cannot use internet on infected computer

[JAJsangel]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/30/2011 at 05:31 AM

Application Version : 4.55.1000

Core Rules Database Version : 7065
Trace Rules Database Version: 4877

Scan type       : Complete Scan
Total Scan Time : 04:43:56

Memory items scanned      : 219
Memory threats detected   : 0
Registry items scanned    : 8864
Registry threats detected : 1
File items scanned        : 224848
File threats detected     : 0

System.BrokenFileAssociation
   HKCR\.exe


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/31/2011 10:01:35 AM
mbam-log-2011-07-31 (10-01-35).txt

Scan type: Quick scan
Objects scanned: 189906
Time elapsed: 8 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\IMSIDE1EGATE.APPLICATION.1 (Adware.Mywebsearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\(default) (Adware.Mywebsearch) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I

[JAJsangel]

Cannot save HijackThis log because it stops in the middle and closes.

Idk if you can tell from the log but the broken file association that SAS finds keeps coming up everytime even though I delete it

The virus caused the DHCP client to not be able to run because of dependies as it must have deleted afd.sys from drivers folder

[yasir]

Content deleted by Allan and PM sent

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
********************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[JAJsangel]

Results of screen317's Security Check version 0.99.18 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
```````````````````````````````
Anti-malware/Other Utilities Check:
 Spybot - Search & Destroy
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Malwarebytes' Anti-Malware mbamservice.exe 
 Malwarebytes' Anti-Malware mbamgui.exe 
``````````End of Log````````````



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26
Run by Owner at 20:29:43 on 2011-07-31
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1502.921 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uInternet Connection Wizard,ShellNext = hxxp://imhome.myspace.com/Modules/IM/Pages/UrlRedirector.aspx?challenge=21023506-38742561-4029044&response=FvILp8uvzBOwoXubT7lPMd3RhOSXcN4Xjv4GphFCqpE&target=editpics&targetid=38742561&IMLang=English&LangID=1033
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {52794457-af6c-4c50-9def-f2e24f4c8889} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {52794457-af6c-4c50-9def-f2e24f4c8889} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UnlockerAssistant] "c:\my backup -- 10-02-28 0905pm\program files\unlocker\UnlockerAssistant .exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search - http://tbedits.ourbabymaker.com/one-toolbaredits/menusearch.jhtml?s=100000471&p=YRxdm002YYus&si=&a=823FBA0F-8815-436D-80D0-930A375307E7&n=2011021322
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.105/FreeRealmsInstaller.cab?v=1050
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D7E84AF2-BF0A-4922-A077-60CFFF0F2E62} - hxxp://www.thesimsresource.com/TSRChat.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{BCF78751-457E-41E7-BD21-13197F729753} : DhcpNameServer = 10.0.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\7gnm4l4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://pimpmyhomepage.com/homepages/colorfulhearts/?text=Love%20is%20a%20powerful%20thing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-11-20 14336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-29 366640]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-3-30 173824]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-3-30 29184]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-3-30 9088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-29 22712]
S1 cjvirmuu;cjvirmuu;\??\c:\windows\system32\drivers\cjvirmuu.sys --> c:\windows\system32\drivers\cjvirmuu.sys [?]
S1 mithjvxk;mithjvxk;\??\c:\windows\system32\drivers\mithjvxk.sys --> c:\windows\system32\drivers\mithjvxk.sys [?]
S1 onkjlnqh;onkjlnqh;\??\c:\windows\system32\drivers\onkjlnqh.sys --> c:\windows\system32\drivers\onkjlnqh.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-6 16968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-29 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\196.tmp --> c:\windows\system32\196.tmp [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
scrfile="%1" %*
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-08-01 00:17:54   388096   ----a-r-   c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-31 21:25:50   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-07-31 21:25:50   --------   d-----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-31 19:08:18   138368   -c--a-w-   c:\windows\system32\dllcache\afd.sys
2011-07-31 19:08:18   138368   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-07-31 14:29:29   --------   d-----w-   c:\program files\Trend Micro
2011-07-31 14:19:46   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-31 00:24:13   116224   -c--a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-31 00:24:08   18944   -c--a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2011-07-31 00:23:45   8192   -c--a-w-   c:\windows\system32\dllcache\wshirda.dll
2011-07-31 00:23:33   8832   -c--a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2011-07-31 00:22:58   31744   -c--a-w-   c:\windows\system32\dllcache\wceusbsh.sys
2011-07-31 00:21:39   26112   -c--a-w-   c:\windows\system32\dllcache\usbser.sys
2011-07-31 00:21:37   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 00:20:22   82944   -c--a-w-   c:\windows\system32\dllcache\tp4mon.exe
2011-07-31 00:19:53   149376   -c--a-w-   c:\windows\system32\dllcache\tffsport.sys
2011-07-31 00:18:13   7552   -c--a-w-   c:\windows\system32\dllcache\sonyait.sys
2011-07-31 00:17:44   6912   -c--a-w-   c:\windows\system32\dllcache\smbclass.sys
2011-07-31 00:17:43   16000   -c--a-w-   c:\windows\system32\dllcache\smbbatt.sys
2011-07-31 00:16:21   11520   -c--a-w-   c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 00:16:03   43904   -c--a-w-   c:\windows\system32\dllcache\sbp2port.sys
2011-07-31 00:15:13   29696   -c--a-w-   c:\windows\system32\dllcache\rw450ext.dll
2011-07-31 00:15:12   27648   -c--a-w-   c:\windows\system32\dllcache\rw430ext.dll
2011-07-31 00:14:55   79104   -c--a-w-   c:\windows\system32\dllcache\rocket.sys
2011-07-31 00:14:19   6016   -c--a-w-   c:\windows\system32\dllcache\qic157.sys
2011-07-31 00:14:08   159232   -c--a-w-   c:\windows\system32\dllcache\ptpusd.dll
2011-07-31 00:14:00   363520   -c--a-w-   c:\windows\system32\dllcache\psisdecd.dll
2011-07-31 00:13:55   17664   -c--a-w-   c:\windows\system32\dllcache\ppa3.sys
2011-07-31 00:13:51   8832   -c--a-w-   c:\windows\system32\dllcache\powerfil.sys
2011-07-31 00:13:22   259328   -c--a-w-   c:\windows\system32\dllcache\perm3dd.dll
2011-07-31 00:13:21   28032   -c--a-w-   c:\windows\system32\dllcache\perm3.sys
2011-07-31 00:13:20   211584   -c--a-w-   c:\windows\system32\dllcache\perm2dll.dll
2011-07-31 00:13:19   27904   -c--a-w-   c:\windows\system32\dllcache\perm2.sys
2011-07-31 00:12:08   61696   -c--a-w-   c:\windows\system32\dllcache\ohci1394.sys
2011-07-31 00:11:44   28672   -c--a-w-   c:\windows\system32\dllcache\nscirda.sys
2011-07-31 00:10:32   49024   -c--a-w-   c:\windows\system32\dllcache\mstape.sys
2011-07-31 00:10:20   22016   -c--a-w-   c:\windows\system32\dllcache\msircomm.sys
2011-07-31 00:10:08   51200   -c--a-w-   c:\windows\system32\dllcache\msdv.sys
2011-07-31 00:10:03   15232   -c--a-w-   c:\windows\system32\dllcache\mpe.sys
2011-07-31 00:09:45   26112   -c--a-w-   c:\windows\system32\dllcache\memstpci.sys
2011-07-31 00:09:13   7040   -c--a-w-   c:\windows\system32\dllcache\ltotape.sys
2011-07-31 00:08:50   34688   -c--a-w-   c:\windows\system32\dllcache\lbrtfdc.sys
2011-07-31 00:08:39   253952   -c--a-w-   c:\windows\system32\dllcache\kdsusd.dll
2011-07-31 00:08:38   48640   -c--a-w-   c:\windows\system32\dllcache\kdsui.dll
2011-07-31 00:08:17   6144   -c--a-w-   c:\windows\system32\dllcache\kbd106.dll
2011-07-31 00:08:02   28160   -c--a-w-   c:\windows\system32\dllcache\irmon.dll
2011-07-31 00:07:59   88192   -c--a-w-   c:\windows\system32\dllcache\irda.sys
2011-07-31 00:07:59   151552   -c--a-w-   c:\windows\system32\dllcache\irftp.exe
2011-07-31 00:06:50   702845   -c--a-w-   c:\windows\system32\dllcache\i81xdnt5.dll
2011-07-31 00:05:19   20352   -c--a-w-   c:\windows\system32\dllcache\hidbatt.sys
2011-07-31 00:05:14   28288   -c--a-w-   c:\windows\system32\dllcache\grserial.sys
2011-07-31 00:05:08   59136   -c--a-w-   c:\windows\system32\dllcache\gckernel.sys
2011-07-31 00:05:08   10624   -c--a-w-   c:\windows\system32\dllcache\gameenum.sys
2011-07-31 00:02:30   206976   -c--a-w-   c:\windows\system32\dllcache\dot4.sys
2011-07-31 00:02:25   8320   -c--a-w-   c:\windows\system32\dllcache\dlttape.sys
2011-07-31 00:01:19   249856   -c--a-w-   c:\windows\system32\dllcache\ctmasetp.dll
2011-07-31 00:01:06   10240   -c--a-w-   c:\windows\system32\dllcache\compbatt.sys
2011-07-31 00:01:01   13952   -c--a-w-   c:\windows\system32\dllcache\cmbatt.sys
2011-07-31 00:00:49   8192   -c--a-w-   c:\windows\system32\dllcache\changer.sys
2011-07-31 00:00:36   121856   -c--a-w-   c:\windows\system32\dllcache\camext30.dll
2011-07-30 23:59:45   11776   -c--a-w-   c:\windows\system32\dllcache\bdasup.sys
2011-07-30 23:59:41   14208   -c--a-w-   c:\windows\system32\dllcache\battc.sys
2011-07-30 23:59:34   13696   -c--a-w-   c:\windows\system32\dllcache\avcstrm.sys
2011-07-30 23:59:33   38912   -c--a-w-   c:\windows\system32\dllcache\avc.sys
2011-07-29 13:20:49   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 13:20:44   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-29 13:20:44   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-07-28 00:37:33   --------   d--h--w-   c:\documents and settings\all users\application data\Common Files
2011-07-28 00:12:09   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2011-07-26 22:12:25   --------   d-----w-   c:\windows\system32\syncdb
2011-07-26 18:11:04   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2011-07-25 23:39:51   --------   d-----w-   c:\program files\Panda Security
2011-07-25 23:30:20   --------   d--h--w-   c:\windows\PIF
2011-07-12 06:34:55   --------   d-----w-   c:\program files\Yahoo!
.
==================== Find3M  ====================
.
2011-07-31 14:19:31   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-27 20:38:43   150016   ----a-w-   c:\windows\system32\nvsvc32.exe
2011-07-12 06:42:38   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 06:17:51   252080   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-06-26 06:17:51   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-06-26 06:17:26   252080   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-06-02 14:02:05   1858944   ----a-w-   c:\windows\system32\win32k.sys
2002-07-26 21:02:06   153088   ----a-w-   c:\program files\UNWISE.EXE
.
============= FINISH: 20:30:15.62 ===============

