Solved Ps/2 Keyboard Failure and kbdclass.sys Problem

Gideon · 2011/02/15

[Resolved] Ps/2 Keyboard Failure and kbdclass.sys Problem

I'm not sure what I'm dealing with here. My pc worked fine last night and this morning the keyboard stopped working. My Avast antivirus has detected kbdclass.sys file as a virus and there are about 40 instances of it in the virus chest... I'm not even sure if these issues are related, but from what I've read I'm thinking they are.

I am able to use the keyboard on start up but once windows loads I loose use of it. I have tried uninstalling and reinstalling the device and using different keyboards without any solution.

I should also mention that I have use of everything else and programs including the internet seem fine. I am sending this from my laptop....

broni · 2011/02/15

How are you doing all this, if the keyboard doesn't work?

Gideon · 2011/02/16

"broni said: ↑

How are you doing all this, if the keyboard doesn't work?
Click to expand...

I have a laptop in my living room.

Gideon · 2011/02/16

I'm sorry, it's been a while and I forgot to read the rules. I will get all the necessary steps taken care of....

broni · 2011/02/16

No problem

Gideon · 2011/02/16

Ok, I'm having a little trouble locating the avast log... The log that is generated just shows the items detected and doesn't offer me the option of copy and pasting. I have set the scan settings to generate a report but I can't seem to find it... Any ideas?

broni · 2011/02/16

Don't worry about Avast scan.

I have a suggestion though.
Set an exemption in Avast for kbdclass.sys file.
Restart computer and your keyboard should get reinstalled.
It may let you use the keyboard normally.

Gideon · 2011/02/16

"broni said: ↑

Don't worry about Avast scan.

I have a suggestion though.
Set an exemption in Avast for kbdclass.sys file.
Restart computer and your keyboard should get reinstalled.
It may let you use the keyboard normally.
Click to expand...

In avast, I follow the browse navigation to the correct location of the kbdclass.sys file folder however I do not get the option of seeing the files to select it so that I can create and exemption. I did however read a little further and the description of the virus is being called Alureon FZ.

Should I just continue with the other scans and post those logs?

broni · 2011/02/16

Under Real-Time Shields>File System Shield, click on "Expert Settings" then "Exclusions" then "Add" button.
Navigate to:
C:\Windows\System32\drivers
Checkmark "drivers" folder and add "kbdclass.sys" file to the path below manually.
See a screenshot here: http://209.85.48.8/228/109/upload/p4475302.gif

Gideon · 2011/02/16

Every time I tried to add the location manually dialog saying "there is no valid path selected choose a check box ". I tried it several time to make sure I was doing it right, but still nothing.

broni · 2011/02/16

Go ahead with other steps then.

Gideon · 2011/02/16

working now.

broni · 2011/02/16

Ok ...

Gideon · 2011/02/17

Alright, here are the requested logs. The MBR Check gave me a log but froze my pc up both times I scanned with it..

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5781

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2011-02-16 20:59:33
mbam-log-2011-02-16 (20-59-33).txt

Scan type: Quick scan
Objects scanned: 168143
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1732 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Gideon\application data\iqmanager (Trojan.FakeCRight) -> Quarantined and deleted successfully.
c:\documents and settings\Gideon\application data\iqmanager\languages (Trojan.FakeCRight) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

