Solved Generic Host Process for Win32 Services error, firefox crashes

[Resolved] Generic Host Process for Win32 Services error, firefox crashes

Hi. Last night I got attacked by the Recycle.Bin virus which I then proceeded to try to get rid of with Malwarebytes. However, now everytime I boot my computer, after a while I will get the message "Generic Host Process for Win32 Services has encountered a problem and needs to close." I will then lose sound and my Windows taskbar will change format. As well as this my firefox struggles to open and will crash frequently even if I try to Google something.

I had this same problem a few months ago, minus the firefox problems which I managed to sort out myself with a combination of TDSS rookit removal tool, Combofix, MWB and Trend Micro Housecall virus scan. However now TDSSkiller won't start, it'll get stuck on Initialization on 80% followed by a message that it cannot open. The others work but the problem hasn't gone. I only just installed and ran Avast antivirus but it crashes at the end when I click "add to chest ".

Here are my logs as requested:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6484

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

01/05/2011 20:25:16
mbam-log-2011-05-01 (20-25-16).txt

Scan type: Quick scan
Objects scanned: 172567
Time elapsed: 8 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-01 19:57:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600JB-00EVA0 rev.15.05R15
Running: e0k35nyu.exe; Driver: C:\DOCUME~1\RICKYJ~1\LOCALS~1\Temp\fxtdrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAE89B534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAE895782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAE8B46DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAE89BCC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAE8AEEB4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAE8AF2A2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAE8B8916]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAE89BDF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAE896398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAE8B5FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAE8B593C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAE8ADDF0]
SSDT spas.sys ZwEnumerateKey [0xF843CDA4]
SSDT spas.sys ZwEnumerateValueKey [0xF843D132]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAE8B693C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAE8B6B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAE895FAA]
SSDT spas.sys ZwOpenKey [0xF84240C0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAE8B11CE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAE8B0DF8]
SSDT spas.sys ZwQueryKey [0xF843D20A]
SSDT spas.sys ZwQueryValueKey [0xF843D08A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAE8B78D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAE8B7208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAE89B0F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAE8B82A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAE89B7DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAE89675C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAE8B7E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAE8B50C4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAE8AFF0A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAE8AFC86]

INT 0x62 ? 82F6ABF8
INT 0x82 ? 82F6ABF8
INT 0x83 ? 82DDCBF8
INT 0x83 ? 82DDCBF8
INT 0x83 ? 82DDCBF8
INT 0xB4 ? 82FDCBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [C0, BC, 89, AE, B4, EE, 8A, ...]
? spas.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F74858AC 5 Bytes JMP 82DDC1D8
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF72C7510]
.text aajfv77p.SYS F7237386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aajfv77p.SYS F72373AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aajfv77p.SYS F72373C4 3 Bytes [00, 80, 02]
.text aajfv77p.SYS F72373C9 1 Byte [30]
.text aajfv77p.SYS F72373C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AC000A
.text C:\WINDOWS\Explorer.EXE[480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AD000A
.text C:\WINDOWS\Explorer.EXE[480] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006F000C
.text C:\WINDOWS\System32\svchost.exe[1064] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D3000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1968] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402024 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0104000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0146000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2340] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0103000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82FDC2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F844FDDC] spas.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F844FE30] spas.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8425042] spas.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842513E] spas.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84250C0] spas.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8425800] spas.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84256D6] spas.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82DDC2D8
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aajfv77p.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8434B90] spas.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AE8A0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AE8A04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AE8A0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AE89EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AE89EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AE8A0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AE8A04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AE8A0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AE8A0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AE89EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AE8A0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AE8A04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AE8A0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AE8A04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AE8A0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AE89EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AE8A0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AE8A04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AE8A0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [AE8A0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [AE89EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [AE8A0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [AE8A04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AE8A0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AE8A04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AE89EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AE8A0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AE87E3C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AE8A0672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AE89EC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AE8A0CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AE8A04C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AE8972AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AE89760C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [AE896D40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile]

 

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F691F8

AttachedDevice \FileSystem\Ntfs \Ntfs ino_fltr.sys (CA eTrust Antivirus/InoculateIT File System Filter Driver for Windows 2000/Computer Associates)
AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/Computer Associates)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbohci \Device\USBPDO-0 82DB01F8
Device \Driver\usbohci \Device\USBPDO-1 82DB01F8
Device \Driver\usbehci \Device\USBPDO-2 82DCC500
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk@imagepath \systemroot\system32\drivers\SKYNETdmtbwpcm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\main@sid 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETdmtbwpcm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\modules@SKYNETcmd.dll \systemroot\system32\SKYNETqlhabjgv.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\modules@SKYNETlog.dat \systemroot\system32\SKYNETudpqxoym.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\modules@SKYNETwsp.dll \systemroot\system32\SKYNETxbqawjkv.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETaitlexvk\modules@SKYNET.dat \systemroot\system32\SKYNETrtohsgdu.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACllrsmujwpk.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACllrsmujwpk.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChasxfgowpq.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAClwmnmdivsb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACerfoexnowb.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACeqeaxnmhxt.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACnyvibivamw.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxaavscvrbn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACbdsbsqhedn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9E 0x4F 0xB5 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x17 0x05 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB3 0x15 0x89 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9E 0x4F 0xB5 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0D 0x17 0x05 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB3 0x15 0x89 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C97A7F5-2BB6-2929-880C-8425296A1769}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C97A7F5-2BB6-2929-880C-8425296A1769}@dbgcahefcobkgdckmanlkaklgcpnecblhoefgdgj 0x6B 0x61 0x61 0x62 ...

