1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Desktop Hijacked, blue background stating system infected

Discussion in 'Malware and Virus Removal Archive' started by wisserd, 2011/02/19.

  1. 2011/02/19
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    [Resolved] Desktop Hijacked, blue background stating system infected

    HI all
    It started when I reinstalled Java. I deleated old version of Java, turned off webroot and reinstalled java, turned webroot back on, a few minutes latter a window in the toolbar popped up and said to run your antivirus the file WRConsumerservice.exe is infected. Then the desktop background turned blue and at the top of the desktop it said your system is infected, then it went to a blue screen, I can't remember what it said on the blue screen, it filled the whole window. I hit the reset button and rebooted in safe mode. Ran webroot, it found fakealert.gen, rebooted and same desktop. Back to safe mode, ran IObit Security 360 it's log file :

    IObit Security 360

    OS:Windows XP
    Version:1.6.0.2
    Define Version:2413
    Time Elapsed:01:11:52
    Objects Scanned:85848
    Threats Found:8

    |Name|Type|Description|ID|
    180 Solutions.nCase - Quarantined, File, C:\WINDOWS\SoftwareDistribution\Download\c268348752498f57ff1128ae6a23c4f1\wgatray.exe, 9-59256
    Trojan.Agent - Quarantined, File, C:\Program Files\Common Files\Roxio Shared\Photo\PS4SendEmail.dll, 11-21084
    Spyware.Password - Quarantined, File, D:\Program Files\Graphics\I_VIEW\Plugins\Formats.dll, 11-30358
    Spyware.Password - Quarantined, File, D:\Program Files\Graphics\I_VIEW\Plugins\JPEG2000.dll, 11-32985
    Spyware.Password - Quarantined, File, D:\Program Files\Graphics\I_VIEW\Plugins\Mng.dll, 11-30792
    Trojan.Optix - Quarantined, File, D:\Program Files\Graphics\I_VIEW\Plugins\Ncc.dll, 11-22207
    Spyware.Password - Quarantined, File, D:\Program Files\Graphics\I_VIEW\Plugins\Nero.dll, 11-29150
    180 Solutions.nCase - Quarantined, File, I:\WINDOWS\SoftwareDistribution\Download\c268348752498f57ff1128ae6a23c4f1\wgatray.exe, 9-59256

    Rebooted, same desktop blue background, I rebooted back to safe mode. Then I found your site. Ran Malwarebytes then it rebooted and desktop was back to normal, blue screen was gone. Followed the rest of your steps. Is it all gone and safe, or do I call the bank and credit cards and change password? Here are the 5 logs.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5815

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    2/19/2011 8:21:09 PM
    mbam-log-2011-02-19 (20-21-09).txt

    Scan type: Quick scan
    Objects scanned: 150374
    Time elapsed: 2 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jKiBgGn01848 (Spyware.Zbot) -> Value: jKiBgGn01848 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\jkibggn01848\jkibggn01848.exe (Spyware.Zbot) -> Quarantined and deleted successfully.



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-02-19 20:46:23
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800JB-00ETA0 rev.77.07W77
    Running: 5grr9dnl.exe; Driver: C:\DOCUME~1\Wizard\LOCALS~1\Temp\fgtdypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwAdjustPrivilegesToken [0xF69806B0]
    SSDT 82FAE2E8 ZwAllocateVirtualMemory
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwConnectPort [0xF6980BB0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateFile [0xF697F510]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateKey [0xF6980370]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreatePort [0xF6980F10]
    SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xF6A546DC]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateProcessEx [0xF6981870]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateSection [0xF6981170]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateThread [0xF6981470]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDebugActiveProcess [0xF697FE80]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteKey [0xF697E080]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteValueKey [0xF697E1E0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeviceIoControlFile [0xF697FF80]
    SSDT spvp.sys ZwEnumerateKey [0xF84B3CA4]
    SSDT spvp.sys ZwEnumerateValueKey [0xF84B4032]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenFile [0xF697F7A0]
    SSDT spvp.sys ZwOpenKey [0xF84950C0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenProcess [0xF697E3A0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenSection [0xF697FA10]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenThread [0xF6980570]
    SSDT spvp.sys ZwQueryKey [0xF84B410A]
    SSDT spvp.sys ZwQueryValueKey [0xF84B3F8A]
    SSDT 82FED250 ZwQueueApcThread
    SSDT 82FE6020 ZwReadVirtualMemory
    SSDT 82FD7190 ZwRenameKey
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwResumeThread [0xF697E610]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSecureConnectPort [0xF6980D60]
    SSDT 82FCB1A8 ZwSetContextThread
    SSDT 82FE0E38 ZwSetInformationKey
    SSDT 82FAC308 ZwSetInformationProcess
    SSDT 82F43178 ZwSetInformationThread
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSetValueKey [0xF697DEE0]
    SSDT 82FC2940 ZwSuspendProcess
    SSDT 82F44780 ZwSuspendThread
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateProcess [0xF697DDD0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateThread [0xF697E4F0]
    SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xF6A53374]

    INT 0x62 ? 82F6FBF8
    INT 0x82 ? 82F6FBF8
    INT 0x83 ? 82FDFBF8
    INT 0xB4 ? 82A2CF00
    INT 0xB4 ? 82A2CF00
    INT 0xB4 ? 82A2CF00
    INT 0xB4 ? 82A2CF00
    INT 0xB4 ? 82A2CF00
    INT 0xB4 ? 82A2CF00

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 90 804E26FC 4 Bytes CALL 69D121E3
    .text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [10, 0F, 98, F6, DC, 46, A5, ...]
    .text ntoskrnl.exe!_abnormal_termination + 445 804E2AB1 3 Bytes [47, F4, 82]
    ? cskwcaum.sys The system cannot find the file specified. !
    ? spvp.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7E0B360, 0x24BB1D, 0xE8000020]
    .text USBPORT.SYS!DllUnload F7DC962C 5 Bytes JMP 82A2C4E0
    .text ajntbvl8.SYS F6863386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text ajntbvl8.SYS F68633AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ajntbvl8.SYS F68633C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text ajntbvl8.SYS F68633C9 1 Byte [30]
    .text ajntbvl8.SYS F68633C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text I:\downloads\5grr9dnl.exe[240] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text I:\downloads\5grr9dnl.exe[240] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text I:\downloads\5grr9dnl.exe[240] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text I:\downloads\5grr9dnl.exe[240] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text I:\downloads\5grr9dnl.exe[240] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C30001
    .text I:\downloads\5grr9dnl.exe[240] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text I:\downloads\5grr9dnl.exe[240] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text I:\downloads\5grr9dnl.exe[240] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text I:\downloads\5grr9dnl.exe[240] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text I:\downloads\5grr9dnl.exe[240] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text I:\downloads\5grr9dnl.exe[240] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
    .text I:\downloads\5grr9dnl.exe[240] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 02450001
    .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\Explorer.EXE[1260] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[1260] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00F60001
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1732] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\rundll32.exe[1764] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\rundll32.exe[1764] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\rundll32.exe[1764] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\rundll32.exe[1764] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\rundll32.exe[1764] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00F00001
    .text C:\WINDOWS\system32\rundll32.exe[1764] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\rundll32.exe[1764] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\system32\rundll32.exe[1764] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\rundll32.exe[1764] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\rundll32.exe[1764] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\rundll32.exe[1764] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\system32\rundll32.exe[1764] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E30001
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Analog Devices\SoundMAX\SMTray.exe[1768] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E20001
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe[1804] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00D00001
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Lexmark X74-X75\lxbbbmon.exe[1824] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 010D0001
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1848] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\ctfmon.exe[1912] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00D80001
    .text C:\WINDOWS\system32\ctfmon.exe[1912] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[1912] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\system32\ctfmon.exe[1912] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82FDF2D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F84C6C4C] spvp.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84C6CA0] spvp.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8496042] spvp.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F849613E] spvp.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84960C0] spvp.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8496800] spvp.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84966D6] spvp.sys
    IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82A2C5E0
    IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84A5E9C] spvp.sys
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 82FDDF30
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 82FDDFA8
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 82FDDFA8
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 82FDDF30
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 82FDDF30
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 82FDDFA8
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 82FDDFA8
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 82FDDF30
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 82FDDFA8
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 82FDDF30
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 82FDDFA8
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlInitUnicodeString] 00021083
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!swprintf] 01B05E00
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeSetEvent] 5DE58B5B
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 7E8366C3
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 0F740028
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 89320C8D
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0002288B
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 66D00328
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmUnmapIoSpace] 002A7E83
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 0C8D1574
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IofCompleteRequest] 248B8932
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 0F000002
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IofCallDriver] 832A46B7
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmAllocateMappingAddress] E08303C0
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 66D003FC
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoConnectInterrupt] 002C7E83
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoDetachDevice] 0C8D1E74
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeWaitForSingleObject] 208B8932
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeInitializeEvent] 8A000002
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 83880846
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlInitAnsiString] 000001C0
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 2C4EB70F
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoQueueWorkItem] 8303C183
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmMapIoSpace] D103FCE1
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2E7E8366
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8D1C7400
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoReportResourceForDetection] 83893204
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000218
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2E4EB70F
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!PoRequestPowerIrp] 021C8B89
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] B70F0000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0C12E46
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!sprintf] 03D00304
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0CB389F2
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ObfDereferenceObject] 80000002
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0975013E
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 1B42E853
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ZwClose] C4830000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] B05E5F04
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] E58B5B01
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CCCCC35D
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!PoStartNextPowerIrp] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!PoCallDriver] 53EC8B55
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoCreateDevice] 08758B56
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0214BE83
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 57000000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ZwOpenKey] 45C60674
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 1EEB010B
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoStartTimer] 020C868B
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeInitializeTimer] C0850000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoInitializeTimer] 808A1074
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeInitializeDpc] 00000804
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeInitializeSpinLock] A03CF024
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoInitializeIrp] 0B45950F
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ZwCreateKey] 45C604EB
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 458A000B
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 88C0840B
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ZwSetValueKey] 840F0946
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000C1
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 14B30E8B
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoStartPacket] 1C8286C6
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 88010000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C859E
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoFreeMdl] A19E8800
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmUnlockPages] C600001C
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001C8686
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 86C60100
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00001CA2
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 70518B01
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8D52006A
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoStartNextPacket] 001C8886
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeBugCheckEx] 55E85000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 8B000023
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeSetTimer] 70518B0E
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeCancelTimer] 8D52016A
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!_allmul] 001CA486
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmProbeAndLockPages] 41E85000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!_except_handler3] 8B000023
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!PoSetPowerState] 18C4830E
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 1C8D9E88
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 9E880000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!_aulldiv] 00001CA9
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!strstr] 0E798366
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!_strupr] 74AAB000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeQuerySystemTime] 8186C636
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 1A00001C
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!KeTickCount] 1C8386C6
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] C6020000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoDeleteDevice] 001C8E86
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 86C60200
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00001CAA
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoAllocateIrp] 959E8802
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoAllocateMdl] 8800001C
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB19E
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmLockPagableDataSection] 96868800
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8800001C
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CB286
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!ExFreePoolWithTag] C61AEB00
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoFreeIrp] 001C8186
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!IoFreeWorkItem] 86C61200
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!InitSafeBootMode] 00001C83
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlCompareMemory] 8E868801
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 8800001C
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!memmove] 001CAA86
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[ntoskrnl.exe!MmHighestUserAddress] 80968B00
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!KeGetCurrentIrql] 89000001
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!KfRaiseIrql] 0001BC83
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!KfLowerIrql] 24468B00
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!READ_PORT_USHORT] 83660000
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
    IAT \SystemRoot\System32\Drivers\ajntbvl8.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
     