GMER

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-17 00:28:16
Windows 5.1.2600 Service Pack 2 Harddisk2\DR2 -> \Device\00000082 Maxtor_6L250S0 rev.BANC1G10
Running: 2n95rrci.exe; Driver: C:\DOCUME~1\Gideon\LOCALS~1\Temp\ffdcipow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB25F3CAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB26109A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB25F5B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB25F5B8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB25F5CA2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB2610359]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB25F5A8A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB25F5BDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB25F5ADE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB25F5C50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB25F3CD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB261106B]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB2611321]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB25F63D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB2610ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB2610D41]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB25F3ADA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB25F3CF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB25F6548]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB25F47F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB25F5B64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB25F5BB4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB25F5CCC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB26106B5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB25F5AB6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB25F620C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB25F5C1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB25F5B0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB25F62F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB25F5C7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB2610BBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB25F46BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB2610A0E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB266C22E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0xB25F657E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0xB25F6142]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB260F9CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB25F3D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB25F3D3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB25F3B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB2611172]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB25F3C44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB25F3C56]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB2678BAE]
Code 88D11CEC ZwRequestPort
Code 88D11D8C ZwRequestWaitReplyPort
Code 88D11C4C ZwTraceEvent
Code 88D11CEB NtRequestPort
Code 88D11D8B NtRequestWaitReplyPort
Code 88D11C4B NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 80534374 5 Bytes JMP 88D11C50
PAGE ntkrnlpa.exe!NtRequestPort 805A1520 5 Bytes JMP 88D11CF0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A184C 5 Bytes JMP 88D11D90
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 5 Bytes JMP B26745D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C18D0 5 Bytes JMP B2675FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2E 7 Bytes JMP B2678BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? jlpipdtu.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB71D03A0, 0x592C35, 0xE8000020]
.text win32k.sys!EngAcquireSemaphore + 20E2 BF80851C 5 Bytes JMP 88D114D0
.text win32k.sys!EngFreeUserMem + 5B9B BF80F06C 5 Bytes JMP 88D11430
.text win32k.sys!EngPaint + 4F1 BF8255EF 5 Bytes JMP 88D11610
.text win32k.sys!CLIPOBJ_bEnum + 2982 BF831388 5 Bytes JMP 88D11750
.text win32k.sys!EngUnmapFontFileFD + EE41 BF841183 5 Bytes JMP 88D116B0
.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP 88D11A70
.text win32k.sys!XLATEOBJ_iXlate + 3A46 BF8716ED 5 Bytes JMP 88D11570
.text win32k.sys!EngStretchBltROP + 34B9 BF8BA262 5 Bytes JMP 88D11930
.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP 88D117F0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F9A45 5 Bytes JMP 88D119D0
.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP 88D11B10
.text win32k.sys!EngCreateClip + 1F51 BF9137D5 5 Bytes JMP 88D11BB0
.text win32k.sys!EngCreateClip + 2597 BF913E1B 5 Bytes JMP 88D11890

---- User code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\winlogon.exe[916] C:\WINDOWS\system32\winlogon.exe section is executable [0x01076000, 0xB000, 0x60000060]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[964] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[964] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes

