000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7728000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF59D5000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9E833000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 90112 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0x9D524000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5B0C000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF5DA4000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA0182000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7715000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF773F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF77CE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF59C4000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x9E939000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0x9F69F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF6DD6000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF6E06000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF6DB6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF6DC6000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0x9D66A000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7A7E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF786E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9F6CF000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF6DF6000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF6D96000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF6E16000 C:\WINDOWS\system32\drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF784E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6DA6000 C:\WINDOWS\system32\DRIVERS\dfmirage.sys 49152 bytes (DemoForge, LLC, Mirage Driver)
0xF7A0E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF788E000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xA2D60000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 45056 bytes (ALWIL Software, avast! TDI Filter Driver)
0xA0F1D000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF6DE6000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF783E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6D86000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF782E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A4E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF793E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF785E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF5626000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF79DE000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7A1E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA0F2D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9C52F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF787E000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA0F0D000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7BEE000 C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF5E70000 C:\WINDOWS\system32\drivers\BTTUNER.sys 32768 bytes (Conexant Systems, Inc., BtTuner WDM Tuner Driver)
0xF7C26000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA2772000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xA2752000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF7B36000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7C1E000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7C2E000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7BA6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7AAE000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7B8E000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7B3E000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7AE6000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7BAE000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF7AC6000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7C36000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7C16000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7BE6000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B86000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 20480 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7B56000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xF5E68000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xA277A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AB6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF5EA8000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Pure Networks, Inc., Address Resolution Protocol Driver)
0xF5EA0000 C:\WINDOWS\system32\DRIVERS\pnpcap.sys 20480 bytes (Pure Networks, Inc., Packet Capture Protocol Driver)
0xF7AF6000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF5E98000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Pure Networks, Inc., NDIS Relay Driver)
0xF7AFE000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7AEE000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7BD6000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7B0E000 C:\WINDOWS\System32\Drivers\wmibios.sys 20480 bytes (Gigabyte Technology, Wmibios)
0xF7B06000 C:\WINDOWS\System32\Drivers\wmiinfo.sys 20480 bytes (Gigabyte Technology, Wmiinfo)
0x9E5E3000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0x9F55B000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF761D000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7D02000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9E8F9000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF6586000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9F96A000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C3E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF657E000 C:\WINDOWS\System32\Drivers\CLBStor.SYS 12288 bytes (Cyberlink Co.,Ltd., Cyberlink Storage Helper Driver (WindowsNT5.x))
0x9EA6C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6582000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF6596000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9DF31000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0x9F982000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7CE6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA2F75000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7DD6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D9C000 C:\WINDOWS\system32\drivers\BTXBAR.sys 8192 bytes (Conexant Systems, Inc., BtXBar WDM Crossbar Driver)
0xF7D34000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7DD4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D32000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D2E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DB8000 C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\markfun.w32 8192 bytes (Windows ® 2000 DDK provider, MarkFun Driver Function)
0xF7DE8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DCE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DEA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D90000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D9A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D78000 C:\WINDOWS\System32\Drivers\vnccom.SYS 8192 bytes (RDV Soft, VNC Communication)
0xF7D8E000 C:\WINDOWS\system32\DRIVERS\vncdrv.sys 8192 bytes (RDV Soft, Ultravnc Mirror Driver)
0xF7D30000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E9B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7E19000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7F80000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DF6000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x866EEAEA ?_empty_? 1302 bytes
0x866EEEC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x86786668 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF7771000 WARNING: suspicious driver modification [atapi.sys::0x866EEAEA]
0x05950000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 1077248 bytes
0x058F0000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 126976 bytes
0x03670000 Hidden Image-->System.XML.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 2060288 bytes
0x04A40000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 266240 bytes
0x04790000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 270336 bytes
0x043A0000 Hidden Image-->Interop.NetworkCore.dll [ EPROCESS 0x85E54DA0 ] PID: 456, 282624 bytes
0x05D00000 Hidden Image-->log4net.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 282624 bytes
0x044B0000 Hidden Image-->Interop.PurePCap.dll [ EPROCESS 0x85E54DA0 ] PID: 456, 28672 bytes
0x04420000 Hidden Image-->System.Data.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 2961408 bytes
0x04FE0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 307200 bytes
0x038A0000 Hidden Image-->System.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 3158016 bytes
0x06850000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 421888 bytes
0x035F0000 Hidden Image-->System.configuration.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 438272 bytes
0x01380000 Hidden Image-->Intuit.Spc.Foundations.Portability.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 471040 bytes
0x04880000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 479232 bytes
0x06350000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 479232 bytes
0x05230000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 5033984 bytes
0x012F0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Logging.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 53248 bytes
0x05780000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 634880 bytes
0x03590000 Hidden Image-->Intuit.Spc.Foundations.Primary.ExceptionHandling.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 77824 bytes
0x04350000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x85DF15B8 ] PID: 3108, 778240 bytes
0x035D0000 Hidden Image-->Intuit.Spc.Foundations.Primary.Config.dll [ EPROCESS 0x85DF15B8 ] PID: 3108, 86016 bytes
0x061B0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x85DF15B8 ] PID: 3108, 872448 bytes