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26
Run by Owner at 20:29:43 on 2011-07-31
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1502.921 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uInternet Connection Wizard,ShellNext = hxxp://imhome.myspace.com/Modules/IM/Pages/UrlRedirector.aspx?challenge=21023506-38742561-4029044&response=FvILp8uvzBOwoXubT7lPMd3RhOSXcN4Xjv4GphFCqpE&target=editpics&targetid=38742561&IMLang=English&LangID=1033
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {52794457-af6c-4c50-9def-f2e24f4c8889} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {52794457-af6c-4c50-9def-f2e24f4c8889} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UnlockerAssistant] "c:\my backup -- 10-02-28 0905pm\program files\unlocker\UnlockerAssistant .exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search - http://tbedits.ourbabymaker.com/one-toolbaredits/menusearch.jhtml?s=100000471&p=YRxdm002YYus&si=&a=823FBA0F-8815-436D-80D0-930A375307E7&n=2011021322
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.105/FreeRealmsInstaller.cab?v=1050
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D7E84AF2-BF0A-4922-A077-60CFFF0F2E62} - hxxp://www.thesimsresource.com/TSRChat.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{BCF78751-457E-41E7-BD21-13197F729753} : DhcpNameServer = 10.0.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\7gnm4l4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://pimpmyhomepage.com/homepages/colorfulhearts/?text=Love%20is%20a%20powerful%20thing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-11-20 14336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-29 366640]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-3-30 173824]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-3-30 29184]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-3-30 9088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-29 22712]
S1 cjvirmuu;cjvirmuu;\??\c:\windows\system32\drivers\cjvirmuu.sys --> c:\windows\system32\drivers\cjvirmuu.sys [?]
S1 mithjvxk;mithjvxk;\??\c:\windows\system32\drivers\mithjvxk.sys --> c:\windows\system32\drivers\mithjvxk.sys [?]
S1 onkjlnqh;onkjlnqh;\??\c:\windows\system32\drivers\onkjlnqh.sys --> c:\windows\system32\drivers\onkjlnqh.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-6 16968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-29 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\196.tmp --> c:\windows\system32\196.tmp [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
scrfile="%1" %*
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-08-01 00:17:54   388096   ----a-r-   c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-31 21:25:50   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-07-31 21:25:50   --------   d-----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-31 19:08:18   138368   -c--a-w-   c:\windows\system32\dllcache\afd.sys
2011-07-31 19:08:18   138368   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-07-31 14:29:29   --------   d-----w-   c:\program files\Trend Micro
2011-07-31 14:19:46   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-31 00:24:13   116224   -c--a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-31 00:24:08   18944   -c--a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2011-07-31 00:23:45   8192   -c--a-w-   c:\windows\system32\dllcache\wshirda.dll
2011-07-31 00:23:33   8832   -c--a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2011-07-31 00:22:58   31744   -c--a-w-   c:\windows\system32\dllcache\wceusbsh.sys
2011-07-31 00:21:39   26112   -c--a-w-   c:\windows\system32\dllcache\usbser.sys
2011-07-31 00:21:37   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 00:20:22   82944   -c--a-w-   c:\windows\system32\dllcache\tp4mon.exe
2011-07-31 00:19:53   149376   -c--a-w-   c:\windows\system32\dllcache\tffsport.sys
2011-07-31 00:18:13   7552   -c--a-w-   c:\windows\system32\dllcache\sonyait.sys
2011-07-31 00:17:44   6912   -c--a-w-   c:\windows\system32\dllcache\smbclass.sys
2011-07-31 00:17:43   16000   -c--a-w-   c:\windows\system32\dllcache\smbbatt.sys
2011-07-31 00:16:21   11520   -c--a-w-   c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 00:16:03   43904   -c--a-w-   c:\windows\system32\dllcache\sbp2port.sys
2011-07-31 00:15:13   29696   -c--a-w-   c:\windows\system32\dllcache\rw450ext.dll
2011-07-31 00:15:12   27648   -c--a-w-   c:\windows\system32\dllcache\rw430ext.dll
2011-07-31 00:14:55   79104   -c--a-w-   c:\windows\system32\dllcache\rocket.sys
2011-07-31 00:14:19   6016   -c--a-w-   c:\windows\system32\dllcache\qic157.sys
2011-07-31 00:14:08   159232   -c--a-w-   c:\windows\system32\dllcache\ptpusd.dll
2011-07-31 00:14:00   363520   -c--a-w-   c:\windows\system32\dllcache\psisdecd.dll
2011-07-31 00:13:55   17664   -c--a-w-   c:\windows\system32\dllcache\ppa3.sys
2011-07-31 00:13:51   8832   -c--a-w-   c:\windows\system32\dllcache\powerfil.sys
2011-07-31 00:13:22   259328   -c--a-w-   c:\windows\system32\dllcache\perm3dd.dll
2011-07-31 00:13:21   28032   -c--a-w-   c:\windows\system32\dllcache\perm3.sys
2011-07-31 00:13:20   211584   -c--a-w-   c:\windows\system32\dllcache\perm2dll.dll
2011-07-31 00:13:19   27904   -c--a-w-   c:\windows\system32\dllcache\perm2.sys
2011-07-31 00:12:08   61696   -c--a-w-   c:\windows\system32\dllcache\ohci1394.sys
2011-07-31 00:11:44   28672   -c--a-w-   c:\windows\system32\dllcache\nscirda.sys
2011-07-31 00:10:32   49024   -c--a-w-   c:\windows\system32\dllcache\mstape.sys
2011-07-31 00:10:20   22016   -c--a-w-   c:\windows\system32\dllcache\msircomm.sys
2011-07-31 00:10:08   51200   -c--a-w-   c:\windows\system32\dllcache\msdv.sys
2011-07-31 00:10:03   15232   -c--a-w-   c:\windows\system32\dllcache\mpe.sys
2011-07-31 00:09:45   26112   -c--a-w-   c:\windows\system32\dllcache\memstpci.sys
2011-07-31 00:09:13   7040   -c--a-w-   c:\windows\system32\dllcache\ltotape.sys
2011-07-31 00:08:50   34688   -c--a-w-   c:\windows\system32\dllcache\lbrtfdc.sys
2011-07-31 00:08:39   253952   -c--a-w-   c:\windows\system32\dllcache\kdsusd.dll
2011-07-31 00:08:38   48640   -c--a-w-   c:\windows\system32\dllcache\kdsui.dll
2011-07-31 00:08:17   6144   -c--a-w-   c:\windows\system32\dllcache\kbd106.dll
2011-07-31 00:08:02   28160   -c--a-w-   c:\windows\system32\dllcache\irmon.dll
2011-07-31 00:07:59   88192   -c--a-w-   c:\windows\system32\dllcache\irda.sys
2011-07-31 00:07:59   151552   -c--a-w-   c:\windows\system32\dllcache\irftp.exe
2011-07-31 00:06:50   702845   -c--a-w-   c:\windows\system32\dllcache\i81xdnt5.dll
2011-07-31 00:05:19   20352   -c--a-w-   c:\windows\system32\dllcache\hidbatt.sys
2011-07-31 00:05:14   28288   -c--a-w-   c:\windows\system32\dllcache\grserial.sys
2011-07-31 00:05:08   59136   -c--a-w-   c:\windows\system32\dllcache\gckernel.sys
2011-07-31 00:05:08   10624   -c--a-w-   c:\windows\system32\dllcache\gameenum.sys
2011-07-31 00:02:30   206976   -c--a-w-   c:\windows\system32\dllcache\dot4.sys
2011-07-31 00:02:25   8320   -c--a-w-   c:\windows\system32\dllcache\dlttape.sys
2011-07-31 00:01:19   249856   -c--a-w-   c:\windows\system32\dllcache\ctmasetp.dll
2011-07-31 00:01:06   10240   -c--a-w-   c:\windows\system32\dllcache\compbatt.sys
2011-07-31 00:01:01   13952   -c--a-w-   c:\windows\system32\dllcache\cmbatt.sys
2011-07-31 00:00:49   8192   -c--a-w-   c:\windows\system32\dllcache\changer.sys
2011-07-31 00:00:36   121856   -c--a-w-   c:\windows\system32\dllcache\camext30.dll
2011-07-30 23:59:45   11776   -c--a-w-   c:\windows\system32\dllcache\bdasup.sys
2011-07-30 23:59:41   14208   -c--a-w-   c:\windows\system32\dllcache\battc.sys
2011-07-30 23:59:34   13696   -c--a-w-   c:\windows\system32\dllcache\avcstrm.sys
2011-07-30 23:59:33   38912   -c--a-w-   c:\windows\system32\dllcache\avc.sys
2011-07-29 13:20:49   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 13:20:44   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-29 13:20:44   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-07-28 00:37:33   --------   d--h--w-   c:\documents and settings\all users\application data\Common Files
2011-07-28 00:12:09   --------   d-----w-   c:\documents and settings\all users\application data\MFAData
2011-07-26 22:12:25   --------   d-----w-   c:\windows\system32\syncdb
2011-07-26 18:11:04   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2011-07-25 23:39:51   --------   d-----w-   c:\program files\Panda Security
2011-07-25 23:30:20   --------   d--h--w-   c:\windows\PIF
2011-07-12 06:34:55   --------   d-----w-   c:\program files\Yahoo!
.
==================== Find3M  ====================
.
2011-07-31 14:19:31   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-27 20:38:43   150016   ----a-w-   c:\windows\system32\nvsvc32.exe
2011-07-12 06:42:38   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 06:17:51   252080   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-06-26 06:17:51   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-06-26 06:17:26   252080   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-06-02 14:02:05   1858944   ----a-w-   c:\windows\system32\win32k.sys
2002-07-26 21:02:06   153088   ----a-w-   c:\program files\UNWISE.EXE
.
============= FINISH: 20:30:15.62 ===============