---- EOF - GMER 1.0.15 ----

Gideon · 2011/02/17

MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x03e00c3d

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB7F18000 nvata.sys
0xB80F8000 DISK.SYS
0xB8108000 \WINDOWS\SYSTEM32\DRIVERS\CLASSPNP.SYS
0xB7EF8000 fltMgr.sys
0xB7EE6000 sr.sys
0xB7ECF000 KSecDD.sys
0xB7EBC000 WudfPf.sys
0xB7E2F000 Ntfs.sys
0xB7E02000 NDIS.sys
0xB85AC000 speedfan.sys
0xB7DE7000 Mup.sys
0xB8671000 giveio.sys
0xB85AE000 ABIT-IO.sys
0xB8138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8248000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB8430000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB7D7C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8554000 \SystemRoot\system32\drivers\pfc.sys
0xB8258000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8268000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7D59000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8560000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB7D34000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8278000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB7C2F000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB7BDC000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xB71D0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB71BC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8340000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB86C4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8298000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8590000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB71A5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB716C000 \SystemRoot\system32\DRIVERS\psched.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8410000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB82E8000 \SystemRoot\system32\drivers\SaiBus.sys
0xB85BE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7098000 \SystemRoot\system32\DRIVERS\update.sys
0xB7DBF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB7DB7000 \SystemRoot\system32\drivers\WmBEnum.sys
0xB82F8000 \SystemRoot\system32\drivers\WmXlCore.sys
0xB8308000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xB8318000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB701D000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB8148000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
0xB8450000 \SystemRoot\system32\DRIVERS\nvoclock.sys
0xB6FE2000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0xB8158000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB857C000 \SystemRoot\system32\DRIVERS\SaiMini.sys
0xB8168000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8388000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8178000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8584000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB858C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB2947000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB2925000 \SystemRoot\system32\drivers\portcls.sys
0xB81A8000 \SystemRoot\system32\drivers\drmk.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB2902000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xB8602000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8786000 \SystemRoot\System32\Drivers\Null.SYS
0xB8606000 \SystemRoot\System32\Drivers\Beep.SYS
0xB81D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8380000 \SystemRoot\System32\drivers\vga.sys
0xB860A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB860E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8398000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83B8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4E9D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2807000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB27AF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB81E8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB278E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB276E000 \SystemRoot\System32\DRIVERS\NVTcp.sys
0xB8208000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB2746000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB7195000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB2724000 \SystemRoot\System32\drivers\afd.sys
0xB8218000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB26F9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB268A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB715C000 \SystemRoot\System32\Drivers\Fips.SYS
0xB2663000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB260A000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xB83E0000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB25BF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB84B0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8368000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB8428000 \SystemRoot\system32\drivers\ma_cmidi.sys
0xB83A0000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xB7189000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8488000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB84A0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB257E000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xB8634000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2602000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8480000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86D2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB2075000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB1DD1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB1CA6000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB19AE000 \SystemRoot\system32\drivers\wdmaud.sys
0xB20CD000 \SystemRoot\system32\drivers\sysaudio.sys
0xB172A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1722000 \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys
0xB1593000 \SystemRoot\system32\DRIVERS\srv.sys
0xB124B000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0xB1233000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xB05FC000 \SystemRoot\System32\Drivers\HTTP.sys
0xB83C0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB05B4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAF985000 \SystemRoot\system32\drivers\kmixer.sys
0xB0E8B000 \SystemRoot\system32\drivers\swmidi.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
824 C:\WINDOWS\system32\smss.exe
892 csrss.exe
916 C:\WINDOWS\system32\winlogon.exe
964 C:\WINDOWS\system32\services.exe
976 C:\WINDOWS\system32\lsass.exe
1128 C:\WINDOWS\system32\nvsvc32.exe
1216 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1412 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1448 C:\WINDOWS\system32\svchost.exe
1520 C:\WINDOWS\system32\svchost.exe
1696 svchost.exe
1824 svchost.exe
2044 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
312 C:\WINDOWS\explorer.exe
644 C:\WINDOWS\system32\spoolsv.exe
1648 svchost.exe
1692 C:\Program Files\Bonjour\mDNSResponder.exe
1908 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
148 C:\Program Files\Java\jre6\bin\jqs.exe
256 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
300 C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
588 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
1156 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
1760 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
2076 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
2128 C:\WINDOWS\system32\PnkBstrA.exe
2248 C:\WINDOWS\system32\PnkBstrB.exe
2296 C:\WINDOWS\system32\PSIService.exe
2400 C:\Program Files\Sandboxie\SbieSvc.exe
2540 C:\WINDOWS\system32\svchost.exe
2632 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
2916 C:\Program Files\Saitek\Software\ProfilerU.exe
3036 C:\Program Files\Saitek\Software\SaiMfd.exe
3220 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3296 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
3304 C:\WINDOWS\system32\rundll32.exe
3320 C:\WINDOWS\system32\ctfmon.exe
3332 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3424 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
3864 C:\Program Files\Logitech\SetPoint\SetPoint.exe
1788 alg.exe
3272 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
580 C:\WINDOWS\system32\svchost.exe
2668 wmiprvse.exe
324 C:\Documents and Settings\Gideon\Desktop\hezb0ller\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000002`20af2e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (FAT32)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000002`b9375e00 (NTFS)
\\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive2 Model Number: Maxtor6L250S0, Rev: BANC1G10
PhysicalDrive0 Model Number: WDCWD400EB-00CPF0, Rev: 06.04G06
PhysicalDrive1 Model Number: MAXTORSTM3320620AS