  2. 2011/02/19
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    Desktop Hijacked, blue background stating system infected

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 82B78500

    AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

    Device \FileSystem\Fastfat \FatCdrom 82FDB1F8
    Device \FileSystem\Udfs \UdfsCdRom 82950500
    Device \FileSystem\Udfs \UdfsCdRom BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software)
    Device \FileSystem\Udfs \UdfsDisk 82950500
    Device \FileSystem\Udfs \UdfsDisk BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software)
    Device \Driver\Tcpip \Device\Ip 82AB5100
    Device \Driver\Tcpip \Device\Ip 82D6DE90
    Device \Driver\Tcpip \Device\Ip 82B97BB8
    Device \Driver\Tcpip \Device\Ip 82C9C738

    AttachedDevice \Driver\Tcpip \Device\Ip pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

    Device \Driver\sptd \Device\3397252648 spvp.sys
    Device \Driver\usbuhci \Device\USBPDO-0 82A2B500
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 82FDD1F8
    Device \Driver\dmio \Device\DmControl\DmConfig 82FDD1F8
    Device \Driver\dmio \Device\DmControl\DmPnP 82FDD1F8
    Device \Driver\dmio \Device\DmControl\DmInfo 82FDD1F8
    Device \Driver\usbuhci \Device\USBPDO-1 82A2B500
    Device \Driver\usbuhci \Device\USBPDO-2 82A2B500
    Device \Driver\usbuhci \Device\USBPDO-3 82A2B500
    Device \Driver\usbehci \Device\USBPDO-4 829561F8
    Device \Driver\Tcpip \Device\Tcp 82AB5100
    Device \Driver\Tcpip \Device\Tcp 82D6DE90
    Device \Driver\Tcpip \Device\Tcp 82B97BB8
    Device \Driver\Tcpip \Device\Tcp 82C9C738

    AttachedDevice \Driver\Tcpip \Device\Tcp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 82F701F8
    Device \Driver\PCI_PNP7648 \Device\00000058 spvp.sys
    Device \Driver\Ftdisk \Device\HarddiskVolume2 82F701F8
    Device \Driver\Cdrom \Device\CdRom0 82A31500
    Device \Driver\atapi \Device\Ide\IdePort0 82F6F1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82F6F1F8
    Device \Driver\atapi \Device\Ide\IdePort1 82F6F1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82F6F1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 82F6F1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 82F6F1F8
    Device \Driver\Cdrom \Device\CdRom1 82A31500
    Device \Driver\Ftdisk \Device\HarddiskVolume3 82F701F8
    Device \Driver\Cdrom \Device\CdRom2 82A31500
    Device \Driver\Ftdisk \Device\HarddiskVolume4 82F701F8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 82F701F8
    Device \Driver\Ftdisk \Device\HarddiskVolume6 82F701F8
    Device \Driver\Ftdisk \Device\HarddiskVolume7 82F701F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 82B95500
    Device \Driver\NetBT \Device\NetbiosSmb 82B95500
    Device \Driver\Tcpip \Device\Udp 82AB5100
    Device \Driver\Tcpip \Device\Udp 82D6DE90
    Device \Driver\Tcpip \Device\Udp 82B97BB8
    Device \Driver\Tcpip \Device\Udp 82C9C738

    AttachedDevice \Driver\Tcpip \Device\Udp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

    Device \Driver\Tcpip \Device\RawIp 82AB5100
    Device \Driver\Tcpip \Device\RawIp 82D6DE90
    Device \Driver\Tcpip \Device\RawIp 82B97BB8
    Device \Driver\Tcpip \Device\RawIp 82C9C738

    AttachedDevice \Driver\Tcpip \Device\RawIp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

    Device \Driver\usbuhci \Device\USBFDO-0 82A2B500
    Device \Driver\usbuhci \Device\USBFDO-1 82A2B500
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82A73500
    Device \Driver\Tcpip \Device\IPMULTICAST 82AB5100
    Device \Driver\Tcpip \Device\IPMULTICAST 82D6DE90
    Device \Driver\Tcpip \Device\IPMULTICAST 82B97BB8
    Device \Driver\Tcpip \Device\IPMULTICAST 82C9C738
    Device \Driver\usbuhci \Device\USBFDO-2 82A2B500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 82A73500
    Device \Driver\usbuhci \Device\USBFDO-3 82A2B500
    Device \Driver\usbehci \Device\USBFDO-4 829561F8
    Device \Driver\Ftdisk \Device\FtControl 82F701F8
    Device \Driver\viasraid \Device\Scsi\viasraid1 82FDC1F8
    Device \Driver\ajntbvl8 \Device\Scsi\ajntbvl81Port3Path0Target0Lun0 82C621F8
    Device \Driver\ajntbvl8 \Device\Scsi\ajntbvl81 82C621F8
    Device \FileSystem\Fastfat \Fat 82FDB1F8

    AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

    Device \FileSystem\Cdfs \Cdfs 82A6B1F8
    Device \FileSystem\Cdfs \Cdfs BsUDF.SYS (UDF File System Driver (WindowsXP)/ahead software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DTL\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0x9B 0xD5 0xA3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0x9E 0xA9 0xFD ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD2 0xDC 0x1A 0xBB ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\DTL\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0x9B 0xD5 0xA3 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0x9E 0xA9 0xFD ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD2 0xDC 0x1A 0xBB ...