---- EOF - GMER 1.0.15 ----

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0x82E52000 \WINDOWS\system32\KDCOM.DLL
0xF894B000 \WINDOWS\system32\BOOTVID.dll
0xF8423000 spdw.sys
0xF8A37000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF840B000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF83DD000 ACPI.sys
0xF83CC000 pci.sys
0xF8537000 ohci1394.sys
0xF8547000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF8557000 isapnp.sys
0xF8AFF000 pciide.sys
0xF87B7000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8567000 MountMgr.sys
0xF83AD000 ftdisk.sys
0xF87BF000 PartMgr.sys
0xF8577000 VolSnap.sys
0xF8395000 atapi.sys
0xF8587000 disk.sys
0xF8597000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8375000 fltmgr.sys
0xF8363000 sr.sys
0xF87C7000 ino_flpy.sys
0xF85A7000 PxHelp20.sys
0xF834C000 KSecDD.sys
0xF8339000 WudfPf.sys
0xF82AC000 Ntfs.sys
0xF827F000 NDIS.sys
0xF8265000 Mup.sys
0xF894F000 atisgkaf.sys
0xF85D7000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF7BBB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF7A25000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF72DF000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF72CB000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF891F000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF72A7000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8927000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7A15000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF892F000 \SystemRoot\system32\drivers\Asapiw2k.sys
0xF7A05000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF79F5000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7284000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8937000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7271000 \SystemRoot\System32\DRIVERS\basic2.sys
0xF79E5000 \SystemRoot\System32\DRIVERS\SOAR.SYS
0xF8627000 \SystemRoot\System32\DRIVERS\rksample.sys
0xF71E8000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF71C1000 \SystemRoot\System32\DRIVERS\AmosNt.SYS
0xF893F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF71B0000 \SystemRoot\System32\DRIVERS\Rtlnic51.sys
0xF712E000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF710A000 \SystemRoot\system32\drivers\portcls.sys
0xF8637000 \SystemRoot\system32\drivers\drmk.sys
0xF70AA000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xF7071000 \SystemRoot\System32\Drivers\agltkc7m.SYS
0xF8847000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8647000 \SystemRoot\System32\DRIVERS\serial.sys
0xF79D5000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF705D000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8657000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF884F000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8857000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF79D1000 \SystemRoot\System32\DRIVERS\fsvga.sys
0xF8C1D000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8667000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF79CD000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7046000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8677000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8687000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF885F000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7035000 \SystemRoot\System32\DRIVERS\psched.sys
0xF742D000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8867000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF886F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF741D000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A7D000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6FD7000 \SystemRoot\System32\DRIVERS\update.sys
0xF79C1000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF86A7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF86D7000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A8B000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xAE796000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xADB55000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8AF9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xADBF1000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AFB000 \SystemRoot\System32\Drivers\Beep.SYS
0xADB45000 \SystemRoot\System32\drivers\vga.sys
0xF8AFD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A39000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xADB3D000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAD9EB000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAE782000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xAD4CD000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xAD474000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xAD424000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAD3FE000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xADF04000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xAD3BC000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xAD33B000 \SystemRoot\System32\vsdatant.sys
0xADEF4000 \SystemRoot\system32\drivers\ip6fw.sys
0xADEE4000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xAD9E3000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xAD319000 \SystemRoot\System32\drivers\afd.sys
0xADED4000 \SystemRoot\System32\DRIVERS\netbios.sys
0xAD2EE000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAD27E000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xADEB4000 \SystemRoot\System32\Drivers\Fips.SYS
0xAD844000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xAD470000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xA668F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA5AB2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8ABD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA67DF000 \SystemRoot\System32\drivers\Dxapi.sys
0xA674F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAAC8E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF075000 \SystemRoot\System32\ati3duag.dll
0xBF196000 \SystemRoot\System32\ativvaxx.dll
0xBF227000 \SystemRoot\System32\ATMFD.DLL
0xA5A96000 \??\C:\WINDOWS\System32\Drivers\ino_fltr.sys
0xB1DA6000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA59D2000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA596D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA5E3D000 \SystemRoot\system32\drivers\sysaudio.sys
0xA58CA000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8A99000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA585D000 \SystemRoot\System32\DRIVERS\fallback.sys
0xA5841000 \SystemRoot\System32\DRIVERS\fsksnt.sys
0xA5741000 \SystemRoot\System32\DRIVERS\k56nt.sys
0xA580D000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xA56C1000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5691000 \SystemRoot\System32\DRIVERS\faxnt.sys
0xF73ED000 \SystemRoot\System32\DRIVERS\tonesnt.sys
0xA554F000 \SystemRoot\System32\DRIVERS\v124nt.sys
0xA50B4000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 39):
0 System Idle Process
4 System
576 C:\WINDOWS\system32\smss.exe
628 csrss.exe
652 C:\WINDOWS\system32\winlogon.exe
700 C:\WINDOWS\system32\services.exe
720 C:\WINDOWS\system32\lsass.exe
896 C:\WINDOWS\system32\ati2evxx.exe
912 C:\WINDOWS\system32\svchost.exe
968 svchost.exe
1040 C:\WINDOWS\system32\svchost.exe
1160 C:\WINDOWS\system32\svchost.exe
1244 svchost.exe
1304 svchost.exe
1356 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1552 C:\WINDOWS\system32\ati2evxx.exe
1632 C:\WINDOWS\explorer.exe
1940 C:\WINDOWS\system32\spoolsv.exe
1172 svchost.exe
1236 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1276 C:\Program Files\Bonjour\mDNSResponder.exe
1416 C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
1520 C:\Program Files\CA\eTrust Antivirus\InoRT.exe
1624 C:\Program Files\CA\eTrust Antivirus\InoTask.exe
256 C:\Program Files\Java\jre6\bin\jqs.exe
388 C:\WINDOWS\system32\tcpsvcs.exe
472 C:\WINDOWS\system32\svchost.exe
1312 C:\WINDOWS\system32\wuauclt.exe
2672 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2820 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2828 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
2864 alg.exe
2900 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3676 C:\WINDOWS\system32\svchost.exe
2128 C:\Program Files\Mozilla Firefox\firefox.exe
1004 C:\Program Files\Mozilla Firefox\firefox.exe
952 C:\Program Files\Mozilla Firefox\firefox.exe
2984 C:\Documents and Settings\Ricky Jim\Desktop\MBRCheck.exe
3000 C:\PROGRA~1\CA\SHARED~1\SCANEN~1\Inodist.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-00EVA0, Rev: 15.05R15