MBR Check Log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000b7d

Kernel Drivers (total 151):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7D2E000 \WINDOWS\system32\KDCOM.DLL
0xF7C3E000 \WINDOWS\system32\BOOTVID.dll
0xF77DF000 ACPI.sys
0xF7D30000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF77CE000 pci.sys
0xF782E000 isapnp.sys
0xF7DF6000 pciide.sys
0xF7AAE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7D32000 intelide.sys
0xF783E000 MountMgr.sys
0xF77AF000 ftdisk.sys
0xF7D34000 dmload.sys
0xF7789000 dmio.sys
0xF7AB6000 PartMgr.sys
0xF784E000 VolSnap.sys
0xF7771000 atapi.sys
0xF785E000 disk.sys
0xF786E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7751000 fltmgr.sys
0xF773F000 sr.sys
0xF787E000 PxHelp20.sys
0xF7728000 KSecDD.sys
0xF7715000 WudfPf.sys
0xF7688000 Ntfs.sys
0xF765B000 NDIS.sys
0xF7641000 Mup.sys
0xF788E000 agp440.sys
0xF79DE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5DB8000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5DA4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7C16000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5D80000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7C1E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5D4A000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF5D27000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5C29000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF5B7D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7C26000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5B4B000 \SystemRoot\system32\drivers\BT848.sys
0xF6E16000 \SystemRoot\system32\drivers\STREAM.SYS
0xF5B20000 \SystemRoot\system32\DRIVERS\yukonwxp.sys
0xF7C2E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6E06000 \SystemRoot\system32\DRIVERS\serial.sys
0xF6586000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5B0C000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6DF6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7C36000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AC6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6582000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF6DE6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF657E000 \SystemRoot\System32\Drivers\CLBStor.SYS
0xF6DD6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6DC6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7AE6000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF5A72000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF5A4E000 \SystemRoot\system32\drivers\portcls.sys
0xF6DB6000 \SystemRoot\system32\drivers\drmk.sys
0xF59EC000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xF6DA6000 \SystemRoot\system32\DRIVERS\dfmirage.sys
0xF7D8E000 \SystemRoot\system32\DRIVERS\vncdrv.sys
0xF7E9B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6D96000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7CE6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF59D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6D86000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7A0E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7AEE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF59C4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7A1E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7AF6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7AFE000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5994000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF793E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D90000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5936000 \SystemRoot\system32\DRIVERS\update.sys
0xF7D02000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7B06000 \SystemRoot\System32\Drivers\wmiinfo.sys
0xF7B0E000 \SystemRoot\System32\Drivers\wmibios.sys
0xF7A4E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A7E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D9A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF761D000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF5E70000 \SystemRoot\system32\drivers\BTTUNER.sys
0xF7D9C000 \SystemRoot\system32\drivers\BTXBAR.sys
0xF5E68000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF6596000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF5626000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7BA6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7DD4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F80000 \SystemRoot\System32\Drivers\Null.SYS
0xF7DD6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7BE6000 \SystemRoot\System32\drivers\vga.sys
0xF7DE8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7DEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA277A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA2772000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA2F75000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA0182000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA0129000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2D60000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x9FF1F000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9FEFD000 \SystemRoot\System32\drivers\afd.sys
0xA0F2D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA2752000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x9FEAA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9FE3A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0F1D000 \SystemRoot\System32\Drivers\Fips.SYS
0x9FE14000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA0F0D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7B36000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7B3E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9F982000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7B56000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x9E971000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF7B86000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0x9F96A000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7B8E000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7BAE000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0x9F6CF000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0x9F69F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9F55B000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9EA6C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7BD6000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xF7E19000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