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive2

DDS

DDS (Ver_10-12-12.02) - NTFSx86
Run by Gideon at 12:57:55.34 on 2011-02-17
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1306 [GMT -8:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ActiveArmor Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Gideon\Desktop\hezb0ller\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBit0.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [DAEMON Tools Pro Agent] "k:\daemon tools pro\DTAgent.exe" -autorun
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Profiler] c:\program files\saitek\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\software\SaiMfd.exe
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\gideon\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.putfile.com/includes/ImageUploader4-5.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {b2c3bb6b-e005-4246-b8e5-df0a4d073cdc} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gideon\applic~1\mozilla\firefox\profiles\6vmax83e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - component: c:\documents and settings\gideon\application data\mozilla\firefox\profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\gideon\application data\mozilla\firefox\profiles\6vmax83e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\gideon\application data\mozilla\firefox\profiles\6vmax83e.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\gideon\application data\mozilla\firefox\profiles\6vmax83e.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Arabic spell-checking dictionary: ar@dictionaries.addons.mozilla.org - %profile%\extensions\ar@dictionaries.addons.mozilla.org
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.sys [2007-6-29 4608]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-11 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-11 165584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-11 40384]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-5 20072]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-11 40384]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-12 218688]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S1 MpKslcb21d3e3;MpKslcb21d3e3;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{6f3c876a-1946-4fdd-8b3c-c4b9e1c5c240}\mpkslcb21d3e3.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{6f3c876a-1946-4fdd-8b3c-c4b9e1c5c240}\MpKslcb21d3e3.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-25 135664]
S3 dsaudiodevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [2009-2-8 16640]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-7-24 14424]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2007-5-6 176384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2010-6-8 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2010-6-8 22304]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-17 00:17:15 5890896 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{adfabeab-9aaf-4b66-b6cf-7be261054dc3}\mpengine.dll
2011-02-15 05:18:17 -------- dc-h--w- c:\docume~1\alluse~1.win\applic~1\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2011-02-15 04:58:31 -------- dc-h--w- c:\docume~1\alluse~1.win\applic~1\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
2011-02-15 04:32:26 -------- dc-h--w- c:\docume~1\alluse~1.win\applic~1\{3689B77C-90FA-4663-91AB-5AB34383CD81}
2011-02-15 04:32:20 -------- dc-h--w- c:\docume~1\alluse~1.win\applic~1\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
2011-02-15 04:19:36 -------- dc----w- c:\docume~1\alluse~1.win\applic~1\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
2011-02-14 01:15:41 172032 ----a-w- c:\windows\system32\FxGoWinFu.dll
2011-02-14 01:15:37 -------- d-----w- c:\program files\XILS-lab
2011-02-13 22:55:06 -------- d-----w- c:\program files\D16 Group
2011-02-12 20:02:28 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-12 20:01:30 -------- d-----w- c:\docume~1\gideon\applic~1\DAEMON Tools Pro
2011-02-12 20:01:30 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\DAEMON Tools Pro
2011-02-12 05:46:31 2240 ----a-w- c:\windows\LENDIG.sys
2011-02-12 05:03:13 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-12 05:02:29 38848 ----a-w- c:\windows\avastSS.scr
2011-02-12 05:02:24 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software
2011-02-12 03:56:20 86016 ----a-w- c:\windows\unvise32.exe
2011-02-11 22:47:31 17408 ------w- c:\windows\system32\minimp3.exe
2011-02-11 21:18:31 -------- d-----w- c:\docume~1\gideon\applic~1\iZotope
2011-02-11 21:10:55 710496 ----a-w- c:\program files\uninstall information\{842c6afc-7856-4fd9-99af-8900554acaa2}\unins000.exe
2011-02-11 18:15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 18:15:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 18:15:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 17:17:08 2440704 ----a-w- c:\windows\system32\SYNSOEMU.DLL

==================== Find3M ====================

2011-02-15 00:08:50 218496 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-15 00:08:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-02-15 00:03:35 218492 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-02 00:12:17 720896 ----a-w- c:\windows\iun6002.exe

============= FINISH: 12:59:13.20 ===============

ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume5
Install Date: 2007-05-06 18:12:40
System Uptime: 2011-02-17 12:22:44 (0 hours ago)