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ricky Jim at 20:12:55.00 on 01/05/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.510.150 [GMT 1:00]
.
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ricky Jim\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.4000.1001\en-gb\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196260216203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WB - c:\program files\alienguise\fastload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\rickyj~1\applic~1\mozilla\firefox\profiles\ocg0jziu.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {C6CB8156-7B49-4F04-BD02-DAEF119084AE} - c:\documents and settings\ricky jim\local settings\application data\{C6CB8156-7B49-4F04-BD02-DAEF119084AE}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-23 532224]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S0 ydgoxr;ydgoxr;c:\windows\system32\drivers\ctpey.sys --> c:\windows\system32\drivers\ctpey.sys [?]
S1 agcrycjq;agcrycjq;\??\c:\windows\system32\drivers\agcrycjq.sys --> c:\windows\system32\drivers\agcrycjq.sys [?]
S2 bhsIsu;bhsIsu;c:\windows\system32\drivers\xngemuqg.sys --> c:\windows\system32\drivers\xngemuqg.sys [?]
S2 cziqsau;cziqsau;c:\windows\system32\drivers\xjzwgfmd.sys --> c:\windows\system32\drivers\xjzwgfmd.sys [?]
S2 dvpiu;dvpiu;c:\windows\system32\drivers\wwrznmi.sys --> c:\windows\system32\drivers\wwrznmi.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-21 135664]
S2 heqrx;heqrx;c:\windows\system32\drivers\faygj.sys --> c:\windows\system32\drivers\faygj.sys [?]
S2 kecmqiqniasajau;kecmqiqniasajau;\??\c:\windows\system32\drivers\oebmwri.sys --> c:\windows\system32\drivers\oebmwri.sys [?]
S2 ksgjiygx;ksgjiygx;c:\windows\system32\drivers\aqtjccv.sys --> c:\windows\system32\drivers\aqtjccv.sys [?]
S2 lgwpwuow;lgwpwuow;c:\windows\system32\drivers\lriyns.sys --> c:\windows\system32\drivers\lriyns.sys [?]
S2 ljbc;ljbc;c:\windows\system32\drivers\gdxejg.sys --> c:\windows\system32\drivers\gdxejg.sys [?]
S2 mvddvoi;mvddvoi;c:\windows\system32\drivers\yszwdr.sys --> c:\windows\system32\drivers\yszwdr.sys [?]
S2 nejed;nejed;c:\windows\system32\drivers\rpflizl.sys --> c:\windows\system32\drivers\rpflizl.sys [?]
S2 oenqqtjr;oenqqtjr;c:\windows\system32\drivers\hzmdu.sys --> c:\windows\system32\drivers\hzmdu.sys [?]
S2 ofddxk;ofddxk;c:\windows\system32\drivers\egtetsh.sys --> c:\windows\system32\drivers\egtetsh.sys [?]
S2 ohctuo;ohctuo;c:\windows\system32\drivers\iium.sys --> c:\windows\system32\drivers\iium.sys [?]
S2 owoz;owoz;c:\windows\system32\drivers\kewjof.sys --> c:\windows\system32\drivers\kewjof.sys [?]
S2 plvoamq;plvoamq;c:\windows\system32\drivers\vjyiw.sys --> c:\windows\system32\drivers\vjyiw.sys [?]
S2 qrIip;qrIip;c:\windows\system32\drivers\qalodmre.sys --> c:\windows\system32\drivers\qalodmre.sys [?]
S2 rgocf;rgocf;c:\windows\system32\drivers\ftigh.sys --> c:\windows\system32\drivers\ftigh.sys [?]
S2 rxpells;rxpells;c:\windows\system32\drivers\ztgwts.sys --> c:\windows\system32\drivers\ztgwts.sys [?]
S2 smbavc;smbavc;c:\windows\system32\drivers\ziykcuxh.sys --> c:\windows\system32\drivers\ziykcuxh.sys [?]
S2 uwgtbc;uwgtbc;c:\windows\system32\drivers\ccrr.sys --> c:\windows\system32\drivers\ccrr.sys [?]
S2 uxzpbl;uxzpbl;c:\windows\system32\drivers\fkpl.sys --> c:\windows\system32\drivers\fkpl.sys [?]
S2 wqkvql;wqkvql;c:\windows\system32\drivers\vwwi.sys --> c:\windows\system32\drivers\vwwi.sys [?]
S2 xcheqp;xcheqp;c:\windows\system32\drivers\vybpmfou.sys --> c:\windows\system32\drivers\vybpmfou.sys [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\rickyj~1\locals~1\temp\oflpydin.sys --> c:\docume~1\rickyj~1\locals~1\temp\oflpydin.sys [?]
.
=============== Created Last 30 ================
.
2011-05-01 13:03:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-01 00:14:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-01 00:14:26 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 23:23:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\fA31002HeOiD31002
2011-04-18 20:23:12 -------- d-----w- c:\docume~1\rickyj~1\applic~1\DDMSettings
2011-04-18 20:19:59 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-04-18 20:19:59 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-04-18 20:19:57 133616 ------w- c:\windows\system32\pxafs.dll
2011-04-18 20:19:07 -------- d-----w- c:\program files\common files\DivX Shared
2011-04-18 20:11:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
.
==================== Find3M ====================
.
2011-05-01 00:40:59 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-20 15:44:42 11264 ----a-w- c:\windows\DCEBoot.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51:57 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 12:37:38 369664 ------w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-00EVA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82EA14F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82ea77d0]; MOV EAX, [0x82ea784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x82ED9AB8]
3 CLASSPNP[0xF8597FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000084[0x82EE79E8]
5 ACPI[0xF83E3620] -> nt!IofCallDriver[0x804E13B9] -> [0x82EE9940]
\Driver\atapi[0x82EDAA08] -> IRP_MJ_CREATE -> 0x82EA14F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82EA133B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:14:23.25 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 01/12/2007 11:11:59
System Uptime: 01/05/2011 20:05:26 (0 hours ago)
.
Motherboard: eveshamvale | |
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2799/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 34.16 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP494: 10/02/2011 12:51:11 - Software Distribution Service 3.0
RP495: 02/03/2011 15:09:32 - Restore Operation
RP496: 07/03/2011 13:09:36 - System Checkpoint
RP497: 08/03/2011 14:09:38 - System Checkpoint
RP498: 08/03/2011 15:08:30 - Software Distribution Service 3.0
RP499: 09/03/2011 21:01:58 - System Checkpoint
RP500: 10/03/2011 03:00:56 - Software Distribution Service 3.0
RP501: 13/03/2011 01:58:23 - Restore Operation
RP502: 14/03/2011 03:00:33 - Software Distribution Service 3.0
RP503: 15/03/2011 16:17:23 - System Checkpoint
RP504: 18/03/2011 14:02:55 - Restore Operation
RP505: 18/03/2011 19:24:19 - Restore Operation
RP506: 20/03/2011 12:17:03 - Restore Operation
RP507: 20/03/2011 12:22:06 - Restore Operation
RP508: 20/03/2011 12:28:09 - Restore Operation
RP509: 20/03/2011 12:33:57 - Restore Operation
RP510: 20/03/2011 12:38:08 - Restore Operation
RP511: 20/03/2011 12:38:40 - Restore Operation
RP512: 22/03/2011 15:47:46 - System Checkpoint
RP513: 23/03/2011 22:17:55 - System Checkpoint
RP514: 25/03/2011 13:11:49 - Software Distribution Service 3.0
RP515: 27/03/2011 14:56:30 - System Checkpoint
RP516: 28/03/2011 16:44:44 - System Checkpoint
RP517: 29/03/2011 20:50:11 - System Checkpoint
RP518: 31/03/2011 15:44:31 - System Checkpoint
RP519: 01/04/2011 16:25:41 - System Checkpoint
RP520: 03/04/2011 16:43:30 - System Checkpoint
RP521: 05/04/2011 14:15:00 - System Checkpoint
RP522: 07/04/2011 15:04:02 - System Checkpoint
RP523: 08/04/2011 19:04:56 - System Checkpoint
RP524: 10/04/2011 12:18:27 - System Checkpoint
RP525: 11/04/2011 16:04:07 - System Checkpoint
RP526: 12/04/2011 16:07:09 - System Checkpoint