[SuperDave]

It would appear that you don't have an Anti-Virus program on your computer. Please download and install one of these free AV's from the list below. NOTE: Don't install AVG because it will interfere with one of the other scans I want to run later.
Also, you didn't include one of the DDS logs. Please find Attach.txt and include it in your next reply.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

[JAJsangel]

ok I wasn't going to install AVG anyway because I've always been told it isn't very good.
is GPbaseservice2 a virus? because it always tries to start when I boot to windows. I tried googling it before and didn't find anything




DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2010 12:08:49 AM
System Uptime: 7/31/2011 6:52:53 PM (2 hours ago)
.
Motherboard: First International Computer, Inc. |  | K8MC51G
Processor: AMD Sempron(tm) Processor 3400+ | Socket 754 | 2009/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 96.438 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.233 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 233 GiB total, 134.138 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_60061509&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_60061509&REV_A2\3&2411E6FE&0&51
Service:
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700,10.0.0.6
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Akamai NetSession Interface
CopyTrans Suite Remove Only
Diablo II
HiJackThis
Spybot - Search & Destroy
TS3 Custom Launcher
.
==== Event Viewer Messages From Past Week ========
.
7/31/2011 8:00:00 AM, error: Schedule [7901]  - The At9.job command failed to start due to the following error:  %%2147942402
7/31/2011 7:00:00 AM, error: Schedule [7901]  - The At8.job command failed to start due to the following error:  %%2147942402
7/31/2011 6:00:00 AM, error: Schedule [7901]  - The At7.job command failed to start due to the following error:  %%2147942402
7/31/2011 5:00:00 AM, error: Schedule [7901]  - The At6.job command failed to start due to the following error:  %%2147942402
7/31/2011 4:00:00 AM, error: Schedule [7901]  - The At5.job command failed to start due to the following error:  %%2147942402
7/31/2011 3:00:00 AM, error: Schedule [7901]  - The At4.job command failed to start due to the following error:  %%2147942402
7/31/2011 2:00:00 AM, error: Schedule [7901]  - The At3.job command failed to start due to the following error:  %%2147942402
7/31/2011 12:57:46 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/31/2011 12:52:58 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/31/2011 10:36:26 AM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
7/29/2011 9:20:34 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Aavmker4 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/29/2011 7:47:18 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Aavmker4 aswSnx aswSP aswTdi Fips Processor SASDIFSV SASKUTIL SBRE
7/28/2011 3:55:02 PM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  A socket operation encountered a dead network.
7/28/2011 3:55:02 PM, error: Service Control Manager [7023]  - The IPSEC Services service terminated with the following error:  A socket operation encountered a dead network.
7/28/2011 3:55:02 PM, error: Service Control Manager [7003]  - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: Afd
7/28/2011 3:55:02 PM, error: Service Control Manager [7003]  - The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
7/28/2011 3:55:02 PM, error: Service Control Manager [7003]  - The DHCP Client service depends on the following nonexistent service: Afd
7/28/2011 10:30:31 AM, error: Service Control Manager [7003]  - The Network Location Awareness (NLA) service depends on the following nonexistent service: AFD
7/27/2011 9:00:00 AM, error: Schedule [7901]  - The At10.job command failed to start due to the following error:  %%2147942402
7/27/2011 8:55:09 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/27/2011 8:25:57 AM, error: Service Control Manager [7034]  - The Panda TPSrv service terminated unexpectedly.  It has done this 1 time(s).
7/27/2011 4:37:11 PM, error: Service Control Manager [7000]  - The Yahoo! Updater service failed to start due to the following error:  The system cannot find the file specified.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000]  - The Panda TPSrv service failed to start due to the following error:  Access is denied.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000]  - The Java Quick Starter service failed to start due to the following error:  The system cannot find the file specified.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000]  - The Bonjour Service service failed to start due to the following error:  The system cannot find the file specified.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The system cannot find the file specified.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000]  - The adfs service failed to start due to the following error:  The system cannot find the file specified.
7/27/2011 4:36:20 PM, error: DCOM [10005]  - DCOM got error "%2" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/27/2011 4:34:11 PM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
7/27/2011 4:34:11 PM, error: DCOM [10000]  - Unable to start a DCOM Server: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}. The error: "%2" Happened while starting this command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqgpc01.exe -Embedding
7/27/2011 4:34:10 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASKUTIL SBRE
7/27/2011 4:34:10 PM, error: Service Control Manager [7000]  - The iPod Service service failed to start due to the following error:  The system cannot find the file specified.
7/27/2011 4:31:40 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/27/2011 4:31:16 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service Panda Software Controller with arguments "" in order to run the server: {1D13E84F-91EE-45C7-9656-A05E3417B4D5}
7/27/2011 4:24:34 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips IPSec MRxSmb NetBIOS NetBT pavboot Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE ShldDrv Tcpip WS2IFSL
7/27/2011 4:24:34 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/27/2011 4:24:06 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/27/2011 4:00:00 PM, error: Schedule [7901]  - The At17.job command failed to start due to the following error:  %%2147942402
7/27/2011 3:14:02 PM, error: Service Control Manager [7034]  - The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).
7/27/2011 3:14:02 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
7/27/2011 3:14:02 PM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
7/27/2011 3:14:02 PM, error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
7/27/2011 3:14:02 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2011 3:00:00 PM, error: Schedule [7901]  - The At16.job command failed to start due to the following error:  %%2147942402
7/27/2011 2:00:00 PM, error: Schedule [7901]  - The At15.job command failed to start due to the following error:  %%2147942402
7/27/2011 12:00:00 PM, error: Schedule [7901]  - The At13.job command failed to start due to the following error:  %%2147942402
7/27/2011 11:00:00 AM, error: Schedule [7901]  - The At12.job command failed to start due to the following error:  %%2147942402
7/27/2011 10:00:00 AM, error: Schedule [7901]  - The At11.job command failed to start due to the following error:  %%2147942402
7/27/2011 1:00:00 PM, error: Schedule [7901]  - The At14.job command failed to start due to the following error:  %%2147942402
7/26/2011 6:49:50 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/26/2011 6:37:29 AM, error: Service Control Manager [7000]  - The SASKUTIL service failed to start due to the following error:  The system cannot find the path specified.
7/26/2011 6:13:30 AM, error: System Error [1003]  - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ee391.
7/26/2011 6:00:01 PM, error: Schedule [7901]  - The At19.job command failed to start due to the following error:  %%2147942402
7/26/2011 5:44:19 PM, error: Service Control Manager [7034]  - The PrismXL service terminated unexpectedly.  It has done this 1 time(s).
7/26/2011 5:44:19 PM, error: Service Control Manager [7034]  - The Adobe Active File Monitor V9 service terminated unexpectedly.  It has done this 1 time(s).
7/26/2011 5:29:29 PM, error: Service Control Manager [7000]  - The avast! Antivirus service failed to start due to the following error:  Access is denied.
7/26/2011 5:26:30 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT pavboot Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/26/2011 2:11:21 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/26/2011 11:57:46 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips IPSec MRxSmb NetBIOS NetBT pavboot Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/26/2011 1:55:16 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips pavboot Processor SASDIFSV SASKUTIL SBRE
7/25/2011 7:34:51 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips Processor SASDIFSV SASKUTIL SBRE
7/25/2011 7:30:03 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/25/2011 7:26:47 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the 47077 service to connect.
7/25/2011 7:00:00 PM, error: Schedule [7901]  - The At20.job command failed to start due to the following error:  %%2147942402
7/25/2011 12:59:54 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASKUTIL SBRE Tcpip WS2IFSL
7/25/2011 12:56:21 AM, error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  Cannot create a file when that file already exists.
7/25/2011 12:37:00 AM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  %%2147942402
7/24/2011 9:00:00 PM, error: Schedule [7901]  - The At22.job command failed to start due to the following error:  %%2147942402
7/24/2011 8:00:00 PM, error: Schedule [7901]  - The At21.job command failed to start due to the following error:  %%2147942402
7/24/2011 5:00:00 PM, error: Schedule [7901]  - The At18.job command failed to start due to the following error:  %%2147942402
7/24/2011 11:00:00 PM, error: Schedule [7901]  - The At24.job command failed to start due to the following error:  %%2147942402
7/24/2011 10:00:00 PM, error: Schedule [7901]  - The At23.job command failed to start due to the following error:  %%2147942402
7/24/2011 1:00:00 AM, error: Schedule [7901]  - The At2.job command failed to start due to the following error:  %%2147942402
.
==== End Of File ===========================