    ---- EOF - GMER 1.0.15 ----


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x00000ffd

    Kernel Drivers (total 138):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EC000 \WINDOWS\system32\hal.dll
    0xF8AB6000 \WINDOWS\system32\KDCOM.DLL
    0xF89C6000 \WINDOWS\system32\BOOTVID.dll
    0xF85B6000 cskwcaum.sys
    0xF8494000 spvp.sys
    0xF8AB8000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF847C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF844E000 ACPI.sys
    0xF843D000 pci.sys
    0xF85C6000 isapnp.sys
    0xF85D6000 sshrmd.sys
    0xF85E6000 ssfs0bbc.sys
    0xF840F000 ssidrv.sys
    0xF83E2000 \WINDOWS\system32\DRIVERS\NDIS.SYS
    0xF8836000 \WINDOWS\system32\DRIVERS\TDI.SYS
    0xF8ABA000 viaide.sys
    0xF883E000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF85F6000 MountMgr.sys
    0xF83C3000 ftdisk.sys
    0xF8ABC000 dmload.sys
    0xF839D000 dmio.sys
    0xF8846000 PartMgr.sys
    0xF8606000 VolSnap.sys
    0xF8385000 atapi.sys
    0xF8372000 viasraid.sys
    0xF8616000 disk.sys
    0xF8626000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF8352000 fltmgr.sys
    0xF8340000 sr.sys
    0xF89CA000 bsstor.sys
    0xF8636000 PxHelp20.sys
    0xF831D000 Fastfat.sys
    0xF8306000 KSecDD.sys
    0xF884E000 viaagp1.sys
    0xF82EB000 Mup.sys
    0xF8A6A000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0xF8676000 \SystemRoot\System32\DRIVERS\amdk7.sys
    0xF7E0B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF7DF7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8686000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF8696000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF86A6000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF7DD4000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF8ABE000 \SystemRoot\System32\Drivers\incdrm.SYS
    0xF886E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF7DB1000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF8876000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF887E000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF7D93000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF86B6000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF8A76000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF86C6000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF8886000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF8A7A000 \SystemRoot\System32\DRIVERS\gameenum.sys
    0xF7D05000 \SystemRoot\system32\drivers\smwdm.sys
    0xF7CE1000 \SystemRoot\system32\drivers\portcls.sys
    0xF86D6000 \SystemRoot\system32\drivers\drmk.sys
    0xF8AC0000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF8A7E000 \SystemRoot\System32\DRIVERS\usbscan.sys
    0xF8AC2000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF8BCB000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF86E6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF8A82000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF7CCA000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF86F6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF8706000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF7C19000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF8716000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF888E000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF8896000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF8726000 \SystemRoot\system32\DRIVERS\bthmodem.sys
    0xF7BE8000 \SystemRoot\System32\DRIVERS\rdpdr.sys
    0xF8736000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF889E000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF8AC4000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF7B8C000 \SystemRoot\System32\DRIVERS\update.sys
    0xF8A92000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF8746000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF8756000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF88A6000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xF6A50000 \SystemRoot\system32\drivers\iksysflt.sys
    0xF8776000 \SystemRoot\system32\drivers\KCOM.SYS
    0xF6A39000 \SystemRoot\system32\drivers\iksyssec.sys
    0xF8786000 \SystemRoot\system32\drivers\ikfilesec.SYS
    0xF8AC6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8C0B000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8AC8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF8BC7000 \SystemRoot\System32\DRIVERS\AvgAsCln.sys
    0xF88BE000 \SystemRoot\System32\drivers\vga.sys
    0xF8ACA000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8ACC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF88C6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF88CE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF82B7000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xF6A06000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xF69AE000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xF6971000 \SystemRoot\system32\drivers\pwipf6.sys
    0xF6950000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF8796000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xF6928000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xF689B000 \SystemRoot\System32\Drivers\Ntfs.SYS
    0xF6863000 \SystemRoot\System32\Drivers\ajntbvl8.SYS
    0xF6841000 \SystemRoot\System32\drivers\afd.sys
    0xF87A6000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xF893E000 \??\D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS
    0xF6776000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xF6707000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF87C6000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF87E6000 \SystemRoot\System32\Drivers\LHidUsb.Sys
    0xF87F6000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
    0xF8946000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
    0xF894E000 \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
    0xF7BE0000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF8806000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
    0xF8816000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF7BCC000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF8956000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF821F000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xB9D32000 \SystemRoot\System32\Drivers\BsUDF.SYS
    0xB9D21000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xF8AE2000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys
    0xB98BD000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xF8AFE000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB9880000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB9A81000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB9430000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
    0xB947A000 \SystemRoot\System32\DRIVERS\secdrv.sys
    0xF898E000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
    0xB90CF000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF8B22000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
    0xB8E84000 \??\C:\DOCUME~1\Wizard\LOCALS~1\Temp\fgtdypow.sys
    0xB8C9E000 \SystemRoot\system32\drivers\kmixer.sys
    0xB974A000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
    0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 45):
    0 System Idle Process
    4 System
    416 C:\WINDOWS\System32\SMSS.EXE
    488 C:\WINDOWS\System32\CSRSS.EXE
    516 C:\WINDOWS\System32\WINLOGON.EXE
    560 C:\WINDOWS\System32\SERVICES.EXE
    572 C:\WINDOWS\System32\LSASS.EXE
    716 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    828 C:\WINDOWS\System32\SVCHOST.EXE
    896 C:\WINDOWS\System32\SVCHOST.EXE
    928 C:\WINDOWS\System32\SVCHOST.EXE
    984 C:\WINDOWS\System32\SVCHOST.EXE
    1132 C:\WINDOWS\System32\SVCHOST.EXE
    1212 C:\WINDOWS\System32\SVCHOST.EXE
    1260 C:\WINDOWS\EXPLORER.EXE
    1300 C:\WINDOWS\System32\LEXBCES.EXE
    1348 C:\WINDOWS\System32\SPOOLSV.EXE
    1376 C:\WINDOWS\System32\LEXPPS.EXE
    1556 C:\WINDOWS\System32\SVCHOST.EXE
    1732 C:\WINDOWS\System32\RUNDLL32.EXE
    1764 C:\WINDOWS\System32\RUNDLL32.EXE
    1768 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    1804 C:\Program Files\Lexmark X74-X75\LXBBBMGR.EXE
    1816 D:\Program Files\IObit\IObit Security 360\is360tray.exe
    1824 C:\Program Files\Lexmark X74-X75\LXBBBMON.EXE
    1844 C:\WINDOWS\System32\CTSVCCDA.EXE
    1848 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
    1908 D:\Program Files\IObit\IObit Security 360\is360srv.exe
    1912 C:\WINDOWS\System32\CTFMON.EXE
    1932 D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    180 D:\Program Files\Java\bin\jqs.exe
    276 C:\WINDOWS\System32\NVSVC32.EXE
    360 C:\WINDOWS\System32\TCPSVCS.EXE
    352 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    448 C:\WINDOWS\System32\SVCHOST.EXE
    476 D:\PROGRA~1\VCOM\MXTASK.exe
    952 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    2572 C:\WINDOWS\System32\ALG.EXE
    2596 D:\PROGRA~1\VCOM\MXTASK.exe
    3500 C:\WINDOWS\System32\SVCHOST.EXE
    1580 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    2252 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
    2712 D:\Program Files\Mozilla Firefox\firefox.exe
    3176 D:\Program Files\IObit\IObit Security 360\is360.exe
    3720 I:\downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000003`4bbf7000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000007`b0e7de00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x0000000c`d1584800 (NTFS)
    \\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)
    \\.\J: --> \\.\PhysicalDrive1 at offset 0x00000002`ee1b7200 (FAT32)
    \\.\K: --> \\.\PhysicalDrive1 at offset 0x00000006`ad8e3c00 (FAT32)

    PhysicalDrive0 Model Number: WDCWD800JB-00ETA0, Rev: 77.07W77
    PhysicalDrive1 Model Number: Maxtor4D040H2, Rev: DAH017K0

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    38 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
    DDS (Ver_10-12-12.02) - FAT32x86
    Run by Wizard at 20:57:37.40 on Sat 02/19/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.68 [GMT -6:00]

    AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: Webroot Internet Security Essentials *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
    FW: Webroot Internet Security Essentials *Enabled*
    FW: Norton Internet Security *Enabled*

    ============== Running Processes ===============

    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    D:\Program Files\IObit\IObit Security 360\IS360tray.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    d:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    D:\Program Files\Java\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    D:\PROGRA~1\VCOM\MXTask.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\WINDOWS\System32\alg.exe
    D:\PROGRA~1\VCOM\mxtask.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\IObit\IObit Security 360\is360.exe
    C:\WINDOWS\explorer.exe
    I:\downloads\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL =
    uDefault_Search_URL =
    mWindow Title =
    uInternet Settings,ProxyOverride = <local>;*.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\scanne~1\spybot~1\SDHelper.dll
    BHO: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe "
    uRun: [Advanced SystemCare 3] "d:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] "nwiz.exe" /install
    mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [smapp] "c:\program files\analog devices\soundmax\SMTray.exe "
    mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe "
    mRun: [IObit Security 360] "d:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
    mRunServices: [LoadPowerProfile] "Rundll32.exe" powrprof.dll,LoadCurrentPwrScheme
    dRunOnce: [RunNarrator] Narrator.exe
    uPolicies-explorer: NoThemesTab = 0 (0x0)
    uPolicies-explorer: EditLevel = 0 (0x0)
    uPolicies-explorer: NoCommonGroups = 0 (0x0)
    uPolicies-system: NoColorChoice = 0 (0x0)
    uPolicies-system: NoSizeChoice = 0 (0x0)
    uPolicies-system: NoVisualStyleChoice = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    IE:
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Search - ?p=ZUfox000
    IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: Copy to &Lightning Note - d:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
    IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\scanne~1\spybot~1\SDHelper.dll
    DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: HookRC Class: {a5780613-492e-4a2a-a7fd-549610edf6cc} - d:\program files\vcom\recovery commander\RCHOOK.DLL
    SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No File
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\scanners cleaners\suuperantispyware\SASSEH.DLL
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    LSA: Notification Packages = scecli scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\wizard\applic~1\mozilla\firefox\profiles\b31ksli6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Swagbucks.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&apn_uid=88113D2C-9C4D-413C-B749-49F7900488AA&apn_ptnrs=W5&apn_sauid=5A847347-1B88-4438-B050-4EF2671D8261&apn_dtid=YYYYYYYYUS&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\wizard\application data\mozilla\firefox\profiles\b31ksli6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\wizard\application data\mozilla\firefox\profiles\b31ksli6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\wizard\application data\mozilla\firefox\profiles\b31ksli6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: d:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
    FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
    FF - plugin: d:\program files\java\bin\new_plugin\npdeployJava1.dll
    FF - plugin: d:\program files\java\bin\new_plugin\npjp2.dll
    FF - plugin: d:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: d:\program files\mozilla firefox\plugins\nppl3260.dll
    FF - plugin: d:\program files\mozilla firefox\plugins\nprjplug.dll
    FF - plugin: d:\program files\mozilla firefox\plugins\nprpjplug.dll
    FF - plugin: d:\program files\netscape6\nppl3260.dll
    FF - plugin: d:\program files\netscape6\nprjplug.dll
    FF - plugin: d:\program files\netscape6\nprpjplug.dll
    FF - plugin: d:\program files\opera\program\plugins\np32dsw.dll
    FF - plugin: d:\program files\opera\program\plugins\npdrmv2.dll
    FF - plugin: d:\program files\opera\program\plugins\npdsplay.dll
    FF - plugin: d:\program files\opera\program\plugins\NPJPI141_07.dll
    FF - plugin: d:\program files\opera\program\plugins\NPMetaStream3.dll
    FF - plugin: d:\program files\opera\program\plugins\npqtplugin.dll
    FF - plugin: d:\program files\opera\program\plugins\npqtplugin2.dll
    FF - plugin: d:\program files\opera\program\plugins\npqtplugin3.dll
    FF - plugin: d:\program files\opera\program\plugins\npqtplugin4.dll
    FF - plugin: d:\program files\opera\program\plugins\npqtplugin5.dll
    FF - plugin: d:\program files\opera\program\plugins\npqtplugin6.dll
    FF - plugin: d:\program files\opera\program\plugins\npqtplugin7.dll
    FF - plugin: d:\program files\opera\program\plugins\npwmsdrm.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox 4.0 beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Halloween: {BB359C50-BFC9-4f40-8302-3FE5A499A859} - %profile%\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}
    FF - Ext: Harley Davidson: {2c088200-b973-11db-8314-0800200c9a66} - %profile%\extensions\{2c088200-b973-11db-8314-0800200c9a66}
    FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
    FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
    FF - Ext: How-To Video Sidebar: howtovideosidebar@wonderhowto.com - %profile%\extensions\howtovideosidebar@wonderhowto.com
    FF - Ext: Microsoft Choice Guard: ChoiceGuard@Microsoft - %profile%\extensions\ChoiceGuard@Microsoft
    FF - Ext: Swag Bucks Community Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - %profile%\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    FF - Ext: Red Cats (blue flavor): {ff356687-aa08-463d-a46c-11c451824939} - %profile%\extensions\{ff356687-aa08-463d-a46c-11c451824939}
    FF - Ext: Scribblies Brite: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA} - %profile%\extensions\{F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}
    FF - Ext: Full Flat: {6E1A2A2E-AE2A-4A26-A812-46F54288379E} - %profile%\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: Webroot Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\java\lib\deploy\jqs\ff