Motherboard: http://www.abit.com.tw/ | | KN9(NF-MCP55 series)
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket M2 | 2399/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ | Socket M2 | 2399/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 224 GiB total, 15.64 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.766 GiB free.
E: is FIXED (NTFS) - 37 GiB total, 37.118 GiB free.
F: is Removable
K: is FIXED (NTFS) - 287 GiB total, 56.583 GiB free.
L: is FIXED (NTFS) - 11 GiB total, 7.699 GiB free.
V: is CDROM ()
W: is Removable
X: is Removable
Y: is Removable
Z: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\3&2411E6FE&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\3&2411E6FE&0
Service: i8042prt

==== System Restore Points ===================

RP544: 2011-02-11 18:15:47 - System Checkpoint
RP545: 2011-02-11 21:02:24 - avast! Pro Antivirus Setup
RP546: 2011-02-12 03:00:31 - Software Distribution Service 3.0
RP547: 2008-02-12 16:42:48 - Unsigned driver install
RP548: 2008-02-13 03:00:31 - Software Distribution Service 3.0
RP549: 2011-02-13 11:03:04 - Software Distribution Service 3.0
RP550: 2011-02-13 14:55:05 - Installed Drumazon
RP551: 2011-02-13 15:17:10 - Installed Nepheton
RP552: 2011-02-13 15:19:07 - Installed Nithonat
RP553: 2011-02-13 17:58:13 - Software Distribution Service 3.0
RP554: 2011-02-14 03:00:16 - Software Distribution Service 3.0

==== Installed Programs ======================

ABITEQ V1.0.2.5
AC3Filter 1.63b
Addictive Drums 1.5
Addictive Drums ADpak Retro
Adobe Acrobat 5.0
Adobe AIR
Adobe Audition 1.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop 7.0
Adobe Photoshop CS5
Adobe Reader 9.3.3
Alchemy
AMD Processor Driver
Architag XRay XML Editor
ASIO4ALL
avast! Pro Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Bass Station 1.50
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2142
Battlefield Vietnam(TM)
BitTorrent
BitTorrentBar Toolbar
Bonjour
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Camel Audio Cameleon 5000 v1.7 VSTi
CDDRV_Installer
ClipX
ComicRack v0.9.133
Conduit Engine
CPUID HWMonitor 1.16
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Pro
Disc Golf
Drumazon
Dual-Core Optimizer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
EA Download Manager UI
Enigma
ffdshow v1.1.3426 [2010-05-09]
FileZilla Client 3.3.2.1
FilterBank v3.2
FireBird+ v1.9
Firewire Family
Free YouTube Download version 2.10.28
GForce - Minimonsta
GForce - Oddity
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HOTLLAMA Media Player
ImgBurn
InterActual Player
iTunes
iZotope Ozone 4
Java Auto Updater
Java(TM) 6 Update 20
KhalInstallWrapper
Lexmark 2300 Series
Live 8.0.1
Logitech Gaming Software
Logitech SetPoint
M-Audio Series II MIDI
Malwarebytes' Anti-Malware
MaxBlast 4
Media Player Codec Pack 3.9.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Xbox 360 Accessories 1.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MIKSOFT Mobile AMR converter
MKVtoolnix 3.3.0
Mozilla Firefox (3.6.8)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Native Instruments FM8
Native Instruments Massive
Native Instruments Service Center
Native Instruments Vokator
Nepheton
Nithonat
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA nView Desktop Manager
NVIDIA Performance
NVIDIA System Monitor
NVIDIA WDM Drivers
OrangeVocoder VST 2.02
PDF Settings CS5
PeerBlock 1.0.0 (r181)
Pinnacle Game Profiler
Pixelformer
PixiePack Codec Pack
PunkBuster for Battlefield 1942
PunkBuster for Battlefield Vietnam
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
reFX Nexus 1.0.0
reFX Nexus 1.0.9
Resource Tuner 1.99 R6
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Saitek SST Programming Software
Sandboxie 3.442
Search Settings v1.2.3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic Charge Synplant 1.0
Sonic CinePlayer DVD Pack
SpeedFan (remove only)
Steam
Sylenth1 v2.20
System Requirements Lab
Ulead GIF Animator 5
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Keyboard Device 1.0.1.0
V-Station 1.6
Virtual DJ Pro Full - Atomix Productions
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Mail
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WordPerfect - MAIL
WordPerfect Office 2002
WordPerfect Office X3
XILS-lab polyKB VSTi RTAS v1.0
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