[SuperDave]

is GPbaseservice2 a virus?

It has something to do with a HP printer installation. If you recently installed such a printer, why not uninstall the printer and do a new installation to see if that fixes the problem.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[JAJsangel]

I didn't know how to install the recovery console without the internet on the infected one so......




ComboFix 11-08-01.05 - Owner 08/01/2011  19:33:03.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1502.952 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\ff-overlay.xul
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\overlay.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\install.rdf
c:\documents and settings\Owner\Error.log
c:\documents and settings\Owner\WINDOWS
c:\program files\UNWISE.EXE
c:\recycled\Recycled
c:\windows\$NtUninstallKB47884$
c:\windows\$NtUninstallKB47884$\2027078655
c:\windows\$NtUninstallKB47884$\3613430675\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB47884$\3613430675\L\iopiovam
c:\windows\$NtUninstallKB47884$\3613430675\loader.tlb
c:\windows\$NtUninstallKB47884$\3613430675\U\@00000001
c:\windows\$NtUninstallKB47884$\3613430675\U\@000000c0
c:\windows\$NtUninstallKB47884$\3613430675\U\@000000cb
c:\windows\$NtUninstallKB47884$\3613430675\U\@000000cf
c:\windows\$NtUninstallKB47884$\3613430675\U\@80000000
c:\windows\$NtUninstallKB47884$\3613430675\U\@800000c0
c:\windows\$NtUninstallKB47884$\3613430675\U\@800000cb
c:\windows\$NtUninstallKB47884$\3613430675\U\@800000cf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\Update.bat
G:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-01 to 2011-08-01  )))))))))))))))))))))))))))))))
.
.
2011-08-01 04:26 . 2011-07-04 11:32   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-08-01 04:26 . 2011-07-04 11:36   309848   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-08-01 04:26 . 2011-07-04 11:36   441176   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-08-01 04:26 . 2011-07-04 11:35   43608   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-08-01 04:26 . 2011-07-04 11:32   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-08-01 04:26 . 2011-07-04 11:35   102616   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-08-01 04:26 . 2011-07-04 11:35   96344   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-08-01 04:26 . 2011-07-04 11:32   30808   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-08-01 04:26 . 2011-07-04 11:43   40112   ----a-w-   c:\windows\avastSS.scr
2011-08-01 04:26 . 2011-07-04 11:43   199304   ----a-w-   c:\windows\system32\aswBoot.exe
2011-08-01 04:26 . 2011-08-01 04:26   --------   d-----w-   c:\program files\AVAST Software
2011-07-31 21:25 . 2011-08-01 04:22   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-07-31 21:25 . 2011-08-01 04:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-31 19:08 . 2008-08-14 09:51   138368   -c--a-w-   c:\windows\system32\dllcache\afd.sys
2011-07-31 19:08 . 2008-08-14 09:51   138368   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-07-31 14:29 . 2011-07-31 14:29   --------   d-----w-   c:\program files\Trend Micro
2011-07-31 14:19 . 2011-07-31 14:19   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-31 00:24 . 2008-04-13 23:12   116224   -c--a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-31 00:24 . 2008-04-13 23:12   18944   -c--a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2011-07-31 00:23 . 2008-04-13 23:12   8192   -c--a-w-   c:\windows\system32\dllcache\wshirda.dll
2011-07-31 00:23 . 2008-04-13 17:36   8832   -c--a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2011-07-31 00:22 . 2008-04-13 17:45   31744   -c--a-w-   c:\windows\system32\dllcache\wceusbsh.sys
2011-07-31 00:21 . 2008-04-13 17:45   26112   -c--a-w-   c:\windows\system32\dllcache\usbser.sys
2011-07-31 00:21 . 2008-04-13 17:45   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 00:20 . 2008-04-13 23:12   82944   -c--a-w-   c:\windows\system32\dllcache\tp4mon.exe
2011-07-31 00:19 . 2008-04-13 17:40   149376   -c--a-w-   c:\windows\system32\dllcache\tffsport.sys
2011-07-31 00:18 . 2008-04-13 17:40   7552   -c--a-w-   c:\windows\system32\dllcache\sonyait.sys
2011-07-31 00:17 . 2008-04-13 17:36   6912   -c--a-w-   c:\windows\system32\dllcache\smbclass.sys
2011-07-31 00:17 . 2008-04-13 17:36   16000   -c--a-w-   c:\windows\system32\dllcache\smbbatt.sys
2011-07-31 00:16 . 2008-04-13 17:45   11520   -c--a-w-   c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 00:16 . 2008-04-13 17:40   43904   -c--a-w-   c:\windows\system32\dllcache\sbp2port.sys
2011-07-31 00:15 . 2008-04-13 23:12   29696   -c--a-w-   c:\windows\system32\dllcache\rw450ext.dll
2011-07-31 00:15 . 2008-04-13 23:12   27648   -c--a-w-   c:\windows\system32\dllcache\rw430ext.dll
2011-07-31 00:14 . 2008-04-13 17:40   79104   -c--a-w-   c:\windows\system32\dllcache\rocket.sys
2011-07-31 00:14 . 2008-04-13 17:40   6016   -c--a-w-   c:\windows\system32\dllcache\qic157.sys
2011-07-31 00:14 . 2008-04-13 23:12   159232   -c--a-w-   c:\windows\system32\dllcache\ptpusd.dll
2011-07-31 00:14 . 2008-04-13 23:12   363520   -c--a-w-   c:\windows\system32\dllcache\psisdecd.dll
2011-07-31 00:13 . 2008-04-13 17:41   17664   -c--a-w-   c:\windows\system32\dllcache\ppa3.sys
2011-07-31 00:13 . 2008-04-13 17:40   8832   -c--a-w-   c:\windows\system32\dllcache\powerfil.sys
2011-07-31 00:13 . 2008-04-13 23:10   259328   -c--a-w-   c:\windows\system32\dllcache\perm3dd.dll
2011-07-31 00:13 . 2008-04-13 17:44   28032   -c--a-w-   c:\windows\system32\dllcache\perm3.sys
2011-07-31 00:13 . 2008-04-13 23:10   211584   -c--a-w-   c:\windows\system32\dllcache\perm2dll.dll
2011-07-31 00:13 . 2008-04-13 17:44   27904   -c--a-w-   c:\windows\system32\dllcache\perm2.sys
2011-07-31 00:12 . 2008-04-13 17:46   61696   -c--a-w-   c:\windows\system32\dllcache\ohci1394.sys
2011-07-31 00:11 . 2008-04-13 17:54   28672   -c--a-w-   c:\windows\system32\dllcache\nscirda.sys
2011-07-31 00:10 . 2008-04-13 17:46   49024   -c--a-w-   c:\windows\system32\dllcache\mstape.sys
2011-07-31 00:10 . 2008-04-13 17:54   22016   -c--a-w-   c:\windows\system32\dllcache\msircomm.sys
2011-07-31 00:10 . 2008-04-13 17:46   51200   -c--a-w-   c:\windows\system32\dllcache\msdv.sys
2011-07-31 00:10 . 2008-04-13 17:46   15232   -c--a-w-   c:\windows\system32\dllcache\mpe.sys
2011-07-31 00:09 . 2008-04-13 17:41   26112   -c--a-w-   c:\windows\system32\dllcache\memstpci.sys
2011-07-31 00:09 . 2008-04-13 17:40   7040   -c--a-w-   c:\windows\system32\dllcache\ltotape.sys
2011-07-31 00:08 . 2008-04-13 17:40   34688   -c--a-w-   c:\windows\system32\dllcache\lbrtfdc.sys
2011-07-31 00:08 . 2008-04-13 23:11   253952   -c--a-w-   c:\windows\system32\dllcache\kdsusd.dll
2011-07-31 00:08 . 2008-04-13 23:11   48640   -c--a-w-   c:\windows\system32\dllcache\kdsui.dll
2011-07-31 00:08 . 2008-04-13 23:09   6144   -c--a-w-   c:\windows\system32\dllcache\kbd106.dll
2011-07-31 00:08 . 2008-04-13 23:11   28160   -c--a-w-   c:\windows\system32\dllcache\irmon.dll
2011-07-31 00:07 . 2008-04-13 23:12   151552   -c--a-w-   c:\windows\system32\dllcache\irftp.exe
2011-07-31 00:07 . 2008-04-13 17:54   88192   -c--a-w-   c:\windows\system32\dllcache\irda.sys
2011-07-31 00:06 . 2008-04-13 23:11   702845   -c--a-w-   c:\windows\system32\dllcache\i81xdnt5.dll
2011-07-31 00:05 . 2008-04-13 17:36   20352   -c--a-w-   c:\windows\system32\dllcache\hidbatt.sys
2011-07-31 00:05 . 2008-04-13 17:40   28288   -c--a-w-   c:\windows\system32\dllcache\grserial.sys
2011-07-31 00:05 . 2008-04-13 17:45   59136   -c--a-w-   c:\windows\system32\dllcache\gckernel.sys
2011-07-31 00:05 . 2008-04-13 17:45   10624   -c--a-w-   c:\windows\system32\dllcache\gameenum.sys
2011-07-31 00:02 . 2008-04-13 17:39   206976   -c--a-w-   c:\windows\system32\dllcache\dot4.sys
2011-07-31 00:02 . 2008-04-13 17:40   8320   -c--a-w-   c:\windows\system32\dllcache\dlttape.sys
2011-07-31 00:01 . 2008-04-13 23:11   249856   -c--a-w-   c:\windows\system32\dllcache\ctmasetp.dll
2011-07-31 00:01 . 2008-04-13 17:36   10240   -c--a-w-   c:\windows\system32\dllcache\compbatt.sys
2011-07-31 00:01 . 2008-04-13 17:36   13952   -c--a-w-   c:\windows\system32\dllcache\cmbatt.sys
2011-07-31 00:00 . 2008-04-13 17:40   8192   -c--a-w-   c:\windows\system32\dllcache\changer.sys
2011-07-31 00:00 . 2008-04-13 23:11   121856   -c--a-w-   c:\windows\system32\dllcache\camext30.dll
2011-07-30 23:59 . 2008-04-13 17:46   11776   -c--a-w-   c:\windows\system32\dllcache\bdasup.sys
2011-07-30 23:59 . 2008-04-13 17:36   14208   -c--a-w-   c:\windows\system32\dllcache\battc.sys
2011-07-30 23:59 . 2008-04-13 17:46   13696   -c--a-w-   c:\windows\system32\dllcache\avcstrm.sys
2011-07-30 23:59 . 2008-04-13 17:46   38912   -c--a-w-   c:\windows\system32\dllcache\avc.sys
2011-07-29 13:20 . 2011-07-06 23:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 13:20 . 2011-07-29 13:20   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-07-29 13:20 . 2011-07-06 23:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-28 00:37 . 2011-07-28 00:37   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-07-28 00:12 . 2011-07-28 00:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-07-26 22:12 . 2011-07-26 22:12   --------   d-----w-   c:\windows\system32\syncdb
2011-07-26 18:11 . 2011-08-01 04:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-25 23:39 . 2011-07-27 20:48   --------   d-----w-   c:\program files\Panda Security
2011-07-25 23:30 . 2011-07-25 23:30   --------   d--h--w-   c:\windows\PIF
2011-07-12 06:42 . 2011-07-13 04:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-07-12 06:42 . 2011-07-12 06:43   --------   d-----w-   c:\documents and settings\Owner\Application Data\Yahoo!
2011-07-12 06:38 . 2011-07-12 06:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
2011-07-12 06:34 . 2011-07-12 06:42   --------   d-----w-   c:\program files\Yahoo!
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-31 14:19 . 2010-05-23 01:21   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-27 20:38 . 2011-01-07 23:56   150016   ----a-w-   c:\windows\system32\nvsvc32.exe
2011-07-12 06:42 . 2011-05-23 16:50   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2007-11-20 06:04   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-06-23 03:43 . 2011-05-06 09:50   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.