    ---- FIREFOX POLICIES ----
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    user_pref(network.proxy.http_port,);
    FF - user.js: network.proxy.no_proxies_on -

    ============= SERVICES / DRIVERS ===============

    R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2004-9-23 9344]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-2-18 14776]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-9-8 77312]
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-12-22 10872]
    R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-12-7 62280]
    R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-12-7 79688]
    R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2011-2-16 108880]
    R1 SASDIFSV;SASDIFSV;d:\program files\scanners cleaners\suuperantispyware\SASDIFSV.SYS [2006-10-10 8944]
    R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2004-9-23 449280]
    R2 IS360service;IS360service;d:\program files\iobit\iobit security 360\is360srv.exe [2011-2-18 312152]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2011-2-16 1201640]
    S0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-12-7 41288]
    S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; [x]
    S1 SASKUTIL;SASKUTIL;d:\progra~1\scanne~1\suuper~1\SASKUTIL.SYS [2007-2-27 55024]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 aawservice;Ad-Aware 2007 Service; [x]
    S3 ASEService;Aluria Spyware Eliminator Service; [x]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-1-21 18176]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-1-21 7680]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]
    S3 SASENUM;SASENUM;d:\progra~1\scanne~1\suuper~1\SASENUM.SYS [2006-2-16 4096]
    S3 SNDP202;Bushnell ImageView;c:\windows\system32\drivers\sndp202.sys [2010-12-11 243968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; [x]
    S4 FileDeleter;ZeroSpyware FileDeleter; [x]
    S4 sdAuxService;PC Tools Auxiliary Service; [x]
    S4 sdCoreService;PC Tools Security Service; [x]

    =============== Created Last 30 ================

    2011-02-20 02:14:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-20 02:14:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-20 01:13:20 -------- d-sh--w- C:\FOUND.002
    2011-02-19 06:24:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\jKiBgGn01848
    2011-02-19 05:18:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-18 14:42:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\FreeApp
    2011-02-18 14:40:42 28496 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2011-02-18 14:40:42 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2011-02-18 06:34:49 -------- d-----w- c:\docume~1\wizard\applic~1\IObit
    2011-02-18 05:58:36 -------- d-sh--w- C:\FOUND.001
    2011-02-18 03:49:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
    2011-02-17 01:46:16 -------- d-----w- c:\docume~1\wizard\locals~1\applic~1\AskToolbar
    2011-02-17 01:14:15 -------- d-----w- c:\program files\Ask.com
    2011-02-17 01:13:52 108880 ----a-w- c:\windows\system32\drivers\pwipf6.sys
    2011-02-17 01:13:39 1563008 ----a-w- c:\windows\WRSetup.dll
    2011-02-17 01:13:39 -------- d-----w- c:\docume~1\wizard\applic~1\Webroot
    2011-02-17 01:13:38 -------- d-----w- c:\program files\Webroot
    2011-02-16 19:20:20 -------- d-----w- C:\Webroot
    2011-02-15 22:12:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\33f20000-d8f8-4acd-3d22-5f9c81cea6b2
    2011-02-15 21:53:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
    2011-02-15 21:37:52 1284836 ----a-w- c:\docume~1\alluse~1\applic~1\bdinstall.bin
    2011-02-14 23:40:22 -------- d-sh--w- C:\FOUND.000
    2011-02-09 03:22:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\FileCure
    2011-02-03 22:34:09 -------- d-----w- c:\docume~1\wizard\applic~1\GetRightToGo
    2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-01-28 01:59:35 -------- d-----w- c:\docume~1\wizard\locals~1\applic~1\Temp
    2011-01-26 05:09:10 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
    2011-01-26 05:09:09 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
    2011-01-26 05:06:46 -------- d-----w- c:\docume~1\wizard\applic~1\Downloaded Installations
    2011-01-26 03:58:56 98304 ----a-w- c:\windows\system32\redmonnt.dll
    2011-01-22 04:37:01 7680 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
    2011-01-22 04:36:53 18176 ----a-w- c:\windows\system32\drivers\motccgp.sys

    ==================== Find3M ====================

    2011-02-19 05:17:36 472808 ----a-w- c:\windows\system32\deployJava1.dll

    ============= FINISH: 21:00:47.93 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/8/2004 4:38:13 PM
    System Uptime: 2/19/2011 8:27:56 PM (1 hours ago)

    Motherboard: ASUSTeK Computer INC. | | A7V600-X
    Processor: AMD Athlon(TM) MP 1600+ | SOCKET A | 1749/166mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (FAT32) - 13 GiB total, 2.732 GiB free.
    D: is FIXED (NTFS) - 18 GiB total, 7.292 GiB free.
    E: is FIXED (NTFS) - 21 GiB total, 6.501 GiB free.
    F: is FIXED (NTFS) - 23 GiB total, 2.906 GiB free.
    G: is CDROM (CDFS)
    H: is CDROM (CDFS)
    I: is FIXED (FAT32) - 12 GiB total, 3.13 GiB free.
    J: is FIXED (FAT32) - 15 GiB total, 14.659 GiB free.
    K: is FIXED (FAT32) - 11 GiB total, 11.376 GiB free.
    L: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP532: 2/18/2011 10:53:16 PM - Revo Uninstaller's restore point - J2SE Runtime Environment 5.0 Update 6
    RP533: 2/18/2011 11:17:21 PM - Installed Java(TM) 6 Update 24

    ==== Installed Programs ======================


    7-Zip 2.30 Beta 25
    Abacast Client
    AbsolutePoker NET
    Adobe AIR
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader X (10.0.1)
    Adobe SVG Viewer 3.0
    Advanced SystemCare 3
    AirBlast
    Aluria LiteScanner
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Arcanum
    ArcSoft Camera Studio
    Ask Toolbar
    ASUSUpdate
    Baldur's Gate II - Shadows of Amn Collectors CD
    Baldur's Gate(TM) II - Throne of Bhaal (TM)
    BitLord 1.1
    Bonjour
    Bushnell ImageView
    CCleaner
    Clean Disk Security 7.81
    Corel WordPerfect Suite 8
    Creative MediaSource
    Creative MuVo NX-TX
    Creative System Information
    CT Attrib Lite
    Data Lifeguard Tools
    Disk Space Fan 1.4.3.1
    DivX
    DivX Player
    DriverAgent Plugin for Netscape by TouchStone Software
    Evidence-Blaster 2009
    Fallout 3
    FaxTools
    File Properties Changer
    Free Natural Text to Speech Reader 2007
    FreeApps
    Game Booster
    GameSpy Arcade
    GemBox.Spreadsheet Free 2.7
    GetDiz 3.0
    Gimp 2.6.2 Debug
    Hide IP Platinum 2.5
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    IIS 6.0 Resource Kit Tools
    IIS6 Manager
    InCD (Ahead Software)
    InCD EasyWrite Reader (Ahead Software)
    Intel RSX 3D
    IObit Security 360
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Kaspersky Online Scanner
    Lexmark X74-X75
    Logitech Desktop Messenger
    Logitech MouseWare 9.79
    Logitech Resource Center
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Bootvis
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access database engine 2007 (English)
    Microsoft PowerPoint Viewer 97
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.13)
    Mozilla Firefox 4.0b6 (x86 en-US)
    MSN Gaming Zone
    MSN Music Assistant
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MuVo Driver
    Nero
    Netscape Navigator (9.0.0.5)
    NVIDIA Drivers
    Opera 9.63
    PhotoSuite 4 (Remove Only)
    PowerDesk 5.0
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Recovery Commander
    RegCure 1.2.0.4
    Renamer (remove only)
    Reverse Phone Search Tool
    Revo Uninstaller 1.91
    Rhapsody Player Engine
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Sky Fight
    Smart Defrag 2
    Spy Sweeper Core
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    SpywareBlaster 4.1
    Star Wars®: Knights of the Old Republic (TM)
    Super Magnify v1.3
    SUPERAntiSpyware Free Edition
    Swat It v2.1
    System Requirements Lab
    The Off By One Web Browser
    Tom Clancy's Rainbow Six 3: Raven Shield
    Total Commander (Remove or Repair)
    Tracks Eraser Pro v5.7
    TwistedBrush Free Edition
    Unlocker 1.8.5
    UOGateway
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Useful File Utilities (remove only)
    VCOM SystemSuite 5
    VIA Integrated Setup Wizard
    WebFldrs XP
    Webroot Internet Security Essentials
    Winamp
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    WinRAR archiver
    WordPerfect Lightning
    WordPerfect Lightning - MSOM
    ZeroSpyware Limited Edition

    ==== Event Viewer Messages From Past Week ========

    2/19/2011 9:31:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    2/19/2011 9:31:10 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/19/2011 8:57:29 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
    2/19/2011 8:57:28 AM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
    2/19/2011 8:57:27 AM, error: Service Control Manager [7022] - The Webroot Spy Sweeper Engine service hung on starting.
    2/19/2011 8:29:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVG Anti-Spyware Driver IKFileSec SASKUTIL uagp35
    2/19/2011 7:13:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 AVG Anti-Spyware Driver Fips IKFileSec SASDIFSV SASKUTIL
    2/19/2011 12:41:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 AVG Anti-Spyware Driver Fips IKFileSec IPSec MRxSmb NetBIOS NetBT pwipf6 RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    2/19/2011 12:35:04 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2/19/2011 12:34:56 AM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
    2/19/2011 12:34:34 AM, error: Service Control Manager [7034] - The SystemSuite Task Manager service terminated unexpectedly. It has done this 1 time(s).
    2/19/2011 12:34:34 AM, error: Service Control Manager [7034] - The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s).
    2/19/2011 12:34:34 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
    2/19/2011 12:34:34 AM, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
    2/19/2011 12:34:34 AM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
    2/17/2011 11:59:59 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    2/16/2011 11:43:35 PM, error: ssidrv [26] - Failed to set monitor event rule.
    2/15/2011 7:24:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 AVG Anti-Spyware Driver Fips IKFileSec IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    2/15/2011 7:24:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    2/15/2011 7:24:48 PM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    2/15/2011 7:24:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/15/2011 7:24:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/15/2011 7:24:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
    2/15/2011 7:24:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/15/2011 7:24:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/15/2011 7:24:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2/15/2011 5:57:42 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
    2/15/2011 5:57:42 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    2/15/2011 5:24:42 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    2/15/2011 5:24:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVG Anti-Spyware Driver IKFileSec SASKUTIL
    2/15/2011 5:24:41 PM, error: Service Control Manager [7001] - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/15/2011 5:24:41 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
    2/15/2011 4:03:55 PM, error: Print [23] - Printer Corel Barista failed to initialize because a suitable Corel Barista driver could not be found.