2011-02-16 21:03:20, error: Print [19] - Sharing printer failed + 1722, Printer Send To OneNote 2007 share name Printer2.
2011-02-16 20:22:12, error: Service Control Manager [7034] - The Sandboxie Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:12, error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:11, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:11, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:11, error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:10, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:09, error: Service Control Manager [7034] - The Performance Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:09, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:09, error: Service Control Manager [7034] - The Forceware Web Interface service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:09, error: Service Control Manager [7034] - The ForceWare user log service service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:09, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:08, error: Service Control Manager [7034] - The M-Audio Series II MIDI Installer service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:07, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:07, error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).
2011-02-16 20:22:07, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
2011-02-15 08:18:56, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswSnx aswSP aswTdi Fips i8042prt IPSec MpFilter MRxSmb NetBIOS NetBT NVTCP RasAcd Rdbss Tcpip WS2IFSL
2011-02-15 08:18:56, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2011-02-15 08:18:56, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2011-02-15 08:18:56, error: Service Control Manager [7001] - The Forceware Web Interface service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2011-02-15 08:18:56, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2011-02-15 08:18:56, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2011-02-15 08:18:56, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2011-02-15 08:18:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2011-02-15 08:17:54, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2011-02-14 21:55:44, information: Windows File Protection [64004] - The protected system file kbdclass.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000005 [Access is denied. ].
2011-02-14 21:53:14, information: Windows File Protection [64004] - The protected system file kbdclass.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000000 [The operation completed successfully. ].
2011-02-14 21:53:14, information: Windows File Protection [64002] - File replacement was attempted on the protected system file kbdclass.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
2011-02-14 21:53:08, information: Windows File Protection [64021] - The system file c:\windows\system32\drivers\kbdclass.sys could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
2011-02-14 21:51:30, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\kbdclass.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
2011-02-13 19:05:52, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
2011-02-13 17:47:49, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
2011-02-13 17:47:42, error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
2011-02-13 17:46:26, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2011-02-13 17:46:26, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2011-02-13 16:48:51, error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\D.
2011-02-13 11:05:10, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
2011-02-13 11:05:10, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).

End Of File

broni · 2011/02/17

You're running two AV programs, Microsoft Security Essentials and Avast.
One of them has to go.
Your choice.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

===============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Gideon · 2011/02/20

Here are the logs you requested. Combo fix had a few popups come up while it was running. I tried to follow the directions as closely as I could so I hope I got it right. I got a log called rootkit debug, did you need that as well, I'm assuming not.

Bootkit

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive2 at offset 0x00000002`20af2e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive2 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Combofix

ComboFix 11-02-18.05 - Gideon 2011-02-19 14:02:35.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1421 [GMT -8:00]
Running from: c:\documents and settings\Gideon\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\windows\system32\stus.exe

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-15 05:18 . 2011-02-15 05:18 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2011-02-15 04:58 . 2011-02-15 04:58 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
2011-02-15 04:32 . 2011-02-15 04:32 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}
2011-02-15 04:32 . 2011-02-15 04:32 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
2011-02-15 04:19 . 2011-02-15 04:19 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
2011-02-14 01:15 . 2006-01-03 17:29 172032 ----a-w- c:\windows\system32\FxGoWinFu.dll
2011-02-14 01:15 . 2011-02-14 01:15 -------- d-----w- c:\program files\XILS-lab
2011-02-13 22:55 . 2011-02-13 23:19 -------- d-----w- c:\program files\D16 Group
2011-02-12 20:02 . 2011-02-12 20:02 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-12 20:01 . 2011-02-12 20:03 -------- d-----w- c:\documents and settings\Gideon\Application Data\DAEMON Tools Pro
2011-02-12 20:01 . 2011-02-12 20:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
2011-02-12 05:46 . 2006-09-14 09:21 2240 ----a-w- c:\windows\LENDIG.sys
2011-02-12 05:03 . 2010-09-07 15:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-12 05:03 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-12 05:03 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-12 05:03 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-12 05:03 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-12 05:03 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-12 05:03 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-12 05:03 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-12 05:02 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2011-02-12 05:02 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-12 05:02 . 2011-02-12 05:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-02-12 03:56 . 1999-12-17 18:13 86016 ----a-w- c:\windows\unvise32.exe
2011-02-11 22:47 . 2003-07-06 17:10 17408 ------w- c:\windows\system32\minimp3.exe
2011-02-11 21:18 . 2011-02-11 21:18 -------- d-----w- c:\documents and settings\Gideon\Application Data\iZotope
2011-02-11 21:10 . 2011-02-11 21:09 710496 ----a-w- c:\program files\Uninstall Information\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}\unins000.exe
2011-02-11 18:15 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 18:15 . 2011-02-11 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 18:15 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 17:17 . 2010-01-17 07:27 2440704 ----a-w- c:\windows\system32\SYNSOEMU.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 00:12 . 2007-05-17 16:48 720896 ----a-w- c:\windows\iun6002.exe
.