Code: [Select]

<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\CyberLink\PowerDVD\PDVDServ .exe
c:\program files\Digital Media Reader\readericon45G .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Electronic Arts\EADM\Core .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MP4 Player\mp4Player .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\windows\creator\Remind_XP .exe
c:\windows\SMINST\RECGUARD .exe
c:\windows\system32\rundll32 .exe
</pre>.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"UnlockerAssistant"="c:\my backup -- 10-02-28 0905pm\Program Files\Unlocker\UnlockerAssistant .exe" [2009-10-26 15872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2010-3-1 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31   80896   ----a-w-   c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{68550918-63B5-4762-85CB-3C160AA4B213}\\setup\\hpznui01.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/1/2011 12:26 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/1/2011 12:26 AM 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/20/2007 2:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/1/2011 12:26 AM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/29/2011 9:20 AM 366640]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [3/30/2005 12:22 PM 173824]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [3/30/2005 12:22 PM 29184]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [3/30/2005 12:22 PM 9088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/29/2011 9:20 AM 22712]
S1 cjvirmuu;cjvirmuu;\??\c:\windows\system32\drivers\cjvirmuu.sys --> c:\windows\system32\drivers\cjvirmuu.sys [?]
S1 mithjvxk;mithjvxk;\??\c:\windows\system32\drivers\mithjvxk.sys --> c:\windows\system32\drivers\mithjvxk.sys [?]
S1 onkjlnqh;onkjlnqh;\??\c:\windows\system32\drivers\onkjlnqh.sys --> c:\windows\system32\drivers\onkjlnqh.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [3/6/2011 7:36 PM 16968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/29/2011 9:20 AM 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\196.tmp --> c:\windows\system32\196.tmp [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-YOUR-433A10CD72-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-15 21:42]
.
2011-08-01 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-06 20:50]
.
2011-07-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]
.
2011-07-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]
.
2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-872174263-1915020261-335545884-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-872174263-1915020261-335545884-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uInternet Connection Wizard,ShellNext = hxxp://imhome.myspace.com/Modules/IM/Pages/UrlRedirector.aspx?challenge=21023506-38742561-4029044&response=FvILp8uvzBOwoXubT7lPMd3RhOSXcN4Xjv4GphFCqpE&target=editpics&targetid=38742561&IMLang=English&LangID=1033
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\FinalVideoDownloader\fvdRunner.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://pimpmyhomepage.com/homepages/colorfulhearts/?text=Love%20is%20a%20powerful%20thing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 19:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\196.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,8a,75,f7,86,0f,8f,41,95,d1,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,8a,75,f7,86,0f,8f,41,95,d1,40,\
.
[HKEY_USERS\S-1-5-21-872174263-1915020261-335545884-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40EE53F9-6CF3-2C1F-76C7-4BDAC050D978}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(712)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-01  19:55:12 - machine was rebooted
ComboFix-quarantined-files.txt  2011-08-01 23:55
.
Pre-Run: 103,372,881,920 bytes free
Post-Run: 103,753,900,032 bytes free
.
- - End Of File - - 1F1719F5E70F74DDBB7A8A69F134DAB0

[JAJsangel]

Oh forgot to say idk if you can tell from the log but Combofix said it found a rootkit in the TCP/IP thing so now I guess I know that a virus has not only deleted a file but still kept me from using the internet
idk why it still doesn't work though, I would have thought it would get rid of it.

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  RenV::
  c:\program files\Common Files\Java\Java Update\jusched .exe
  c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
  c:\program files\Common Files\Real\Update_OB\realsched .exe
  c:\program files\CyberLink\PowerDVD\PDVDServ .exe
  c:\program files\Digital Media Reader\readericon45G .exe
  c:\program files\DivX\DivX Update\DivXUpdate .exe
  c:\program files\Electronic Arts\EADM\Core .exe
  c:\program files\Messenger\msmsgs .exe
  c:\program files\MP4 Player\mp4Player .exe
  c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
  c:\windows\creator\Remind_XP .exe
  c:\windows\SMINST\RECGUARD .exe
  c:\windows\system32\rundll32 .exe
  
  File::
  c:\windows\system32\drivers\cjvirmuu.sys
  c:\windows\system32\drivers\mithjvxk.sys
  c:\windows\system32\drivers\onkjlnqh.sys
  Folder::
  
  Registry::
  
  Driver::
  cjvirmuu
  mithjvxk
  onkjlnqh
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

******************************************************

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

[JAJsangel]