    ==== End Of File ===========================
     

  3. to hide this advert.

  4. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    You're running two AV programs and two firewalls, Norton and Webroot.
    One of them has to go.
    If Norton, make sure to use this tool to uninstall it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    When done....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    I don't remember putting norton on my system. How do I know what product to download? I found nortoninstall log and it says install version:5.5.0.61
     
  6. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All links lead to a very same Norton Removal Tool.
    Whichever link you click, you'll be fine.
     
  7. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    ComboFix 11-02-20.01 - Wizard 02/20/2011 13:30:17.1.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.237 [GMT -6:00]
    Running from: C:\Documents and Settings\Wizard\Desktop\ComboFix.exe
    AV: Webroot Internet Security Essentials *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
    FW: Webroot Internet Security Essentials *Disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
    .
     
  8. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    This is only a header of Combofix log.
    If this is what was produced, re-run it.
     
  9. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    ComboFix 11-02-20.01 - Wizard 02/20/2011 14:21:09.2.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.221 [GMT -6:00]
    Running from: C:\Documents and Settings\Wizard\Desktop\ComboFix.exe
    AV: Webroot Internet Security Essentials *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
    FW: Webroot Internet Security Essentials *Enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\_005425_.tmp.dll
    C:\WINDOWS\system32\_005426_.tmp.dll
    C:\WINDOWS\system32\_005427_.tmp.dll
    C:\WINDOWS\system32\_005428_.tmp.dll
    C:\WINDOWS\system32\_005435_.tmp.dll
    C:\WINDOWS\system32\_005436_.tmp.dll
    C:\WINDOWS\system32\_005437_.tmp.dll
    C:\WINDOWS\system32\_005439_.tmp.dll
    C:\WINDOWS\system32\_005440_.tmp.dll
    C:\WINDOWS\system32\_005441_.tmp.dll
    C:\WINDOWS\system32\_005443_.tmp.dll
    C:\WINDOWS\system32\_005444_.tmp.dll
    C:\WINDOWS\system32\_005446_.tmp.dll
    C:\WINDOWS\system32\_005447_.tmp.dll
    C:\WINDOWS\system32\_005448_.tmp.dll
    C:\WINDOWS\system32\_005450_.tmp.dll
    C:\WINDOWS\system32\_005453_.tmp.dll
    C:\WINDOWS\system32\_005454_.tmp.dll
    C:\WINDOWS\system32\_005458_.tmp.dll
    C:\WINDOWS\system32\_005459_.tmp.dll
    C:\WINDOWS\system32\_005461_.tmp.dll
    C:\WINDOWS\system32\_005464_.tmp.dll
    C:\WINDOWS\system32\_005466_.tmp.dll
    C:\WINDOWS\system32\_005467_.tmp.dll
    C:\WINDOWS\system32\_005468_.tmp.dll
    C:\WINDOWS\system32\_005469_.tmp.dll
    C:\WINDOWS\system32\_005472_.tmp.dll
    C:\WINDOWS\system32\_005473_.tmp.dll
    C:\WINDOWS\system32\_005474_.tmp.dll
    C:\WINDOWS\system32\_005475_.tmp.dll
    C:\WINDOWS\system32\_005476_.tmp.dll
    C:\WINDOWS\system32\_005481_.tmp.dll
    C:\WINDOWS\system32\_005483_.tmp.dll
    C:\WINDOWS\system32\_005484_.tmp.dll
    C:\WINDOWS\system32\_007780_.tmp.dll
    C:\WINDOWS\system32\_007781_.tmp.dll
    C:\WINDOWS\system32\_007782_.tmp.dll
    C:\WINDOWS\system32\_007783_.tmp.dll
    C:\WINDOWS\system32\_007790_.tmp.dll
    C:\WINDOWS\system32\_007791_.tmp.dll
    C:\WINDOWS\system32\_007792_.tmp.dll
    C:\WINDOWS\system32\_007793_.tmp.dll
    C:\WINDOWS\system32\_007795_.tmp.dll
    C:\WINDOWS\system32\_007796_.tmp.dll
    C:\WINDOWS\system32\_007797_.tmp.dll
    C:\WINDOWS\system32\_007799_.tmp.dll
    C:\WINDOWS\system32\_007800_.tmp.dll
    C:\WINDOWS\system32\_007802_.tmp.dll
    C:\WINDOWS\system32\_007803_.tmp.dll
    C:\WINDOWS\system32\_007804_.tmp.dll
    C:\WINDOWS\system32\_007806_.tmp.dll
    C:\WINDOWS\system32\_007809_.tmp.dll
    C:\WINDOWS\system32\_007810_.tmp.dll
    C:\WINDOWS\system32\_007814_.tmp.dll
    C:\WINDOWS\system32\_007815_.tmp.dll
    C:\WINDOWS\system32\_007817_.tmp.dll
    C:\WINDOWS\system32\_007820_.tmp.dll
    C:\WINDOWS\system32\_007822_.tmp.dll
    C:\WINDOWS\system32\_007823_.tmp.dll
    C:\WINDOWS\system32\_007824_.tmp.dll
    C:\WINDOWS\system32\_007825_.tmp.dll
    C:\WINDOWS\system32\_007826_.tmp.dll
    C:\WINDOWS\system32\_007829_.tmp.dll
    C:\WINDOWS\system32\_007830_.tmp.dll
    C:\WINDOWS\system32\_007831_.tmp.dll
    C:\WINDOWS\system32\_007832_.tmp.dll
    C:\WINDOWS\system32\_007833_.tmp.dll
    C:\WINDOWS\system32\_007838_.tmp.dll
    C:\WINDOWS\system32\_007840_.tmp.dll
    C:\WINDOWS\system32\_007841_.tmp.dll
    C:\WINDOWS\system32\UNWISE.EXE

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MYWEBSEARCHSERVICE


    ((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
    .