------- Sigcheck -------

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2010-04-14 . 6BDF6B80F3C6C37BEF59637FA8A652F2 . 505856 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527} "= "c:\program files\BitTorrentBar\tbBit0.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-14 05:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-11-14 05:58 3913000 ----a-w- c:\program files\BitTorrentBar\tbBit0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527} "= "c:\program files\BitTorrentBar\tbBit0.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@= "{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} "
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 68856]
"DAEMON Tools Pro Agent "= "k:\daemon tools pro\DTAgent.exe" [2011-01-13 840000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Profiler "= "c:\program files\Saitek\Software\ProfilerU.exe" [2005-08-30 163840]
"SaiMfd "= "c:\program files\Saitek\Software\SaiMfd.exe" [2005-09-10 126976]
"LXCGCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-06-08 110696]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-06-08 13902440]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
"SwitchBoard "= "c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-6 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi2 "=ma_cmidn.dll
"midi3 "=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-06-08 00:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\rmiregistry.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142Pace.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\WINDOWS\\system32\\winver.exe "=
"c:\\Program Files\\ComicRack\\ComicRack.exe "=

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.sys [2007-06-29 4608]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-02-11 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-11 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-11 17744]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-06-05 20072]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-02-12 218688]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-09-15 38248]
S1 MpKslcb21d3e3;MpKslcb21d3e3;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F3C876A-1946-4FDD-8B3C-C4B9E1C5C240}\MpKslcb21d3e3.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F3C876A-1946-4FDD-8B3C-C4B9E1C5C240}\MpKslcb21d3e3.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 135664]
S3 dsaudiodevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [2009-02-08 16640]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-07-24 14424]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2007-05-06 176384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2010-06-08 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2010-06-08 22304]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-06-16 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{b2c3bb6b-e005-4246-b8e5-df0a4d073cdc}]
2008-06-18 23:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-TELETRAN-Gideon.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-12 11:44]

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 18:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Gideon\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Gideon\Application Data\Mozilla\Firefox\Profiles\6vmax83e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Arabic spell-checking dictionary: ar@dictionaries.addons.mozilla.org - %profile%\extensions\ar@dictionaries.addons.mozilla.org
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Sylenth1_is1 - k:\vst\VSTPlugins\Sylenth1\unins000.exe
AddRemove-Tone2 FireBird+_is1 - c:\documents and settings\Gideon\Desktop\VST\FB\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 15:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

C:\## aswSnx private storage

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\!caution! never delete or change any key*]
"?? "=hex:06,6a,34,8c,2c,ee,0c,df,81,f2,44,9c,83,04,9d,b9,ae,11,19,28,ea,cf,84,
08,4f,c4,9b,d6,da,49,5a,4e,98,bb,65,1b,68,82,00,5f,3f,4e,d9,96,b1,d0,cc,67,\
"?? "=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\SecuROM\License information*]
"datasecu "=hex:b4,7c,02,9a,a8,fd,49,1e,71,20,25,04,4f,b9,9e,8c,9e,74,ad,88,b0,
ae,93,a0,e7,c7,99,f5,24,5a,47,33,11,15,77,ac,01,d8,43,54,01,6e,7d,7b,af,b0,\
"rkeysecu "=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2011-02-19 15:41:31
ComboFix-quarantined-files.txt 2011-02-19 23:41
ComboFix2.txt 2010-05-13 18:17