RP527: 13/04/2011 18:17:26 - System Checkpoint
RP528: 15/04/2011 22:41:58 - System Checkpoint
RP529: 16/04/2011 03:01:04 - Software Distribution Service 3.0
RP530: 16/04/2011 12:27:30 - Software Distribution Service 3.0
RP531: 18/04/2011 01:32:48 - System Checkpoint
RP532: 19/04/2011 18:13:21 - System Checkpoint
RP533: 20/04/2011 19:35:26 - System Checkpoint
RP534: 21/04/2011 14:10:13 - Software Distribution Service 3.0
RP535: 22/04/2011 23:50:18 - System Checkpoint
RP536: 24/04/2011 15:40:16 - System Checkpoint
RP537: 26/04/2011 12:56:27 - System Checkpoint
RP538: 27/04/2011 20:06:55 - System Checkpoint
RP539: 28/04/2011 02:56:53 - Software Distribution Service 3.0
RP540: 29/04/2011 13:05:54 - System Checkpoint
RP541: 30/04/2011 16:07:17 - System Checkpoint
RP542: 01/05/2011 01:08:29 - Restore Operation
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe Reader Korean Fonts
Adobe Shockwave Player 11.5
Ahead Nero Burning ROM
Ahead NeroVision Express
AlienGUIse Theme Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
µTorrent
BigFix
Bonjour
CA eTrust Antivirus
Canon MP Drivers
Canon MP Toolbox 4.1.1.0.mp10
CNXT V92 Data Fax Voice
Compatibility Pack for the 2007 Office system
Counter-Strike: Condition Zero
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
DivX Setup
eMule
ESET Online Scanner v3
FlashGet 1.9.6.1073
Four Winds Mah Jong 2.01
Full Tilt Poker
Google Toolbar for Internet Explorer
Google Update Helper
Gunbound
HLSW v1.1.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterVideo WinDVD 4
iTunes
Java(TM) 6 Update 16
K-Lite Mega Codec Pack 1.64
Malwarebytes' Anti-Malware
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires Gold
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Works 7.0
Mozilla Firefox (3.6.16)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Music Visualizer Library 1.4.00
MXpie Patch for WinMX/WPNP
NETGEAR WN111 wireless USB 2.0 adapter
NJStar Communicator
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
Overture 4.0 ?????
PokerOffice (remove only)
PokerStars
PokerStove version 1.23
Pro Evolution Soccer 4
Qianhong 3.5.1
QuickTime
RealPlayer
Realtek AC'97 Audio
RzE's CS Helper
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shockwave
Skype 2.0
Steam
Studio 9
System Requirements Lab
TableScan Turbo RC3
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Veoh Web Player Beta
VeohTV BETA
VideoLAN VLC media player 0.8.1
VP6 Decoder
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WinMX
WinRAR archiver
WinZip
World of Warcraft
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The uxzpbl service failed to start due to the following error: The system cannot find the file specified.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The smbavc service failed to start due to the following error: The system cannot find the file specified.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The plvoamq service failed to start due to the following error: The system cannot find the file specified.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The ofddxk service failed to start due to the following error: The system cannot find the file specified.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The oenqqtjr service failed to start due to the following error: The system cannot find the file specified.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The mvddvoi service failed to start due to the following error: The system cannot find the file specified.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The ljbc service failed to start due to the following error: The system cannot find the file specified.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The ksgjiygx service failed to start due to the following error: The system cannot find the file specified.
25/04/2011 12:34:51, error: Service Control Manager [7000] - The bhsIsu service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The xcheqp service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The wqkvql service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The uwgtbc service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The rxpells service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The rgocf service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The qrIip service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The owoz service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The ohctuo service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The nejed service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The lgwpwuow service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The heqrx service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The dvpiu service failed to start due to the following error: The system cannot find the file specified.
24/04/2011 11:47:52, error: Service Control Manager [7000] - The cziqsau service failed to start due to the following error: The system cannot find the file specified.
01/05/2011 20:06:03, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 0011092938AB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
01/05/2011 17:54:27, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
01/05/2011 17:51:57, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
01/05/2011 01:42:43, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/05/2011 01:21:30, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
01/05/2011 01:05:01, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip Tcpip6 vsdatant
01/05/2011 01:05:01, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 01:05:01, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 01:05:01, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 01:05:01, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 01:05:01, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 01:05:01, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 01:05:01, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 01:05:01, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 01:05:01, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2011 00:44:58, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
01/05/2011 00:44:09, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/05/2011 00:42:49, error: sptd [4] - Driver detected an internal error in its data structures for .
01/05/2011 00:40:04, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
01/05/2011 00:40:04, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/05/2011 00:40:03, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
01/05/2011 00:33:40, error: Service Control Manager [7034] - The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s).
01/05/2011 00:33:40, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
01/05/2011 00:33:40, error: Service Control Manager [7034] - The eTrust Antivirus RPC Server service terminated unexpectedly. It has done this 1 time(s).
01/05/2011 00:33:40, error: Service Control Manager [7034] - The eTrust Antivirus Realtime Server service terminated unexpectedly. It has done this 1 time(s).
01/05/2011 00:33:40, error: Service Control Manager [7034] - The eTrust Antivirus Job Server service terminated unexpectedly. It has done this 1 time(s).
01/05/2011 00:33:40, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
01/05/2011 00:33:40, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