    2011-02-20 02:14:58 . 2010-12-21 00:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011-02-20 02:14:54 . 2010-12-21 00:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2011-02-20 01:13:20 . 2011-02-20 01:13:20 -------- d-----w- C:\FOUND.002
    2011-02-19 17:40:55 . 2011-02-19 17:40:56 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\IObit
    2011-02-19 06:43:20 . 2011-02-19 06:43:22 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE
    2011-02-19 06:41:13 . 2011-02-19 06:41:14 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Webroot
    2011-02-19 06:24:11 . 2011-02-19 06:24:12 -------- d-----w- C:\Documents and Settings\All Users\Application Data\jKiBgGn01848
    2011-02-19 05:18:18 . 2011-02-19 05:17:42 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
    2011-02-18 14:42:44 . 2011-02-18 14:42:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\FreeApp
    2011-02-18 14:40:42 . 2010-12-13 23:03:50 28496 ----a-w- C:\WINDOWS\system32\SmartDefragBootTime.exe
    2011-02-18 14:40:42 . 2010-11-27 00:02:54 14776 ----a-w- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys
    2011-02-18 06:34:49 . 2011-02-18 06:34:50 -------- d-----w- C:\Documents and Settings\Wizard\Application Data\IObit
    2011-02-18 05:58:36 . 2011-02-18 05:58:36 -------- d-----w- C:\FOUND.001
    2011-02-18 03:49:09 . 2011-02-18 03:49:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\IObit
    2011-02-17 01:46:16 . 2011-02-17 01:46:18 -------- d-----w- C:\Documents and Settings\Wizard\Local Settings\Application Data\AskToolbar
    2011-02-17 01:14:15 . 2011-02-17 01:14:16 -------- d-----w- C:\Program Files\Ask.com
    2011-02-17 01:13:52 . 2011-02-17 01:12:28 108880 ----a-w- C:\WINDOWS\system32\drivers\pwipf6.sys
    2011-02-17 01:13:39 . 2011-02-17 01:13:40 -------- d-----w- C:\Documents and Settings\Wizard\Application Data\Webroot
    2011-02-17 01:13:39 . 2009-11-06 21:19:42 1563008 ----a-w- C:\WINDOWS\WRSetup.dll
    2011-02-17 01:13:38 . 2011-02-17 01:13:40 -------- d-----w- C:\Program Files\Webroot
    2011-02-16 22:54:19 . 2011-02-16 22:54:20 -------- d-----w- C:\Program Files\Microsoft Silverlight
    2011-02-16 19:20:20 . 2011-02-16 19:20:22 -------- d-----w- C:\Webroot
    2011-02-16 01:24:12 . 2011-02-16 01:24:12 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache
    2011-02-15 22:12:32 . 2011-02-15 22:12:34 -------- d-----w- C:\Documents and Settings\All Users\Application Data\33f20000-d8f8-4acd-3d22-5f9c81cea6b2
    2011-02-15 21:53:45 . 2011-02-15 21:53:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Webroot
    2011-02-15 21:49:55 . 2011-02-17 00:52:06 5555080 ----a-w- C:\Documents and Settings\Administrator\Application Data\wruninstall.exe
    2011-02-15 21:37:52 . 2011-02-16 04:08:46 1284836 ----a-w- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
    2011-02-14 23:40:22 . 2011-02-14 23:40:22 -------- d-----w- C:\FOUND.000
    2011-02-09 03:22:43 . 2011-02-09 03:22:44 -------- d-----w- C:\Documents and Settings\All Users\Application Data\FileCure
    2011-02-03 22:34:09 . 2011-02-03 22:34:10 -------- d-----w- C:\Documents and Settings\Wizard\Application Data\GetRightToGo
    2011-01-30 15:45:12 . 2011-01-30 15:45:12 135568 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    2011-01-28 01:59:35 . 2011-01-28 01:59:36 -------- d-----w- C:\Documents and Settings\Wizard\Local Settings\Application Data\Temp
    2011-01-26 05:09:31 . 2011-01-26 05:09:32 -------- d-----w- C:\Documents and Settings\Wizard\Application Data\Nitro PDF
    2011-01-26 05:09:10 . 2011-01-14 19:35:18 17712 ----a-w- C:\WINDOWS\system32\nitrolocalui.dll
    2011-01-26 05:09:09 . 2011-01-14 19:35:16 26416 ----a-w- C:\WINDOWS\system32\nitrolocalmon.dll
    2011-01-26 05:08:45 . 2011-01-26 05:08:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    2011-01-26 05:06:46 . 2011-01-26 05:06:48 -------- d-----w- C:\Documents and Settings\Wizard\Application Data\Downloaded Installations
    2011-01-26 03:58:56 . 2007-08-21 19:32:44 98304 ----a-w- C:\WINDOWS\system32\redmonnt.dll
    2011-01-22 16:41:00 . 2011-01-22 16:41:02 -------- d-----w- C:\Program Files\Common Files\Adobe AIR
    2011-01-22 04:37:01 . 2007-01-24 01:03:44 7680 ----a-w- C:\WINDOWS\system32\drivers\motccgpfl.sys
    2011-01-22 04:36:53 . 2007-11-02 20:36:10 18176 ----a-w- C:\WINDOWS\system32\drivers\motccgp.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-19 05:17:36 . 2010-07-11 05:43:29 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-09-29 04:44:28 1400712]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 04:44:28 1400712 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-09-29 04:44:28 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-09-29 04:44:28 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
    @= "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} "
    [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
    2009-11-06 21:14:10 238968 ----a-w- C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 18:22:00 7700480]
    "nwiz "= "nwiz.exe" [2006-10-22 18:22:00 1622016]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 18:22:00 86016]
    "smapp "= "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 14:57:30 143360]
    "Lexmark X74-X75 "= "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 21:09:12 57344]
    "SunJavaUpdateSched "= "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 20:49:28 249064]
    "SpySweeper "= "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 21:19:58 6515784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator "= "Narrator.exe" [2006-10-04 09:48:36 53760]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Uninstall Webroot RunOnce.lnk - C:\Documents and Settings\Administrator\Application Data\wruninstall.exe [2011-2-15 5555080]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel "= 0 (0x0)
    "NoCommonGroups "= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{a5780613-492e-4a2a-a7fd-549610edf6cc} "= "d:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL" [2003-06-12 19:42:34 102400]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "D:\Program Files\scanners cleaners\suuperantispyware\SASSEH.DLL" [2008-05-28 00:51:32 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-515967899-308236825-725345543-1003\Scripts\Logoff\0\0]
    "Script "=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @= "Service "
    path=
    backup=

    [HKLM\~\startupfolder\^.plugin141_02.trace]
    path=\.plugin141_02.trace

    [HKLM\~\startupfolder\^.plugin141_07.trace]
    path=\.plugin141_07.trace

    [HKLM\~\startupfolder\^.recently-used.xbel]
    path=\.recently-used.xbel

    [HKLM\~\startupfolder\^NTUSER.BAK]
    path=\NTUSER.BAK

    [HKLM\~\startupfolder\^NTUSER.BK1]
    path=\NTUSER.BK1

    [HKLM\~\startupfolder\^NTUSER.DAT]
    path=\NTUSER.DAT

    [HKLM\~\startupfolder\^ntuser.dat.LOG]
    path=\ntuser.dat.LOG

    [HKLM\~\startupfolder\^ntuser.dat.rmbak]
    path=\ntuser.dat.rmbak

    [HKLM\~\startupfolder\^NTUSER.DFG.LOG]
    path=\NTUSER.DFG.LOG

    [HKLM\~\startupfolder\^ntuser.ini]
    path=\ntuser.ini

    [HKLM\~\startupfolder\^PDF9B.PDF]
    path=\PDF9B.PDF

    [HKLM\~\startupfolder\^S-1-5-21-515967899-308236825-725345543-1003.rrr.LOG]
    path=\S-1-5-21-515967899-308236825-725345543-1003.rrr.LOG

    [HKLM\~\startupfolder\^the workgear outlet]
    path=\the workgear outlet

    [HKLM\~\startupfolder\^WINDOWS]
    path=\WINDOWS
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 18:49:34 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-30 15:45:14 35736 ----a-w- D:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 05:08:18 417792 ----a-w- D:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-05-22 05:02:06 202256 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WZCSVC "=2 (0x2)
    "iPodService "=3 (0x3)
    "SDhelper "=2 (0x2)
    "Apple Mobile Device "=2 (0x2)
    "helpsvc "=2 (0x2)
    "Bonjour Service "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "D:\\Program Files\\iTunes\\iTunes.exe "=
    "C:\\WINDOWS\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "D:\\open zip\\Phoenix_Dynasty_Online_Client_7403.exe "=
    "C:\\WINDOWS\\System32\\LEXPPS.EXE "=

    R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\drivers\bsstor.sys [9/23/2004 7:55:58 PM 9344]
    R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [9/4/2009 9:35:10 PM 721904]
    R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00:34 PM 29808]
    R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [9/8/2004 4:43:40 PM 77312]
    R1 pwipf6;pwipf6;C:\WINDOWS\system32\drivers\pwipf6.sys [2/16/2011 7:13:52 PM 108880]
    R1 SASDIFSV;SASDIFSV;D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS [10/10/2006 1:53:48 PM 8944]
    R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\bsudf.sys [9/23/2004 7:55:57 PM 449280]
    R2 IS360service;IS360service;D:\Program Files\IObit\IObit Security 360\is360srv.exe [2/18/2011 8:43:53 AM 312152]
    R2 WRConsumerService;Webroot Client Service;C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2/16/2011 7:14:23 PM 1201640]
    S0 SmartDefragDriver;SmartDefragDriver;C:\WINDOWS\system32\drivers\SmartDefragDriver.sys [2/18/2011 8:40:42 AM 14776]
    S1 SASKUTIL;SASKUTIL;D:\PROGRA~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS [2/27/2007 12:39:26 PM 55024]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16:28 PM 130384]
    S3 ASEService;Aluria Spyware Eliminator Service; [x]
    S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\drivers\motccgp.sys [1/21/2011 10:36:53 PM 18176]
    S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\drivers\motccgpfl.sys [1/21/2011 10:37:01 PM 7680]
    S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys --> C:\WINDOWS\system32\DRIVERS\motodrv.sys [?]
    S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys --> C:\WINDOWS\system32\DRIVERS\motport.sys [?]
    S3 SASENUM;SASENUM;D:\PROGRA~1\SCANNE~1\SUUPER~1\SASENUM.SYS [2/16/2006 5:51:08 PM 4096]
    S3 SNDP202;Bushnell ImageView;C:\WINDOWS\system32\drivers\sndp202.sys [12/11/2010 3:52:09 PM 243968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16:28 PM 753504]
    S4 FileDeleter;ZeroSpyware FileDeleter; [x]
    S4 sdAuxService;PC Tools Auxiliary Service; [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-20 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1003.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09:42 . 2010-02-25 04:09:42]

    2011-02-20 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1003.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09:42 . 2010-02-25 04:09:42]

    2011-02-16 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1006.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09:42 . 2010-02-25 04:09:42]

    2011-02-20 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1006.job
    - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09:42 . 2010-02-25 04:09:42]

    2011-02-20 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    - C:\Program Files\Ask.com\UpdateTask.exe [2010-09-29 04:44:30 . 2010-09-29 04:44:30]

    2011-02-15 C:\WINDOWS\Tasks\Scheduled Checkpoint.job
    - d:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE [2005-03-27 16:57:34 . 2003-06-09 22:45:34]

    2008-02-09 C:\WINDOWS\Tasks\RegCure.job
    - d:\Program Files\RegCure\RegCure.exe [2006-06-06 21:11:32 . 2006-09-10 23:23:09]

    2011-02-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34:12 . 2008-07-30 18:34:12]
    .
     
  10. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Lower part of the log is missing.
    Make sure, you post entire log.
    You can locate it in c:\combofix.txt.
     
  11. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    Copy and pasted from C: that is all there is. I let it run for 1 and half hours. Was it not done?
     
  12. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We'll see what we can do....

    Uninstall Ask Toolbar, known foistware.

    ==============================================================

    Uninstall RegCure 1.2.0.4.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ================================================================


    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    C:\WINDOWS\Tasks\RegCure.job
    C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    
    
    Folder::
    C:\Documents and Settings\All Users\Application Data\jKiBgGn01848
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  13. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    Its been 1 and a half hours. After about 20 minutes scan was done, screen flashed, ComboxFix-Find3M box came back on with Preparing Log Report Do not run any programs untill comboxfix has finshed. Cursor still in the box and all the icons on the desktop have disappeared and the toolbar too. Should I reboot ? Hard drive light is still flashing every quarter second and bright flash every second or two.
     
  14. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Reboot manually and re-run Combofix with a very same script.
     
  15. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    It took 8 min. to get to Preparing log report. AT ten min. screen flashed /jumped, Windows security center popped up in toolbar with a balloon that said Your computer might be at risk. Webroot internet secutity essentials is turned off. Click this balloon to fix this problem. At ninteen min. hard drive light done. Been half hour comboxfix box on desktop no cursor flashing . First posted text 19k second text not posted 15k..
     