ComboFix 11-08-01.05 - Owner 08/02/2011  19:32:52.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1502.1044 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFscript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\system32\drivers\cjvirmuu.sys"
"c:\windows\system32\drivers\mithjvxk.sys"
"c:\windows\system32\drivers\onkjlnqh.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cjvirmuu
-------\Service_mithjvxk
-------\Service_onkjlnqh
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-02 to 2011-08-02  )))))))))))))))))))))))))))))))
.
.
2011-08-01 04:26 . 2011-07-04 11:32   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-08-01 04:26 . 2011-07-04 11:36   309848   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-08-01 04:26 . 2011-07-04 11:36   441176   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-08-01 04:26 . 2011-07-04 11:35   43608   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-08-01 04:26 . 2011-07-04 11:32   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-08-01 04:26 . 2011-07-04 11:35   102616   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-08-01 04:26 . 2011-07-04 11:35   96344   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-08-01 04:26 . 2011-07-04 11:32   30808   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-08-01 04:26 . 2011-07-04 11:43   40112   ----a-w-   c:\windows\avastSS.scr
2011-08-01 04:26 . 2011-07-04 11:43   199304   ----a-w-   c:\windows\system32\aswBoot.exe
2011-08-01 04:26 . 2011-08-01 04:26   --------   d-----w-   c:\program files\AVAST Software
2011-07-31 21:25 . 2011-08-01 04:22   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-07-31 21:25 . 2011-08-01 04:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-31 19:08 . 2008-08-14 09:51   138368   -c--a-w-   c:\windows\system32\dllcache\afd.sys
2011-07-31 19:08 . 2008-08-14 09:51   138368   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-07-31 14:29 . 2011-07-31 14:29   --------   d-----w-   c:\program files\Trend Micro
2011-07-31 14:19 . 2011-07-31 14:19   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-31 00:24 . 2008-04-13 23:12   116224   -c--a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-31 00:24 . 2008-04-13 23:12   18944   -c--a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2011-07-31 00:23 . 2008-04-13 23:12   8192   -c--a-w-   c:\windows\system32\dllcache\wshirda.dll
2011-07-31 00:23 . 2008-04-13 17:36   8832   -c--a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2011-07-31 00:22 . 2008-04-13 17:45   31744   -c--a-w-   c:\windows\system32\dllcache\wceusbsh.sys
2011-07-31 00:21 . 2008-04-13 17:45   26112   -c--a-w-   c:\windows\system32\dllcache\usbser.sys
2011-07-31 00:21 . 2008-04-13 17:45   60032   -c--a-w-   c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 00:20 . 2008-04-13 23:12   82944   -c--a-w-   c:\windows\system32\dllcache\tp4mon.exe
2011-07-31 00:19 . 2008-04-13 17:40   149376   -c--a-w-   c:\windows\system32\dllcache\tffsport.sys
2011-07-31 00:18 . 2008-04-13 17:40   7552   -c--a-w-   c:\windows\system32\dllcache\sonyait.sys
2011-07-31 00:17 . 2008-04-13 17:36   6912   -c--a-w-   c:\windows\system32\dllcache\smbclass.sys
2011-07-31 00:17 . 2008-04-13 17:36   16000   -c--a-w-   c:\windows\system32\dllcache\smbbatt.sys
2011-07-31 00:16 . 2008-04-13 17:45   11520   -c--a-w-   c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 00:16 . 2008-04-13 17:40   43904   -c--a-w-   c:\windows\system32\dllcache\sbp2port.sys
2011-07-31 00:15 . 2008-04-13 23:12   29696   -c--a-w-   c:\windows\system32\dllcache\rw450ext.dll
2011-07-31 00:15 . 2008-04-13 23:12   27648   -c--a-w-   c:\windows\system32\dllcache\rw430ext.dll
2011-07-31 00:14 . 2008-04-13 17:40   79104   -c--a-w-   c:\windows\system32\dllcache\rocket.sys
2011-07-31 00:14 . 2008-04-13 17:40   6016   -c--a-w-   c:\windows\system32\dllcache\qic157.sys
2011-07-31 00:14 . 2008-04-13 23:12   159232   -c--a-w-   c:\windows\system32\dllcache\ptpusd.dll
2011-07-31 00:14 . 2008-04-13 23:12   363520   -c--a-w-   c:\windows\system32\dllcache\psisdecd.dll
2011-07-31 00:13 . 2008-04-13 17:41   17664   -c--a-w-   c:\windows\system32\dllcache\ppa3.sys
2011-07-31 00:13 . 2008-04-13 17:40   8832   -c--a-w-   c:\windows\system32\dllcache\powerfil.sys
2011-07-31 00:13 . 2008-04-13 23:10   259328   -c--a-w-   c:\windows\system32\dllcache\perm3dd.dll
2011-07-31 00:13 . 2008-04-13 17:44   28032   -c--a-w-   c:\windows\system32\dllcache\perm3.sys
2011-07-31 00:13 . 2008-04-13 23:10   211584   -c--a-w-   c:\windows\system32\dllcache\perm2dll.dll
2011-07-31 00:13 . 2008-04-13 17:44   27904   -c--a-w-   c:\windows\system32\dllcache\perm2.sys
2011-07-31 00:12 . 2008-04-13 17:46   61696   -c--a-w-   c:\windows\system32\dllcache\ohci1394.sys
2011-07-31 00:11 . 2008-04-13 17:54   28672   -c--a-w-   c:\windows\system32\dllcache\nscirda.sys
2011-07-31 00:10 . 2008-04-13 17:46   49024   -c--a-w-   c:\windows\system32\dllcache\mstape.sys
2011-07-31 00:10 . 2008-04-13 17:54   22016   -c--a-w-   c:\windows\system32\dllcache\msircomm.sys
2011-07-31 00:10 . 2008-04-13 17:46   51200   -c--a-w-   c:\windows\system32\dllcache\msdv.sys
2011-07-31 00:10 . 2008-04-13 17:46   15232   -c--a-w-   c:\windows\system32\dllcache\mpe.sys
2011-07-31 00:09 . 2008-04-13 17:41   26112   -c--a-w-   c:\windows\system32\dllcache\memstpci.sys
2011-07-31 00:09 . 2008-04-13 17:40   7040   -c--a-w-   c:\windows\system32\dllcache\ltotape.sys
2011-07-31 00:08 . 2008-04-13 17:40   34688   -c--a-w-   c:\windows\system32\dllcache\lbrtfdc.sys
2011-07-31 00:08 . 2008-04-13 23:11   253952   -c--a-w-   c:\windows\system32\dllcache\kdsusd.dll
2011-07-31 00:08 . 2008-04-13 23:11   48640   -c--a-w-   c:\windows\system32\dllcache\kdsui.dll
2011-07-31 00:08 . 2008-04-13 23:09   6144   -c--a-w-   c:\windows\system32\dllcache\kbd106.dll
2011-07-31 00:08 . 2008-04-13 23:11   28160   -c--a-w-   c:\windows\system32\dllcache\irmon.dll
2011-07-31 00:07 . 2008-04-13 23:12   151552   -c--a-w-   c:\windows\system32\dllcache\irftp.exe
2011-07-31 00:07 . 2008-04-13 17:54   88192   -c--a-w-   c:\windows\system32\dllcache\irda.sys
2011-07-31 00:06 . 2008-04-13 23:11   702845   -c--a-w-   c:\windows\system32\dllcache\i81xdnt5.dll
2011-07-31 00:05 . 2008-04-13 17:36   20352   -c--a-w-   c:\windows\system32\dllcache\hidbatt.sys
2011-07-31 00:05 . 2008-04-13 17:40   28288   -c--a-w-   c:\windows\system32\dllcache\grserial.sys
2011-07-31 00:05 . 2008-04-13 17:45   59136   -c--a-w-   c:\windows\system32\dllcache\gckernel.sys
2011-07-31 00:05 . 2008-04-13 17:45   10624   -c--a-w-   c:\windows\system32\dllcache\gameenum.sys
2011-07-31 00:02 . 2008-04-13 17:39   206976   -c--a-w-   c:\windows\system32\dllcache\dot4.sys
2011-07-31 00:02 . 2008-04-13 17:40   8320   -c--a-w-   c:\windows\system32\dllcache\dlttape.sys
2011-07-31 00:01 . 2008-04-13 23:11   249856   -c--a-w-   c:\windows\system32\dllcache\ctmasetp.dll
2011-07-31 00:01 . 2008-04-13 17:36   10240   -c--a-w-   c:\windows\system32\dllcache\compbatt.sys
2011-07-31 00:01 . 2008-04-13 17:36   13952   -c--a-w-   c:\windows\system32\dllcache\cmbatt.sys
2011-07-31 00:00 . 2008-04-13 17:40   8192   -c--a-w-   c:\windows\system32\dllcache\changer.sys
2011-07-31 00:00 . 2008-04-13 23:11   121856   -c--a-w-   c:\windows\system32\dllcache\camext30.dll
2011-07-30 23:59 . 2008-04-13 17:46   11776   -c--a-w-   c:\windows\system32\dllcache\bdasup.sys
2011-07-30 23:59 . 2008-04-13 17:36   14208   -c--a-w-   c:\windows\system32\dllcache\battc.sys
2011-07-30 23:59 . 2008-04-13 17:46   13696   -c--a-w-   c:\windows\system32\dllcache\avcstrm.sys
2011-07-30 23:59 . 2008-04-13 17:46   38912   -c--a-w-   c:\windows\system32\dllcache\avc.sys
2011-07-29 13:20 . 2011-07-06 23:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 13:20 . 2011-07-29 13:20   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-07-29 13:20 . 2011-07-06 23:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-28 00:37 . 2011-07-28 00:37   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2011-07-28 00:12 . 2011-07-28 00:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\MFAData
2011-07-26 22:12 . 2011-07-26 22:12   --------   d-----w-   c:\windows\system32\syncdb
2011-07-26 18:11 . 2011-08-01 04:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-25 23:39 . 2011-07-27 20:48   --------   d-----w-   c:\program files\Panda Security
2011-07-25 23:30 . 2011-07-25 23:30   --------   d--h--w-   c:\windows\PIF
2011-07-12 06:42 . 2011-07-13 04:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-07-12 06:42 . 2011-07-12 06:43   --------   d-----w-   c:\documents and settings\Owner\Application Data\Yahoo!
2011-07-12 06:38 . 2011-07-12 06:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
2011-07-12 06:34 . 2011-07-12 06:42   --------   d-----w-   c:\program files\Yahoo!
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-31 14:19 . 2010-05-23 01:21   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-07-27 20:38 . 2011-01-07 23:56   150016   ----a-w-   c:\windows\system32\nvsvc32.exe
2011-07-12 06:42 . 2011-05-23 16:50   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2007-11-20 06:04   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-06-23 03:43 . 2011-05-06 09:50   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
(((((((((((((((((((((((((((((   SnapShot@2011-08-01_23.50.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-14 06:42 . 2002-09-14 06:42   212992              c:\windows\SMINST\RECGUARD.exe
+ 2005-02-26 01:24 . 2005-02-26 01:24   966656              c:\windows\creator\Remind_XP.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43   122512   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"UnlockerAssistant"="c:\my backup -- 10-02-28 0905pm\Program Files\Unlocker\UnlockerAssistant .exe" [2009-10-26 15872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2010-3-1 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31   80896   ----a-w-   c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{68550918-63B5-4762-85CB-3C160AA4B213}\\setup\\hpznui01.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASKUTIL;SASKUTIL;c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-03-06 16968]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\196.tmp