I tried running TDSSKiller but it does not work. I tried re-naming it with a .com extension but that doesn't work also. It reaches 80% Initialization, stops, and then I get a message saying it won't open.

 

This message prompted a reboot, it said to note it down so here it is:

"Service: sptd
File: C:\windows\system32\driver\sptd.sys "

Here's the log:

ComboFix 11-04-30.06 - Ricky Jim 02/05/2011 0:48.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.510.201 [GMT 1:00]
Running from: c:\documents and settings\Ricky Jim\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-01 19:43 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-01 19:43 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-01 19:43 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-01 19:43 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-01 19:43 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-01 19:42 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-01 19:42 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-01 19:42 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-01 19:42 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-01 19:42 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\program files\AVAST Software
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-01 13:03 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-01 00:14 . 2011-05-01 00:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 23:23 . 2011-05-01 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\fA31002HeOiD31002
2011-04-18 20:23 . 2011-04-18 20:23 -------- d-----w- c:\documents and settings\Ricky Jim\Application Data\DDMSettings
2011-04-18 20:20 . 2011-04-22 01:17 -------- d-----w- c:\documents and settings\Ricky Jim\Application Data\DivX
2011-04-18 20:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-04-18 20:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-04-18 20:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-04-18 20:19 . 2011-04-18 20:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-18 20:11 . 2011-04-18 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 00:40 . 2011-03-20 15:42 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-20 15:44 . 2011-03-20 15:44 11264 ----a-w- c:\windows\DCEBoot.exe
2011-03-07 05:33 . 2006-02-27 13:31 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2002-08-29 11:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51 . 2008-05-24 21:52 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-17 13:51 . 2006-06-23 11:33 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51 . 2002-08-29 11:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 13:18 . 2002-08-29 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-08-29 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:37 . 2008-05-24 21:52 369664 ------w- c:\windows\system32\html.iec
2011-02-17 12:32 . 2009-04-15 11:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-08-29 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2002-08-29 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2002-08-29 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2002-08-29 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-03-14 16:53 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-28 335872]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002 "= "c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=c:\windows\pss\autorun.exeCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Go!Zilla.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Go!Zilla.lnk
backup=c:\windows\pss\Go!Zilla.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN111 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^igfxtray.exe]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\igfxtray.exe
backup=c:\windows\pss\igfxtray.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 380416 ------w- c:\windows\system32\irprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDUpgrade]
2008-04-14 00:12 17920 ----a-w- c:\windows\system32\dvdupgrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-08-29 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2005-10-07 19:32 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
2007-02-22 15:17 475136 ----a-w- c:\program files\PokerOffice\POEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
2003-02-13 17:25 493024 ----a-w- c:\progra~1\CA\ETRUST~1\Realmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rundll32.exe]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2006-05-19 17:11 18577448 ----a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-12-19 17:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-30 22:43 1217808 ----a-w- c:\valve\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-11 12:38 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-16 21:54 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 09:18 3660848 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-03-07 01:08 3558136 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
2010-06-23 12:51 1043968 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KService "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\FlashGet\\flashget.exe "=
"c:\\Program Files\\PokerOffice\\bin\\javaw.exe "=
"c:\\Valve\\Steam\\SteamApps\\invasion823\\counter-strike\\hl.exe "=
"c:\\Program Files\\Qianhong\\Qianhong.exe "=
"c:\\Program Files\\PokerOffice5\\bin\\javaw.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2009 21:13 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/05/2011 20:43 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/05/2011 20:43 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/05/2011 20:43 19544]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [29/08/2002 12:00 14336]
S0 ydgoxr;ydgoxr;c:\windows\system32\drivers\ctpey.sys --> c:\windows\system32\drivers\ctpey.sys [?]
S1 agcrycjq;agcrycjq;\??\c:\windows\system32\drivers\agcrycjq.sys --> c:\windows\system32\drivers\agcrycjq.sys [?]
S2 bhsIsu;bhsIsu;c:\windows\system32\drivers\xngemuqg.sys --> c:\windows\system32\drivers\xngemuqg.sys [?]
S2 cziqsau;cziqsau;c:\windows\system32\drivers\xjzwgfmd.sys --> c:\windows\system32\drivers\xjzwgfmd.sys [?]
S2 dvpiu;dvpiu;c:\windows\system32\drivers\wwrznmi.sys --> c:\windows\system32\drivers\wwrznmi.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/04/2010 10:50 135664]
S2 heqrx;heqrx;c:\windows\system32\drivers\faygj.sys --> c:\windows\system32\drivers\faygj.sys [?]
S2 kecmqiqniasajau;kecmqiqniasajau;\??\c:\windows\system32\drivers\oebmwri.sys --> c:\windows\system32\drivers\oebmwri.sys [?]
S2 ksgjiygx;ksgjiygx;c:\windows\system32\drivers\aqtjccv.sys --> c:\windows\system32\drivers\aqtjccv.sys [?]
S2 lgwpwuow;lgwpwuow;c:\windows\system32\drivers\lriyns.sys --> c:\windows\system32\drivers\lriyns.sys [?]
S2 ljbc;ljbc;c:\windows\system32\drivers\gdxejg.sys --> c:\windows\system32\drivers\gdxejg.sys [?]
S2 mvddvoi;mvddvoi;c:\windows\system32\drivers\yszwdr.sys --> c:\windows\system32\drivers\yszwdr.sys [?]
S2 nejed;nejed;c:\windows\system32\drivers\rpflizl.sys --> c:\windows\system32\drivers\rpflizl.sys [?]
S2 oenqqtjr;oenqqtjr;c:\windows\system32\drivers\hzmdu.sys --> c:\windows\system32\drivers\hzmdu.sys [?]
S2 ofddxk;ofddxk;c:\windows\system32\drivers\egtetsh.sys --> c:\windows\system32\drivers\egtetsh.sys [?]
S2 ohctuo;ohctuo;c:\windows\system32\drivers\iium.sys --> c:\windows\system32\drivers\iium.sys [?]
S2 owoz;owoz;c:\windows\system32\drivers\kewjof.sys --> c:\windows\system32\drivers\kewjof.sys [?]
S2 plvoamq;plvoamq;c:\windows\system32\drivers\vjyiw.sys --> c:\windows\system32\drivers\vjyiw.sys [?]
S2 qrIip;qrIip;c:\windows\system32\drivers\qalodmre.sys --> c:\windows\system32\drivers\qalodmre.sys [?]
S2 rgocf;rgocf;c:\windows\system32\drivers\ftigh.sys --> c:\windows\system32\drivers\ftigh.sys [?]
S2 rxpells;rxpells;c:\windows\system32\drivers\ztgwts.sys --> c:\windows\system32\drivers\ztgwts.sys [?]
S2 smbavc;smbavc;c:\windows\system32\drivers\ziykcuxh.sys --> c:\windows\system32\drivers\ziykcuxh.sys [?]
S2 uwgtbc;uwgtbc;c:\windows\system32\drivers\ccrr.sys --> c:\windows\system32\drivers\ccrr.sys [?]
S2 uxzpbl;uxzpbl;c:\windows\system32\drivers\fkpl.sys --> c:\windows\system32\drivers\fkpl.sys [?]
S2 wqkvql;wqkvql;c:\windows\system32\drivers\vwwi.sys --> c:\windows\system32\drivers\vwwi.sys [?]
S2 xcheqp;xcheqp;c:\windows\system32\drivers\vybpmfou.sys --> c:\windows\system32\drivers\vybpmfou.sys [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\RICKYJ~1\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\RICKYJ~1\LOCALS~1\Temp\oflpydin.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 09:50]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 09:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ricky Jim\Application Data\Mozilla\Firefox\Profiles\ocg0jziu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {C6CB8156-7B49-4F04-BD02-DAEF119084AE} - c:\documents and settings\Ricky Jim\Local Settings\Application Data\{C6CB8156-7B49-4F04-BD02-DAEF119084AE}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 01:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-00EVA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82EA133B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C97A7F5-2BB6-2929-880C-8425296A1769}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbgcahefcobkgdckmanlkaklgcpnecblhoefgdgj "=hex:6b,61,61,62,6a,6e,69,61,63,6e,
6b,6a,6a,62,63,6c,6c,6e,64,6f,6f,62,00,7c
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\DefaultIcon]
@=expand: "%APPDATA%\\Microsoft\\Installer\\{64C3D5BE-47B3-4085-B6D5-585D2677145A}\\_294823.exe,0 "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell]
@= "open "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell\open]
@= "??(&O) "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell\open\command]
@= "\ "c:\\Program Files\\Overture 4.0\\Overture.exe\" \ "%1\" "
"command "=multi: "6{kHH=g^g8k`.!F03tyD>?%)duR)D9Xu~OSIW`PT- \ "%1\ "\00\00 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
.
- - - - - - - > 'explorer.exe'(2116)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\eTrust Antivirus\InoRpc.exe
c:\program files\CA\eTrust Antivirus\InoRT.exe
c:\program files\CA\eTrust Antivirus\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2011-05-02 01:24:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 00:24
.
Pre-Run: 36,044,365,824 bytes free
Post-Run: 36,129,452,032 bytes free
.
- - End Of File - - D115A923FE3A4FE93E317B3E4D02BB9C