  16. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine.
    Those items are not crucial.
    We can remove them using another tool.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  17. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    2011/02/20 21:03:56.0921 3612 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
    2011/02/20 21:03:58.0921 3612 ================================================================================
    2011/02/20 21:03:58.0921 3612 SystemInfo:
    2011/02/20 21:03:58.0921 3612
    2011/02/20 21:03:58.0921 3612 OS Version: 5.1.2600 ServicePack: 2.0
    2011/02/20 21:03:58.0921 3612 Product type: Workstation
    2011/02/20 21:03:58.0921 3612 ComputerName: ZAR
    2011/02/20 21:03:58.0921 3612 UserName: Wizard
    2011/02/20 21:03:58.0921 3612 Windows directory: C:\WINDOWS
    2011/02/20 21:03:58.0921 3612 System windows directory: C:\WINDOWS
    2011/02/20 21:03:58.0921 3612 Processor architecture: Intel x86
    2011/02/20 21:03:58.0921 3612 Number of processors: 1
    2011/02/20 21:03:58.0921 3612 Page size: 0x1000
    2011/02/20 21:03:58.0921 3612 Boot type: Normal boot
    2011/02/20 21:03:58.0921 3612 ================================================================================
    2011/02/20 21:03:59.0687 3612 Initialize success
    2011/02/20 21:04:20.0937 0288 ================================================================================
    2011/02/20 21:04:20.0937 0288 Scan started
    2011/02/20 21:04:20.0937 0288 Mode: Manual;
    2011/02/20 21:04:20.0937 0288 ================================================================================
    2011/02/20 21:04:22.0546 0288 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/02/20 21:04:22.0687 0288 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/02/20 21:04:22.0921 0288 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    2011/02/20 21:04:22.0984 0288 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    2011/02/20 21:04:23.0109 0288 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    2011/02/20 21:04:23.0859 0288 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    2011/02/20 21:04:24.0718 0288 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/02/20 21:04:24.0796 0288 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/02/20 21:04:25.0031 0288 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/02/20 21:04:25.0140 0288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/02/20 21:04:25.0484 0288 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
    2011/02/20 21:04:25.0609 0288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/02/20 21:04:25.0812 0288 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys
    2011/02/20 21:04:25.0984 0288 BsUDF (4637c8115f9b82b08f192e29b8783aee) C:\WINDOWS\system32\drivers\BsUDF.sys
    2011/02/20 21:04:26.0125 0288 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    2011/02/20 21:04:26.0218 0288 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    2011/02/20 21:04:26.0421 0288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/02/20 21:04:26.0546 0288 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/02/20 21:04:27.0125 0288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/02/20 21:04:27.0218 0288 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/02/20 21:04:27.0343 0288 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/02/20 21:04:28.0343 0288 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/02/20 21:04:28.0546 0288 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/02/20 21:04:28.0687 0288 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
    2011/02/20 21:04:28.0843 0288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/02/20 21:04:28.0937 0288 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/02/20 21:04:29.0203 0288 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/02/20 21:04:29.0390 0288 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/02/20 21:04:29.0531 0288 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/02/20 21:04:29.0656 0288 FETND5BV (338d7cfcf5e2f76eee845dbf4504f4c3) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    2011/02/20 21:04:29.0750 0288 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    2011/02/20 21:04:29.0921 0288 FETNDISB (d3b19a8bae6c20b4d305c7a72e255eb9) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
    2011/02/20 21:04:30.0062 0288 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    2011/02/20 21:04:30.0171 0288 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/02/20 21:04:30.0312 0288 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/02/20 21:04:30.0453 0288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/02/20 21:04:30.0578 0288 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/02/20 21:04:30.0703 0288 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/02/20 21:04:30.0812 0288 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/02/20 21:04:30.0937 0288 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/02/20 21:04:31.0406 0288 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/02/20 21:04:31.0781 0288 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/02/20 21:04:31.0937 0288 IKFileSec (bb07262041a213fea5fccf0a9f90d85a) C:\WINDOWS\system32\drivers\ikfilesec.sys
    2011/02/20 21:04:32.0093 0288 IKSysFlt (b2581314d54f8de4262f0a51f7ba63d0) C:\WINDOWS\system32\drivers\iksysflt.sys
    2011/02/20 21:04:32.0265 0288 IKSysSec (6f544cd764f949170b46a4dab11673e2) C:\WINDOWS\system32\drivers\iksyssec.sys
    2011/02/20 21:04:32.0359 0288 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/02/20 21:04:32.0531 0288 incdrm (6f05034230ad665b8ad80214a3a9bc57) C:\WINDOWS\system32\drivers\incdrm.sys
    2011/02/20 21:04:32.0968 0288 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/02/20 21:04:33.0062 0288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/02/20 21:04:33.0156 0288 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/02/20 21:04:33.0265 0288 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/02/20 21:04:33.0437 0288 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/02/20 21:04:33.0531 0288 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/02/20 21:04:33.0656 0288 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/02/20 21:04:33.0796 0288 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/02/20 21:04:33.0875 0288 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/02/20 21:04:33.0984 0288 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/02/20 21:04:34.0140 0288 L8042pr2 (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
    2011/02/20 21:04:34.0500 0288 LHidFlt2 (b97d05e656818572b6b04ba682d3aa8f) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
    2011/02/20 21:04:34.0656 0288 LHidUsb (826aacb98a2ca5c51e982c748a60d645) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
    2011/02/20 21:04:34.0859 0288 LMouFlt2 (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
    2011/02/20 21:04:34.0937 0288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/02/20 21:04:35.0078 0288 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    2011/02/20 21:04:35.0187 0288 motccgp (a10fa04b73a9d97e5cf77eb1d5a88165) C:\WINDOWS\system32\DRIVERS\motccgp.sys
    2011/02/20 21:04:35.0312 0288 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
    2011/02/20 21:04:35.0843 0288 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/02/20 21:04:36.0000 0288 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/02/20 21:04:36.0109 0288 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/02/20 21:04:36.0359 0288 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/02/20 21:04:36.0484 0288 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/02/20 21:04:36.0625 0288 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/02/20 21:04:36.0750 0288 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/02/20 21:04:36.0921 0288 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/02/20 21:04:37.0015 0288 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/02/20 21:04:37.0156 0288 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/02/20 21:04:37.0296 0288 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/02/20 21:04:37.0390 0288 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/02/20 21:04:37.0531 0288 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/02/20 21:04:37.0671 0288 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/02/20 21:04:37.0843 0288 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/02/20 21:04:37.0937 0288 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/02/20 21:04:38.0078 0288 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/02/20 21:04:38.0187 0288 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/02/20 21:04:38.0281 0288 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/02/20 21:04:38.0359 0288 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/02/20 21:04:38.0468 0288 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/02/20 21:04:38.0687 0288 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/02/20 21:04:38.0812 0288 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/02/20 21:04:39.0343 0288 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
    2011/02/20 21:04:39.0468 0288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/02/20 21:04:39.0796 0288 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/02/20 21:04:40.0015 0288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/02/20 21:04:40.0093 0288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/02/20 21:04:40.0281 0288 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/02/20 21:04:40.0359 0288 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/02/20 21:04:40.0437 0288 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/02/20 21:04:40.0828 0288 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/02/20 21:04:41.0234 0288 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/02/20 21:04:42.0328 0288 PfModNT (0abc514f6606324ce15484d079027798) C:\WINDOWS\system32\drivers\PfModNT.sys
    2011/02/20 21:04:42.0484 0288 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/02/20 21:04:42.0578 0288 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/02/20 21:04:42.0703 0288 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/02/20 21:04:42.0843 0288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/02/20 21:04:42.0968 0288 pwipf6 (f13d0659bfc22b97cf0d3a4b9f43f62c) C:\WINDOWS\system32\drivers\pwipf6.sys
    2011/02/20 21:04:43.0140 0288 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/02/20 21:04:44.0015 0288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/02/20 21:04:44.0140 0288 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/02/20 21:04:44.0265 0288 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/02/20 21:04:44.0390 0288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/02/20 21:04:44.0515 0288 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/02/20 21:04:44.0640 0288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/02/20 21:04:44.0750 0288 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/02/20 21:04:44.0859 0288 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/02/20 21:04:45.0000 0288 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/02/20 21:04:45.0250 0288 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS
    2011/02/20 21:04:45.0312 0288 SASENUM (7f1085895e499907f68df7731924122b) D:\PROGRA~1\SCANNE~1\SUUPER~1\SASENUM.SYS
    2011/02/20 21:04:45.0390 0288 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) D:\PROGRA~1\SCANNE~1\SUUPER~1\SASKUTIL.SYS
    2011/02/20 21:04:45.0640 0288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/02/20 21:04:45.0765 0288 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/02/20 21:04:45.0937 0288 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/02/20 21:04:46.0125 0288 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/02/20 21:04:46.0406 0288 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/02/20 21:04:46.0562 0288 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    2011/02/20 21:04:46.0671 0288 smwdm (1d381a07361e4d6a8be95026b3eba47a) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/02/20 21:04:46.0796 0288 SNDP202 (9b3363f5b12b9b811c495a21ec6d15bb) C:\WINDOWS\system32\DRIVERS\sndp202.sys
    2011/02/20 21:04:47.0062 0288 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/02/20 21:04:47.0234 0288 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/02/20 21:04:47.0234 0288 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    2011/02/20 21:04:47.0265 0288 sptd - detected Locked file (1)
    2011/02/20 21:04:47.0343 0288 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/02/20 21:04:47.0437 0288 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/02/20 21:04:47.0593 0288 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
    2011/02/20 21:04:47.0656 0288 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
    2011/02/20 21:04:47.0765 0288 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
    2011/02/20 21:04:47.0953 0288 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/02/20 21:04:48.0046 0288 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/02/20 21:04:48.0156 0288 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/02/20 21:04:48.0875 0288 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/02/20 21:04:49.0062 0288 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/02/20 21:04:49.0156 0288 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/02/20 21:04:49.0234 0288 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/02/20 21:04:49.0328 0288 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/02/20 21:04:49.0687 0288 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2011/02/20 21:04:49.0796 0288 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    2011/02/20 21:04:49.0875 0288 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
    2011/02/20 21:04:49.0984 0288 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/02/20 21:04:50.0281 0288 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/02/20 21:04:50.0453 0288 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/02/20 21:04:50.0593 0288 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/02/20 21:04:50.0734 0288 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/02/20 21:04:50.0906 0288 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/02/20 21:04:51.0062 0288 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/02/20 21:04:51.0156 0288 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/02/20 21:04:51.0250 0288 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/02/20 21:04:51.0359 0288 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    2011/02/20 21:04:51.0484 0288 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    2011/02/20 21:04:51.0562 0288 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/02/20 21:04:51.0656 0288 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\viasraid.sys
    2011/02/20 21:04:51.0765 0288 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/02/20 21:04:52.0015 0288 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/02/20 21:04:52.0187 0288 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2011/02/20 21:04:52.0421 0288 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/02/20 21:04:52.0593 0288 wg3n (ec2751e2e9d7d12a0b0b89fc9561b2e8) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
    2011/02/20 21:04:52.0859 0288 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/02/20 21:04:53.0000 0288 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/02/20 21:04:53.0187 0288 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/02/20 21:04:53.0578 0288 ================================================================================
    2011/02/20 21:04:53.0578 0288 Scan finished
    2011/02/20 21:04:53.0578 0288 ================================================================================
    2011/02/20 21:04:53.0625 1360 Detected object count: 1
    2011/02/20 21:06:07.0718 1360 Locked file(sptd) - User select action: Skip
     