Pre-Run: 16,339,734,528 bytes free
Post-Run: 16,321,146,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - C56ED62E4F609BD0D15975A3F0A38DEF

broni · 2011/02/20

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\winlogon.exe
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\FxGoWinFu.dll

FileLook::
c:\windows\system32\drivers\dtsoftbus01.sys

RegLock::
[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Gideon · 2011/02/20

ntivirus Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 Malware/Win32.Suspicious
AntiVir 7.11.3.165 2011.02.20 TR/Patched.CX.155
Antiy-AVL 2.0.3.7 2011.02.19 Trojan/Win32.Patched.gen
Avast 4.8.1351.0 2011.02.20 -
Avast5 5.0.677.0 2011.02.20 -
AVG 10.0.0.1190 2011.02.20 -
BitDefender 7.2 2011.02.20 Backdoor.Generic.352522
CAT-QuickHeal 11.00 2011.02.20 -
ClamAV 0.96.4.0 2011.02.20 -
Commtouch 5.2.11.5 2011.02.20 -
Comodo 7753 2011.02.20 -
DrWeb 5.0.2.03300 2011.02.20 -
eSafe 7.0.17.0 2011.02.17 -
eTrust-Vet 36.1.8170 2011.02.18 -
F-Prot 4.6.2.117 2011.02.20 -
F-Secure 9.0.16160.0 2011.02.20 -
Fortinet 4.2.254.0 2011.02.20 -
GData 21 2011.02.20 Backdoor.Generic.352522
Ikarus T3.1.1.97.0 2011.02.20 Trojan.Win32.Patched
Jiangmin 13.0.900 2011.02.20 -
K7AntiVirus 9.87.3906 2011.02.19 Trojan-Downloader
Kaspersky 7.0.0.125 2011.02.20 -
McAfee 5.400.0.1158 2011.02.20 Generic Downloader.x!dkq
McAfee-GW-Edition 2010.1C 2011.02.20 Generic Downloader.x!dkq
Microsoft 1.6502 2011.02.20 -
NOD32 5891 2011.02.20 -
Norman 6.07.03 2011.02.20 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.20 Trj/CI.A
PCTools 7.0.3.5 2011.02.20 Adware.Lop!rem
Prevx 3.0 2011.02.20 -
Rising 23.45.04.06 2011.02.18 -
Sophos 4.61.0 2011.02.20 -
SUPERAntiSpyware 4.40.0.1006 2011.02.20 -
Symantec 20101.3.0.103 2011.02.20 Adware.Lop
TheHacker 6.7.0.1.134 2011.02.20 Trojan/Patched.cx
TrendMicro 9.200.0.1012 2011.02.20 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -
VBA32 3.12.14.3 2011.02.18 -
VIPRE 8486 2011.02.20 Trojan-Downloader.Win32.Small
ViRobot 2011.2.19.4319 2011.02.20 -
VirusBuster 13.6.210.1 2011.02.20 -
Additional information
Show all
MD5 : 6bdf6b80f3c6c37bef59637fa8a652f2
SHA1 : 37b40c118af9317c79e00da0683827a3465c44cf
SHA256: 7e37c2e89d785ae650e4b9d58c28c5933fa7f49adcc1af52962d63be74498d12

Gideon · 2011/02/20

I keep getting a message saying that Avast is still active when I run combo fix, but I have turned of real time protection and made sure that I ended process through task manager. Should I continue because combo fix is telling me to proceed at my own risk,

Log in or Sign up

Solved Ps/2 Keyboard Failure and kbdclass.sys Problem

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

Gideon Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Ps/2 Keyboard Failure and kbdclass.sys Problem

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

broni Moderator Malware Analyst

Gideon Inactive Thread Starter

Gideon Inactive Thread Starter

Share This Page

Useful Searches