 

Oh so sorry. Don't know how that happened. Here it is:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

2011/05/02 02:59:55.0625 2820 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/02 02:59:57.0625 2820 ================================================================================
2011/05/02 02:59:57.0625 2820 SystemInfo:
2011/05/02 02:59:57.0625 2820
2011/05/02 02:59:57.0625 2820 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/02 02:59:57.0625 2820 Product type: Workstation
2011/05/02 02:59:57.0625 2820 ComputerName: RICKY
2011/05/02 02:59:57.0625 2820 UserName: Ricky Jim
2011/05/02 02:59:57.0625 2820 Windows directory: C:\WINDOWS
2011/05/02 02:59:57.0625 2820 System windows directory: C:\WINDOWS
2011/05/02 02:59:57.0625 2820 Processor architecture: Intel x86
2011/05/02 02:59:57.0625 2820 Number of processors: 2
2011/05/02 02:59:57.0625 2820 Page size: 0x1000
2011/05/02 02:59:57.0625 2820 Boot type: Normal boot
2011/05/02 02:59:57.0625 2820 ================================================================================
2011/05/02 02:59:59.0109 2820 Initialize success
2011/05/02 03:00:33.0390 3136 ================================================================================
2011/05/02 03:00:33.0390 3136 Scan started
2011/05/02 03:00:33.0390 3136 Mode: Manual;
2011/05/02 03:00:33.0390 3136 ================================================================================
2011/05/02 03:00:33.0781 3136 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/02 03:00:33.0968 3136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/02 03:00:34.0062 3136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/02 03:00:34.0187 3136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/02 03:00:34.0281 3136 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/02 03:00:34.0609 3136 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/05/02 03:00:34.0718 3136 ALCXWDM (391344370018a87a6c478ab76c7a47a8) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/02 03:00:34.0906 3136 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/02 03:00:34.0984 3136 ASAPIW2K (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\Asapiw2k.sys
2011/05/02 03:00:35.0281 3136 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/02 03:00:35.0359 3136 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/02 03:00:35.0437 3136 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/02 03:00:35.0531 3136 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/02 03:00:35.0656 3136 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/02 03:00:35.0750 3136 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/02 03:00:35.0828 3136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/02 03:00:35.0890 3136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/02 03:00:36.0062 3136 ati2mtag (8303b347a02ed4bbf94e5682a6d22619) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/02 03:00:36.0187 3136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/02 03:00:36.0265 3136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/02 03:00:36.0359 3136 basic2 (7ff067e8cdf01f2435686fc0e4b4290d) C:\WINDOWS\system32\DRIVERS\basic2.sys
2011/05/02 03:00:36.0437 3136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/02 03:00:36.0578 3136 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/05/02 03:00:36.0609 3136 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/05/02 03:00:36.0812 3136 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
2011/05/02 03:00:36.0937 3136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/02 03:00:37.0031 3136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/02 03:00:37.0078 3136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/02 03:00:37.0171 3136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/02 03:00:37.0578 3136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/02 03:00:37.0671 3136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/02 03:00:37.0765 3136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/02 03:00:37.0859 3136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/02 03:00:37.0953 3136 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/02 03:00:38.0078 3136 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/02 03:00:38.0281 3136 Fallback (5ad63ed331635a3e3b0f1aeef728708d) C:\WINDOWS\system32\DRIVERS\fallback.sys
2011/05/02 03:00:38.0359 3136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/02 03:00:38.0421 3136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/02 03:00:38.0484 3136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/02 03:00:38.0546 3136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/02 03:00:38.0609 3136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/02 03:00:38.0687 3136 Fsks (9d5a24ae60b360d6e38f0afad61bc7ce) C:\WINDOWS\system32\DRIVERS\fsksnt.sys
2011/05/02 03:00:38.0765 3136 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/05/02 03:00:38.0843 3136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/02 03:00:38.0937 3136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/02 03:00:39.0015 3136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/02 03:00:39.0093 3136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/02 03:00:39.0250 3136 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/02 03:00:39.0421 3136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/02 03:00:39.0562 3136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/02 03:00:39.0640 3136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/02 03:00:39.0812 3136 INO_FLPY (a7a507c4c8598b5bcb86548a4a8c1c96) C:\WINDOWS\system32\Drivers\ino_flpy.sys
2011/05/02 03:00:39.0890 3136 INO_FLTR (f73969544cea136a817cf5d18036d2cf) C:\WINDOWS\System32\Drivers\ino_fltr.sys
2011/05/02 03:00:39.0984 3136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/02 03:00:40.0046 3136 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/02 03:00:40.0125 3136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/02 03:00:40.0203 3136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/02 03:00:40.0265 3136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/02 03:00:40.0375 3136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/02 03:00:40.0437 3136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/02 03:00:40.0531 3136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/02 03:00:40.0640 3136 K56 (96efeedaa0509fb7e0e29b8714c4df47) C:\WINDOWS\system32\DRIVERS\k56nt.sys
2011/05/02 03:00:40.0734 3136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/02 03:00:40.0828 3136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/02 03:00:40.0906 3136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/02 03:00:41.0250 3136 mdmxsdk (98d8a239489211b2f230267485c5c127) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/02 03:00:41.0328 3136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/02 03:00:41.0390 3136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/02 03:00:41.0437 3136 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/02 03:00:41.0500 3136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/02 03:00:41.0609 3136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/02 03:00:41.0656 3136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/02 03:00:41.0812 3136 MRVW245 (dab46e8fc4f07e850a2b12189a2ec3bc) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