  18. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That looks good.

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".
     
  19. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 2)
    Number of processors #1
    ==============================================
    >Drivers
    ==============================================
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4530176 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 93.71 )
    0xF7DD9000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3997696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 93.71 )
    0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2181376 bytes
    0x804D7000 RAW 2181376 bytes
    0x804D7000 WMIxWDM 2181376 bytes
    0xBF800000 Win32k 1851392 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xF8494000 PCI_PNP7632 1052672 bytes
    0xF8494000 spiq.sys 1052672 bytes
    0xF8494000 sptd 1052672 bytes
    0xF7CDD000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
    0xF67D3000 C:\WINDOWS\System32\Drivers\Ntfs.SYS 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xF66B7000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB9D5A000 C:\WINDOWS\System32\Drivers\BsUDF.SYS 450560 bytes (ahead software, UDF File System Driver (WindowsXP))
    0xF6986000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB90CF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xF6949000 C:\WINDOWS\system32\drivers\pwipf6.sys 249856 bytes (Privacyware/PWI, Inc., pwipf6)
    0xF679B000 C:\WINDOWS\System32\Drivers\a699a2fh.SYS 229376 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xF7B64000 C:\WINDOWS\System32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
    0xF7BC0000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xF844E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xF840F000 ssidrv.sys 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
    0xF83E2000 C:\WINDOWS\system32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB9582000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF6726000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xF6860000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xF839D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xF7CB9000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF831D000 Fastfat.sys 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xF7DA2000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xF7D7F000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF6751000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xF6928000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
    0x806EC000 ACPI_HAL 131968 bytes
    0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xF8352000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF83C3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF82EB000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xF8385000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xF847C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xF6A11000 C:\WINDOWS\system32\drivers\iksyssec.sys 94208 bytes (PCTools Research Pty Ltd., System Security Device Driver)
    0xF8306000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF7CA2000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB98D4000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xF6A28000 C:\WINDOWS\system32\drivers\iksysflt.sys 81920 bytes (PCTools Research Pty Ltd., System Filter Device Driver)
    0xF7D6B000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xF7DC5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xF69DE000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xF8372000 viasraid.sys 77824 bytes (VIA Technologies inc,.ltd, VIA SATA RAID DRIVER FOR WINXP)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB94D0000 C:\WINDOWS\system32\drivers\PfModNT.sys 73728 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
    0xF8340000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xF843D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF7BF1000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB9D21000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
    0xF8816000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF8806000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
    0xF86A6000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xF86C6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF8696000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB9A89000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF8756000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF8786000 C:\WINDOWS\system32\drivers\ikfilesec.SYS 57344 bytes (PCTools Research Pty Ltd., File Security Device Driver)
    0xF8776000 C:\WINDOWS\system32\drivers\KCOM.SYS 57344 bytes (PCTools Research Pty Ltd., -)
    0xF8686000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF8616000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF86B6000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF86E6000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF85F6000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF8706000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF86D6000 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 45056 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
    0xF8676000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF85E6000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF86F6000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xF85D6000 ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
    0xF8636000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
    0xF8666000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
    0xF8726000 C:\WINDOWS\system32\DRIVERS\bthmodem.sys 40960 bytes (Microsoft Corporation, Bluetooth Communications Driver)
    0xF8746000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xB9C19000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0xF8736000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xF8606000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF87C6000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF87F6000 C:\WINDOWS\System32\Drivers\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xF85B6000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xF87E6000 C:\WINDOWS\System32\Drivers\LHidUsb.Sys 36864 bytes (Logitech, Inc., Logitech USB Mouse Function Driver.)
    0xF8716000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF87A6000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB9067000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xF8626000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xF85C6000 sshrmd.sys 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
    0xF8796000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF89BE000 C:\DOCUME~1\Wizard\LOCALS~1\Temp\catchme.sys 32768 bytes
    0xF88CE000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF887E000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xF8946000 C:\WINDOWS\System32\Drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xF883E000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xF893E000 D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS 28672 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0xF8876000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF884E000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
    0xF8886000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF894E000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys 24576 bytes (Logitech, Inc., Logitech HID Filter Driver.)
    0xF889E000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF88BE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xF88A6000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xF88C6000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF8846000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF888E000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF8896000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF8836000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF886E000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xF8956000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xF8A92000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xF8A72000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xF8A66000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 16384 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0xF8A7A000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
    0xF89C6000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xF89CA000 bsstor.sys 12288 bytes (B.H.A Co.,Ltd., B.H.A Storage Helper Driver (WindowsNT5.x))
    0xF7BA0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF8A76000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
    0xF7BB0000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xF8A7E000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF82B3000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF8AC0000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
    0xF8AC8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF8ABC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xF8AC6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF8ABE000 C:\WINDOWS\System32\Drivers\incdrm.SYS 8192 bytes (Ahead Software AG, remapper)
    0xF8AB6000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF8ACA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF8B28000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xF8B6A000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
    0xF8ACC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF8AC4000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF8AC2000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF8ABA000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xF8AEC000 C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys 8192 bytes (Sygate Technologies, Inc., wgxn)
    0xF8AB8000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF821F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF827D000 C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)
    0xF8216000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF8BF5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0x82ACF0A8 unknown_irp_handler 3928 bytes
    0x82B340C0 unknown_irp_handler 3904 bytes
    0x82C12150 unknown_irp_handler 3760 bytes
    0x82BEE150 unknown_irp_handler 3760 bytes
    0x82D851C0 unknown_irp_handler 3648 bytes
    0x82B971C0 unknown_irp_handler 3648 bytes
    0x82F6D1F8 unknown_irp_handler 3592 bytes
    0x82FDE1F8 unknown_irp_handler 3592 bytes
    0x82F6F1F8 unknown_irp_handler 3592 bytes
    0x82A0E1F8 unknown_irp_handler 3592 bytes
    0x82FDF1F8 unknown_irp_handler 3592 bytes
    0x829F71F8 unknown_irp_handler 3592 bytes
    0x82F6E1F8 unknown_irp_handler 3592 bytes
    0x82A531F8 unknown_irp_handler 3592 bytes
    0x82B00258 unknown_irp_handler 3496 bytes
    0x82B2B268 unknown_irp_handler 3480 bytes
    0x82AE9280 unknown_irp_handler 3456 bytes
    0x82C2F2B8 unknown_irp_handler 3400 bytes
    0x82AC9308 unknown_irp_handler 3320 bytes
    0x82B6C310 unknown_irp_handler 3312 bytes
    0x82A25368 unknown_irp_handler 3224 bytes
    0x82D7E438 unknown_irp_handler 3016 bytes
    0x82C0F500 unknown_irp_handler 2816 bytes
    0x82B6B500 unknown_irp_handler 2816 bytes
    0x82B18500 unknown_irp_handler 2816 bytes
    0x82B73500 unknown_irp_handler 2816 bytes
    0x82D42610 unknown_irp_handler 2544 bytes
    0x82C396C8 unknown_irp_handler 2360 bytes
    0x82D84970 unknown_irp_handler 1680 bytes
    0x82CF8BD8 unknown_irp_handler 1064 bytes
    0x82AE8C00 unknown_irp_handler 1024 bytes
    0x82C92CD0 unknown_irp_handler 816 bytes
    0x82BE2CD0 unknown_irp_handler 816 bytes
    0x82A62CD0 unknown_irp_handler 816 bytes
    0x82A69CD0 unknown_irp_handler 816 bytes
    0x82A5BCD0 unknown_irp_handler 816 bytes
    0x82B03CD0 unknown_irp_handler 816 bytes
    0x82BA1CE0 unknown_irp_handler 800 bytes
    0x82B98E90 unknown_irp_handler 368 bytes
    0x82C9FED0 unknown_irp_handler 304 bytes
    0x82B4BFA8 unknown_irp_handler 88 bytes
    ==============================================
    >Stealth
    ==============================================
    WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
    0x05F10000 Hidden Image-->System.XML.dll [ EPROCESS 0x81FE6020 ] PID: 2936, 2076672 bytes
     
  20. 2011/02/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good too :)

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. 2011/02/20
    wisserd Lifetime Subscription

    wisserd Well-Known Member Thread Starter

    Joined:
    2011/02/19
    Messages:
    52
    Likes Received:
    0
    computer is doing fine.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.