0xBFA35000 \SystemRoot\System32\ati3duag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7BEE000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0x9E94A000 \SystemRoot\System32\Drivers\CLBUDF.SYS
0x9E939000 \SystemRoot\System32\Drivers\Udfs.SYS
0x9E8F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF5EA8000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xF5EA0000 \SystemRoot\system32\DRIVERS\pnpcap.sys
0xF5E98000 \SystemRoot\system32\DRIVERS\purendis.sys
0x9E833000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x9E176000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7DCE000 \SystemRoot\System32\Drivers\ParVdm.SYS
0x9DF31000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9DE33000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7D78000 \SystemRoot\System32\Drivers\vnccom.SYS
0x9DA2A000 \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
0xF7DB8000 \??\C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\markfun.w32
0x9D539000 \SystemRoot\System32\Drivers\HTTP.sys
0x9E5E3000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x9D524000 \SystemRoot\system32\drivers\wdmaud.sys
0x9D66A000 \SystemRoot\system32\drivers\sysaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
660 C:\WINDOWS\system32\smss.exe
708 csrss.exe
732 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
792 C:\WINDOWS\system32\lsass.exe
976 C:\WINDOWS\system32\ati2evxx.exe
996 C:\WINDOWS\system32\svchost.exe
1084 svchost.exe
1176 C:\Program Files\Windows Defender\MsMpEng.exe
1276 C:\WINDOWS\system32\svchost.exe
1544 svchost.exe
1700 svchost.exe
1772 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1828 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1852 C:\WINDOWS\system32\ati2evxx.exe
1948 C:\WINDOWS\explorer.exe
308 C:\WINDOWS\SOUNDMAN.EXE
316 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
324 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
344 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
348 C:\Program Files\Windows Defender\MSASCui.exe
368 C:\Program Files\PowerISO\PWRISOVM.EXE
448 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
456 C:\Program Files\Pure Networks\Speed Meter Pro\smp.exe
468 C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
476 C:\Program Files\Common Files\Java\Java Update\jusched.exe
492 C:\Program Files\iTunes\iTunesHelper.exe
500 C:\WINDOWS\system32\ctfmon.exe
512 C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
516 C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
528 C:\Program Files\Easy\TV Capture\RemoteCtl.exe
548 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
1388 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
1656 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
1728 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
1860 C:\Program Files\TechSmith\SnagIt 9\TscHelp.exe
1712 C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
2092 C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
2560 C:\WINDOWS\system32\spoolsv.exe
2704 C:\Program Files\TechSmith\SnagIt 9\SnagItEditor.exe
2760 svchost.exe
2816 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2840 C:\Program Files\Application Updater\ApplicationUpdater.exe
2892 C:\Program Files\AskBarDis\bar\bin\AskService.exe
2928 C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
3108 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3544 C:\Program Files\Java\jre6\bin\jqs.exe
3684 sqlservr.exe
3768 C:\WINDOWS\system32\HPZipm12.exe
3804 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
3940 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3988 sqlbrowser.exe
4072 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1968 C:\WINDOWS\system32\svchost.exe
1372 C:\Program Files\UltraVNC\winvnc.exe
1584 C:\Program Files\Webroot\Washer\WasherSvc.exe
2208 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2604 C:\WINDOWS\system32\fxssvc.exe
1564 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3316 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
4132 C:\Program Files\iPod\bin\iPodService.exe
4456 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
4528 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
4940 alg.exe
5908 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
4220 C:\WINDOWS\system32\svchost.exe
2660 wmiprvse.exe
4952 C:\WINDOWS\system32\notepad.exe
5504 C:\Documents and Settings\Administrator\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x0000004f`4410da00 (NTFS)
\\.\L: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200JD-00HBB0, Rev: 08.02D08
PhysicalDrive1 Model Number: WDCWD5000YS-01MPB0, Rev: 07.02E07
PhysicalDrive2 Model Number: WD10EAVS External, Rev: 1.65

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
931 GB \\.\PhysicalDrive2 RE: Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!



Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:08:41 AM, on 8/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Speed Meter Pro\smp.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7b9iy5f8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll (file missing)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [smp.exe] "C:\Program Files\Pure Networks\Speed Meter Pro\smp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Update IP.lnk = C:\UpdateIP\UpdateIP.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.intuit.com
O15 - Trusted Zone: *.max-tech.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED02CA60-0F43-4D43-BEA7-8C5B0FAB512A}: NameServer = 68.94.156.1,68.94.157.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Elcomsoft Distributed Agent (ElcomSoftDistributedAgent) - Elcomsoft Co. Ltd. - C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12195 bytes


Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:41 AM

Posted 12 August 2010 - 12:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:41 AM

Posted 20 August 2010 - 03:20 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users