2011/05/02 03:00:41.0921 3136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/02 03:00:42.0031 3136 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/02 03:00:42.0203 3136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/02 03:00:42.0281 3136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/02 03:00:42.0359 3136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/02 03:00:42.0453 3136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/02 03:00:42.0515 3136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/02 03:00:42.0593 3136 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/02 03:00:42.0734 3136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/02 03:00:42.0781 3136 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/02 03:00:42.0828 3136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/02 03:00:42.0890 3136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/02 03:00:42.0968 3136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/02 03:00:43.0078 3136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/02 03:00:43.0171 3136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/02 03:00:43.0328 3136 NETMDUSB (986acdece933131288f1957dc359865f) C:\WINDOWS\system32\Drivers\NETMDUSB.sys
2011/05/02 03:00:43.0406 3136 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/02 03:00:43.0453 3136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/02 03:00:43.0546 3136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/02 03:00:43.0656 3136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/02 03:00:43.0765 3136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/02 03:00:43.0843 3136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/02 03:00:44.0125 3136 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/02 03:00:44.0328 3136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/02 03:00:44.0375 3136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/02 03:00:44.0468 3136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/02 03:00:44.0531 3136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/02 03:00:44.0656 3136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/02 03:00:44.0718 3136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/02 03:00:45.0171 3136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/02 03:00:45.0218 3136 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/02 03:00:45.0281 3136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/02 03:00:45.0375 3136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/02 03:00:45.0468 3136 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/02 03:00:45.0843 3136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/02 03:00:45.0906 3136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/02 03:00:45.0968 3136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/02 03:00:46.0015 3136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/02 03:00:46.0093 3136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/02 03:00:46.0218 3136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/02 03:00:46.0343 3136 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/02 03:00:46.0453 3136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/02 03:00:46.0625 3136 Rksample (9db32d3ff4a6414d408a99a4be1c6b62) C:\WINDOWS\system32\DRIVERS\rksample.sys
2011/05/02 03:00:46.0734 3136 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/02 03:00:46.0875 3136 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
2011/05/02 03:00:47.0093 3136 SE26bus (d12cd1cce29256af57b3a0a0a4eb4985) C:\WINDOWS\system32\DRIVERS\SE26bus.sys
2011/05/02 03:00:47.0203 3136 SE26mdfl (271e52ebe93af39d3410f5481f36202a) C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys
2011/05/02 03:00:47.0281 3136 SE26mdm (c6b688bc8af4d2d384dbcb3fa4681fca) C:\WINDOWS\system32\DRIVERS\SE26mdm.sys
2011/05/02 03:00:47.0390 3136 SE26mgmt (046b56284d7c2cbf25d6edeefc74cab8) C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys
2011/05/02 03:00:47.0468 3136 se26nd5 (4380ec5a1451e740c589c313cffd830e) C:\WINDOWS\system32\DRIVERS\se26nd5.sys
2011/05/02 03:00:47.0562 3136 SE26obex (e6a884ea26c38087a419c4221a354168) C:\WINDOWS\system32\DRIVERS\SE26obex.sys
2011/05/02 03:00:47.0687 3136 se26unic (4d3e5a8968ba82728bd4d352d12589f5) C:\WINDOWS\system32\DRIVERS\se26unic.sys
2011/05/02 03:00:47.0781 3136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/02 03:00:47.0875 3136 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/02 03:00:47.0984 3136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/02 03:00:48.0062 3136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/02 03:00:48.0312 3136 SoftFax (be4cd9ad0ac8933c831b2ca8d2f70323) C:\WINDOWS\system32\DRIVERS\faxnt.sys
2011/05/02 03:00:48.0406 3136 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/02 03:00:48.0546 3136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/02 03:00:48.0703 3136 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/02 03:00:48.0703 3136 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/02 03:00:48.0718 3136 sptd - detected Locked file (1)
2011/05/02 03:00:48.0812 3136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/02 03:00:48.0968 3136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/02 03:00:49.0171 3136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/02 03:00:49.0281 3136 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/02 03:00:49.0625 3136 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/02 03:00:49.0765 3136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/02 03:00:49.0875 3136 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/05/02 03:00:49.0953 3136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/02 03:00:50.0031 3136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/02 03:00:50.0093 3136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/02 03:00:50.0250 3136 Tones (0dc791a7d9c621c822fe727c7c757894) C:\WINDOWS\system32\DRIVERS\tonesnt.sys
2011/05/02 03:00:50.0375 3136 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/05/02 03:00:50.0468 3136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/02 03:00:50.0593 3136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/02 03:00:50.0718 3136 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/02 03:00:50.0828 3136 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/02 03:00:50.0890 3136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/02 03:00:50.0984 3136 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\WINDOWS\system32\DRIVERS\usbcm.sys
2011/05/02 03:00:51.0046 3136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/02 03:00:51.0093 3136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/02 03:00:51.0187 3136 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/02 03:00:51.0328 3136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/02 03:00:51.0421 3136 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/02 03:00:51.0484 3136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/02 03:00:51.0718 3136 V124 (5098916a3ef92e5fdb6677e225d14860) C:\WINDOWS\system32\DRIVERS\v124nt.sys
2011/05/02 03:00:52.0000 3136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/02 03:00:52.0140 3136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/02 03:00:52.0265 3136 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/05/02 03:00:52.0515 3136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/02 03:00:52.0656 3136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/02 03:00:52.0781 3136 winachsf (b6aad96fcc3daf09fb7901b0b6c5d912) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/02 03:00:53.0015 3136 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/02 03:00:53.0203 3136 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/02 03:00:53.0265 3136 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/02 03:00:53.0671 3136 ================================================================================
2011/05/02 03:00:53.0671 3136 Scan finished
2011/05/02 03:00:53.0671 3136 ================================================================================
2011/05/02 03:00:53.0687 3132 Detected object count: 1
2011/05/02 03:01:14.0203 3132 Locked file(sptd) - User select action: Skip