R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 aswFsBlk;aswFsBlk;

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-03-30 173824]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-03-30 29184]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-03-30 9088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-YOUR-433A10CD72-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-15 21:42]
.
2011-08-02 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-06 20:50]
.
2011-08-02 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]
.
2011-08-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]
.
2011-08-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-872174263-1915020261-335545884-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-872174263-1915020261-335545884-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uInternet Connection Wizard,ShellNext = hxxp://imhome.myspace.com/Modules/IM/Pages/UrlRedirector.aspx?challenge=21023506-38742561-4029044&response=FvILp8uvzBOwoXubT7lPMd3RhOSXcN4Xjv4GphFCqpE&target=editpics&targetid=38742561&IMLang=English&LangID=1033
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\FinalVideoDownloader\fvdRunner.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://pimpmyhomepage.com/homepages/colorfulhearts/?text=Love%20is%20a%20powerful%20thing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-02 19:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\196.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,8a,75,f7,86,0f,8f,41,95,d1,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,8a,75,f7,86,0f,8f,41,95,d1,40,\
.
[HKEY_USERS\S-1-5-21-872174263-1915020261-335545884-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40EE53F9-6CF3-2C1F-76C7-4BDAC050D978}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(712)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-02  19:53:36 - machine was rebooted
ComboFix-quarantined-files.txt  2011-08-02 23:53
ComboFix2.txt  2011-08-01 23:55
.
Pre-Run: 103,768,625,152 bytes free
Post-Run: 103,632,039,936 bytes free
.
- - End Of File - - A532A8BC750223324F4FAAABA5C6D56F