 

Thank you, here's the requested log:

ComboFix 11-05-01.03 - Ricky Jim 02/05/2011 13:40:02.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.510.304 [GMT 1:00]
Running from: c:\documents and settings\Ricky Jim\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-01 19:43 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-01 19:43 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-01 19:43 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-01 19:43 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-01 19:43 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-01 19:42 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-01 19:42 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-01 19:42 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-01 19:42 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-01 19:42 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\program files\AVAST Software
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-01 13:03 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-01 00:14 . 2011-05-01 00:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 23:23 . 2011-05-01 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\fA31002HeOiD31002
2011-04-18 20:23 . 2011-04-18 20:23 -------- d-----w- c:\documents and settings\Ricky Jim\Application Data\DDMSettings
2011-04-18 20:20 . 2011-04-22 01:17 -------- d-----w- c:\documents and settings\Ricky Jim\Application Data\DivX
2011-04-18 20:19 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-04-18 20:19 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-04-18 20:19 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-04-18 20:19 . 2011-04-18 20:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-18 20:11 . 2011-04-18 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 00:40 . 2011-03-20 15:42 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-20 15:44 . 2011-03-20 15:44 11264 ----a-w- c:\windows\DCEBoot.exe
2011-03-07 05:33 . 2006-02-27 13:31 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2002-08-29 11:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51 . 2008-05-24 21:52 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-17 13:51 . 2006-06-23 11:33 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51 . 2002-08-29 11:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 13:18 . 2002-08-29 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-08-29 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:37 . 2008-05-24 21:52 369664 ------w- c:\windows\system32\html.iec
2011-02-17 12:32 . 2009-04-15 11:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-08-29 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2002-08-29 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2002-08-29 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2002-08-29 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-03-14 16:53 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-28 335872]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002 "= "c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A "= "c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=c:\windows\pss\autorun.exeCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Go!Zilla.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Go!Zilla.lnk
backup=c:\windows\pss\Go!Zilla.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN111 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^igfxtray.exe]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\igfxtray.exe
backup=c:\windows\pss\igfxtray.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ricky Jim^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Ricky Jim\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 380416 ------w- c:\windows\system32\irprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDUpgrade]
2008-04-14 00:12 17920 ----a-w- c:\windows\system32\dvdupgrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-08-29 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 00:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2005-10-07 19:32 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]
2007-02-22 15:17 475136 ----a-w- c:\program files\PokerOffice\POEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
2003-02-13 17:25 493024 ----a-w- c:\progra~1\CA\ETRUST~1\Realmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rundll32.exe]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2006-05-19 17:11 18577448 ----a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-12-19 17:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-30 22:43 1217808 ----a-w- c:\valve\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-11 12:38 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-16 21:54 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 09:18 3660848 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-03-07 01:08 3558136 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2004-12-20 18:41 33792 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
2010-06-23 12:51 1043968 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KService "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\FlashGet\\flashget.exe "=
"c:\\Program Files\\PokerOffice\\bin\\javaw.exe "=
"c:\\Valve\\Steam\\SteamApps\\invasion823\\counter-strike\\hl.exe "=
"c:\\Program Files\\Qianhong\\Qianhong.exe "=
"c:\\Program Files\\PokerOffice5\\bin\\javaw.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2009 21:13 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/05/2011 20:43 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/05/2011 20:43 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/05/2011 20:43 19544]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [29/08/2002 12:00 14336]
S0 ydgoxr;ydgoxr;c:\windows\system32\drivers\ctpey.sys --> c:\windows\system32\drivers\ctpey.sys [?]
S1 agcrycjq;agcrycjq;\??\c:\windows\system32\drivers\agcrycjq.sys --> c:\windows\system32\drivers\agcrycjq.sys [?]
S2 bhsIsu;bhsIsu;c:\windows\system32\drivers\xngemuqg.sys --> c:\windows\system32\drivers\xngemuqg.sys [?]
S2 cziqsau;cziqsau;c:\windows\system32\drivers\xjzwgfmd.sys --> c:\windows\system32\drivers\xjzwgfmd.sys [?]
S2 dvpiu;dvpiu;c:\windows\system32\drivers\wwrznmi.sys --> c:\windows\system32\drivers\wwrznmi.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/04/2010 10:50 135664]
S2 heqrx;heqrx;c:\windows\system32\drivers\faygj.sys --> c:\windows\system32\drivers\faygj.sys [?]
S2 kecmqiqniasajau;kecmqiqniasajau;\??\c:\windows\system32\drivers\oebmwri.sys --> c:\windows\system32\drivers\oebmwri.sys [?]
S2 ksgjiygx;ksgjiygx;c:\windows\system32\drivers\aqtjccv.sys --> c:\windows\system32\drivers\aqtjccv.sys [?]
S2 lgwpwuow;lgwpwuow;c:\windows\system32\drivers\lriyns.sys --> c:\windows\system32\drivers\lriyns.sys [?]
S2 ljbc;ljbc;c:\windows\system32\drivers\gdxejg.sys --> c:\windows\system32\drivers\gdxejg.sys [?]
S2 mvddvoi;mvddvoi;c:\windows\system32\drivers\yszwdr.sys --> c:\windows\system32\drivers\yszwdr.sys [?]
S2 nejed;nejed;c:\windows\system32\drivers\rpflizl.sys --> c:\windows\system32\drivers\rpflizl.sys [?]
S2 oenqqtjr;oenqqtjr;c:\windows\system32\drivers\hzmdu.sys --> c:\windows\system32\drivers\hzmdu.sys [?]
S2 ofddxk;ofddxk;c:\windows\system32\drivers\egtetsh.sys --> c:\windows\system32\drivers\egtetsh.sys [?]
S2 ohctuo;ohctuo;c:\windows\system32\drivers\iium.sys --> c:\windows\system32\drivers\iium.sys [?]
S2 owoz;owoz;c:\windows\system32\drivers\kewjof.sys --> c:\windows\system32\drivers\kewjof.sys [?]
S2 plvoamq;plvoamq;c:\windows\system32\drivers\vjyiw.sys --> c:\windows\system32\drivers\vjyiw.sys [?]
S2 qrIip;qrIip;c:\windows\system32\drivers\qalodmre.sys --> c:\windows\system32\drivers\qalodmre.sys [?]
S2 rgocf;rgocf;c:\windows\system32\drivers\ftigh.sys --> c:\windows\system32\drivers\ftigh.sys [?]
S2 rxpells;rxpells;c:\windows\system32\drivers\ztgwts.sys --> c:\windows\system32\drivers\ztgwts.sys [?]
S2 smbavc;smbavc;c:\windows\system32\drivers\ziykcuxh.sys --> c:\windows\system32\drivers\ziykcuxh.sys [?]
S2 uwgtbc;uwgtbc;c:\windows\system32\drivers\ccrr.sys --> c:\windows\system32\drivers\ccrr.sys [?]
S2 uxzpbl;uxzpbl;c:\windows\system32\drivers\fkpl.sys --> c:\windows\system32\drivers\fkpl.sys [?]
S2 wqkvql;wqkvql;c:\windows\system32\drivers\vwwi.sys --> c:\windows\system32\drivers\vwwi.sys [?]
S2 xcheqp;xcheqp;c:\windows\system32\drivers\vybpmfou.sys --> c:\windows\system32\drivers\vybpmfou.sys [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\RICKYJ~1\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\RICKYJ~1\LOCALS~1\Temp\oflpydin.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 09:50]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 09:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ricky Jim\Application Data\Mozilla\Firefox\Profiles\ocg0jziu.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {C6CB8156-7B49-4F04-BD02-DAEF119084AE} - c:\documents and settings\Ricky Jim\Local Settings\Application Data\{C6CB8156-7B49-4F04-BD02-DAEF119084AE}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 13:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
[HKEY_USERS\S-1-5-21-1763679382-1348342725-2092942276-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C97A7F5-2BB6-2929-880C-8425296A1769}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbgcahefcobkgdckmanlkaklgcpnecblhoefgdgj "=hex:6b,61,61,62,6a,6e,69,61,63,6e,
6b,6a,6a,62,63,6c,6c,6e,64,6f,6f,62,00,7c
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\DefaultIcon]
@=expand: "%APPDATA%\\Microsoft\\Installer\\{64C3D5BE-47B3-4085-B6D5-585D2677145A}\\_294823.exe,0 "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell]
@= "open "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell\open]
@= "??(&O) "
.
[HKEY_USERS\S-1-5-21-725345543-1644491937-682003330-1003_Classes\O*v*e*r*t*u*r*e* *j\‹\shell\open\command]
@= "\ "c:\\Program Files\\Overture 4.0\\Overture.exe\" \ "%1\" "
"command "=multi: "6{kHH=g^g8k`.!F03tyD>?%)duR)D9Xu~OSIW`PT- \ "%1\ "\00\00 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll
.
- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-02 14:00:33
ComboFix-quarantined-files.txt 2011-05-02 13:00
ComboFix2.txt 2011-05-02 00:24
.
Pre-Run: 36,077,838,336 bytes free
Post-Run: 36,052,369,408 bytes free
.
- - End Of File - - 28A944675D4DA070515C926FD32366E4