2011/08/02 19:54:24.0531 3816   TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 19:54:24.0578 3816   ================================================================================
2011/08/02 19:54:24.0578 3816   SystemInfo:
2011/08/02 19:54:24.0578 3816   
2011/08/02 19:54:24.0578 3816   OS Version: 5.1.2600 ServicePack: 3.0
2011/08/02 19:54:24.0578 3816   Product type: Workstation
2011/08/02 19:54:24.0578 3816   ComputerName: YOUR-433A10CD72
2011/08/02 19:54:24.0578 3816   UserName: Owner
2011/08/02 19:54:24.0578 3816   Windows directory: C:\WINDOWS
2011/08/02 19:54:24.0578 3816   System windows directory: C:\WINDOWS
2011/08/02 19:54:24.0578 3816   Processor architecture: Intel x86
2011/08/02 19:54:24.0578 3816   Number of processors: 1
2011/08/02 19:54:24.0578 3816   Page size: 0x1000
2011/08/02 19:54:24.0578 3816   Boot type: Normal boot
2011/08/02 19:54:24.0578 3816   ================================================================================
2011/08/02 19:54:25.0765 3816   Initialize success
2011/08/02 19:54:28.0484 3404   ================================================================================
2011/08/02 19:54:28.0484 3404   Scan started
2011/08/02 19:54:28.0484 3404   Mode: Manual;
2011/08/02 19:54:28.0484 3404   ================================================================================
2011/08/02 19:54:29.0296 3404   Aavmker4        (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/02 19:54:29.0390 3404   abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/02 19:54:29.0437 3404   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 19:54:29.0468 3404   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/02 19:54:29.0531 3404   adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/02 19:54:29.0609 3404   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 19:54:29.0734 3404   agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/02 19:54:29.0765 3404   agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/02 19:54:29.0796 3404   Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/02 19:54:29.0812 3404   aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/02 19:54:29.0843 3404   aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/02 19:54:30.0031 3404   ALCXWDM         (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/02 19:54:30.0234 3404   AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/02 19:54:30.0281 3404   alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/02 19:54:30.0312 3404   amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/02 19:54:30.0343 3404   amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/02 19:54:30.0453 3404   asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/02 19:54:30.0609 3404   asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/02 19:54:30.0640 3404   asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/02 19:54:30.0687 3404   aswFsBlk        (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/02 19:54:30.0750 3404   aswMon2         (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/02 19:54:30.0765 3404   aswRdr          (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/02 19:54:30.0812 3404   aswSnx          (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/02 19:54:30.0859 3404   aswSP           (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/02 19:54:30.0921 3404   aswTdi          (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/02 19:54:31.0062 3404   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 19:54:31.0093 3404   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 19:54:31.0187 3404   ATICXCAP        (b27b6cc25e81165bb946ded4ec8eea0b) C:\WINDOWS\system32\drivers\aticxcap.sys
2011/08/02 19:54:31.0218 3404   ATICXTUN        (2fd0cdfee26d490b6f8de9a035d522b6) C:\WINDOWS\system32\drivers\aticxtun.sys
2011/08/02 19:54:31.0250 3404   ATICXXBR        (ba877c4698f4477d6a69f9e071337c4b) C:\WINDOWS\system32\drivers\aticxxbr.sys
2011/08/02 19:54:31.0296 3404   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 19:54:31.0468 3404   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 19:54:31.0500 3404   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 19:54:31.0578 3404   BVRPMPR5        (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/08/02 19:54:31.0640 3404   cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/02 19:54:31.0671 3404   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 19:54:31.0718 3404   CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/02 19:54:31.0750 3404   cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/02 19:54:31.0796 3404   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 19:54:31.0921 3404   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 19:54:31.0968 3404   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/02 19:54:32.0078 3404   CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/02 19:54:32.0125 3404   Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/02 19:54:32.0156 3404   dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/02 19:54:32.0187 3404   dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/02 19:54:32.0218 3404   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/02 19:54:32.0296 3404   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/02 19:54:32.0453 3404   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/02 19:54:32.0500 3404   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/02 19:54:32.0546 3404   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/02 19:54:32.0593 3404   dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/02 19:54:32.0625 3404   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/02 19:54:32.0671 3404   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/02 19:54:32.0718 3404   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/02 19:54:32.0859 3404   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/02 19:54:32.0890 3404   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/02 19:54:32.0953 3404   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/02 19:54:33.0015 3404   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/02 19:54:33.0062 3404   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/02 19:54:33.0203 3404   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/02 19:54:33.0265 3404   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/02 19:54:33.0343 3404   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/02 19:54:33.0406 3404   hitmanpro35     (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/08/02 19:54:33.0484 3404   hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/02 19:54:33.0640 3404   HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/02 19:54:33.0671 3404   HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/02 19:54:33.0718 3404   HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/02 19:54:33.0765 3404   HSFHWBS2        (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/02 19:54:33.0828 3404   HSF_DPV         (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/02 19:54:34.0000 3404   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/02 19:54:34.0062 3404   i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/02 19:54:34.0093 3404   i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/02 19:54:34.0140 3404   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/02 19:54:34.0171 3404   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/02 19:54:34.0234 3404   ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/02 19:54:34.0265 3404   IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/02 19:54:34.0312 3404   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/02 19:54:34.0421 3404   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/02 19:54:34.0500 3404   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/02 19:54:34.0546 3404   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/02 19:54:34.0578 3404   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/02 19:54:34.0718 3404   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/02 19:54:34.0765 3404   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/02 19:54:34.0812 3404   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/02 19:54:34.0859 3404   kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/02 19:54:34.0921 3404   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/02 19:54:35.0078 3404   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/02 19:54:35.0156 3404   MBAMProtector   (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/02 19:54:35.0203 3404   MBAMSwissArmy   (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/02 19:54:35.0265 3404   mdmxsdk         (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/02 19:54:35.0437 3404   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/02 19:54:35.0500 3404   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/02 19:54:35.0562 3404   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/02 19:54:35.0625 3404   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/02 19:54:35.0734 3404   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/02 19:54:35.0781 3404   mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/02 19:54:35.0812 3404   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/02 19:54:35.0875 3404   MRxSmb          (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/02 19:54:35.0953 3404   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/02 19:54:36.0000 3404   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/02 19:54:36.0109 3404   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/02 19:54:36.0140 3404   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/02 19:54:36.0187 3404   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/02 19:54:36.0250 3404   MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/02 19:54:36.0312 3404   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/02 19:54:36.0468 3404   mxnic           (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/08/02 19:54:36.0515 3404   NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/02 19:54:36.0578 3404   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/02 19:54:36.0734 3404   NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/02 19:54:36.0781 3404   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/02 19:54:36.0812 3404   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/02 19:54:36.0843 3404   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/02 19:54:36.0890 3404   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/02 19:54:36.0968 3404   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/02 19:54:37.0078 3404   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/02 19:54:37.0156 3404   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/02 19:54:37.0203 3404   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/02 19:54:37.0265 3404   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/02 19:54:37.0703 3404   nv              (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/02 19:54:38.0203 3404   NVENETFD        (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/02 19:54:38.0250 3404   nvnetbus        (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/02 19:54:38.0296 3404   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/02 19:54:38.0343 3404   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/02 19:54:38.0406 3404   P3              (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/02 19:54:38.0531 3404   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/02 19:54:38.0562 3404   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/02 19:54:38.0609 3404   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/02 19:54:38.0640 3404   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/02 19:54:38.0703 3404   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/02 19:54:38.0750 3404   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/02 19:54:38.0937 3404   perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/02 19:54:38.0968 3404   perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/02 19:54:39.0046 3404   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/02 19:54:39.0078 3404   Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/02 19:54:39.0109 3404   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/02 19:54:39.0156 3404   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/02 19:54:39.0203 3404   PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/02 19:54:39.0234 3404   ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/02 19:54:39.0265 3404   Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/02 19:54:39.0296 3404   ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/02 19:54:39.0328 3404   ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/02 19:54:39.0375 3404   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/02 19:54:39.0546 3404   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/02 19:54:39.0593 3404   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/02 19:54:39.0625 3404   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/02 19:54:39.0671 3404   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/02 19:54:39.0734 3404   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/02 19:54:39.0765 3404   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/02 19:54:39.0812 3404   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/02 19:54:39.0968 3404   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/02 19:54:40.0171 3404   SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/02 19:54:40.0234 3404   SASENUM         (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/08/02 19:54:40.0531 3404   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/02 19:54:40.0578 3404   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/02 19:54:40.0609 3404   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/02 19:54:40.0687 3404   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/02 19:54:40.0781 3404   sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/02 19:54:40.0890 3404   SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/02 19:54:40.0937 3404   Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/02 19:54:41.0000 3404   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/02 19:54:41.0031 3404   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/02 19:54:41.0109 3404   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/02 19:54:41.0265 3404   StillCam        (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/02 19:54:41.0328 3404   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/02 19:54:41.0375 3404   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/02 19:54:41.0437 3404   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/02 19:54:41.0593 3404   symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/02 19:54:41.0625 3404   symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/02 19:54:41.0656 3404   sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/02 19:54:41.0687 3404   sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/02 19:54:41.0718 3404   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/02 19:54:41.0781 3404   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/02 19:54:41.0843 3404   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/02 19:54:41.0953 3404   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/02 19:54:42.0015 3404   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/02 19:54:42.0093 3404   TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/02 19:54:42.0156 3404   tunmp           (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/08/02 19:54:42.0218 3404   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/02 19:54:42.0328 3404   ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/02 19:54:42.0375 3404   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/02 19:54:42.0453 3404   USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/02 19:54:42.0515 3404   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/02 19:54:42.0640 3404   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/02 19:54:42.0671 3404   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/02 19:54:42.0703 3404   usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/02 19:54:42.0750 3404   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/02 19:54:42.0796 3404   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/02 19:54:42.0937 3404   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/02 19:54:43.0000 3404   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/02 19:54:43.0062 3404   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/02 19:54:43.0125 3404   viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/02 19:54:43.0218 3404   ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/02 19:54:43.0250 3404   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/02 19:54:43.0312 3404   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/02 19:54:43.0375 3404   wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/08/02 19:54:43.0453 3404   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/02 19:54:43.0546 3404   winachsf        (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/02 19:54:43.0781 3404   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/02 19:54:43.0859 3404   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/02 19:54:43.0906 3404   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/02 19:54:44.0031 3404   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/02 19:54:44.0093 3404   MBR (0x1B8)     (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/08/02 19:54:44.0125 3404   MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR7
2011/08/02 19:54:44.0156 3404   MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR8
2011/08/02 19:54:44.0218 3404   Boot (0x1200)   (72e71e11114771e97bff5b79dd29d908) \Device\Harddisk0\DR0\Partition0
2011/08/02 19:54:44.0218 3404   Boot (0x1200)   (2eabbcc2ac034cd289ef98fe530a743e) \Device\Harddisk0\DR0\Partition1
2011/08/02 19:54:44.0250 3404   Boot (0x1200)   (769c1c5f67e55b50d29b7ed4673e6415) \Device\Harddisk5\DR7\Partition0
2011/08/02 19:54:44.0250 3404   Boot (0x1200)   (829340a8de2b1140bb17755c1c723f5b) \Device\Harddisk6\DR8\Partition0
2011/08/02 19:54:44.0265 3404   ================================================================================
2011/08/02 19:54:44.0265 3404   Scan finished
2011/08/02 19:54:44.0265 3404   ================================================================================
2011/08/02 19:54:44.0281 0172   Detected object count: 0
2011/08/02 19:54:44.0281 0172   Actual detected object count: 0
2011/08/02 19:55:20.0406 2916   ================================================================================
2011/08/02 19:55:20.0406 2916   Scan started
2011/08/02 19:55:20.0406 2916   Mode: Manual;
2011/08/02 19:55:20.0406 2916   ================================================================================
2011/08/02 19:55:20.0703 2916   Aavmker4        (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/02 19:55:20.0796 2916   abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/02 19:55:20.0828 2916   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 19:55:20.0875 2916   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/02 19:55:20.0937 2916   adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/02 19:55:21.0015 2916   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 19:55:21.0062 2916   agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/02 19:55:21.0156 2916   agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/02 19:55:21.0187 2916   Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/02 19:55:21.0203 2916   aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/02 19:55:21.0234 2916   aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/02 19:55:21.0437 2916   ALCXWDM         (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/02 19:55:21.0625 2916   AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/02 19:55:21.0671 2916   alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/02 19:55:21.0703 2916   amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/02 19:55:21.0734 2916   amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/02 19:55:21.0765 2916   asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/02 19:55:21.0796 2916   asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/02 19:55:21.0812 2916   asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/02 19:55:21.0859 2916   aswFsBlk        (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/02 19:55:21.0921 2916   aswMon2         (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/02 19:55:21.0953 2916   aswRdr          (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/02 19:55:21.0984 2916   aswSnx          (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/02 19:55:22.0031 2916   aswSP           (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/02 19:55:22.0093 2916   aswTdi          (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/02 19:55:22.0140 2916   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 19:55:22.0296 2916   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 19:55:22.0406 2916   ATICXCAP        (b27b6cc25e81165bb946ded4ec8eea0b) C:\WINDOWS\system32\drivers\aticxcap.sys
2011/08/02 19:55:22.0437 2916   ATICXTUN        (2fd0cdfee26d490b6f8de9a035d522b6) C:\WINDOWS\system32\drivers\aticxtun.sys
2011/08/02 19:55:22.0468 2916   ATICXXBR        (ba877c4698f4477d6a69f9e071337c4b) C:\WINDOWS\system32\drivers\aticxxbr.sys
2011/08/02 19:55:22.0515 2916   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 19:55:22.0703 2916   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 19:55:22.0734 2916   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 19:55:22.0796 2916   BVRPMPR5        (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/08/02 19:55:22.0859 2916   cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/02 19:55:22.0890 2916   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 19:55:22.0937 2916   CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/02 19:55:22.0968 2916   cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/02 19:55:23.0015 2916   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 19:55:23.0171 2916   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 19:55:23.0234 2916   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/02 19:55:23.0312 2916   CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/02 19:55:23.0359 2916   Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/02 19:55:23.0390 2916   dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/02 19:55:23.0421 2916   dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\D

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[JAJsangel]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: B8178000
Module End: B8187000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B2AC2000
Module End: B2ADA000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: B862A000
Module End: B862C000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: B83E8000
Module End: B83F0000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: B8668000
Module End: B866A000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: B2B39202
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: B2B9FD8C
Driver Base: B2B96000
Driver End: B2BE0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwClose
Address: B2B5D6C1
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEvent
Address: B2B3B7F0
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: B2B3B848
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateIoCompletion
Address: B2B3B95E
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: B2B5D075
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: B2B3B746
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSection
Address: B2B3B898
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: B2B3B79A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateTimer
Address: B2B3B90C
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteBootEntry
Address: B2B39226
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey
Address: B2B5DD87
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey
Address: B2B5E03D
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject
Address: B2B3BBE2
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey
Address: B2B5DBF2
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: B2B5DA5D
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: B2B9FE3C
Driver Base: B2B96000
Driver End: B2BE0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver
Address: B2B38FF0
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: B2B3924A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: B2B3BD56
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: B2B39CDA
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: B2B3B820
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: B2B3B870
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenIoCompletion
Address: B2B3B988
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: B2B5D3D1
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: B2B3B772
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: B2B3BA1A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: B2B3B8D8
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: B2B3B7C8
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: B2B3BAFE
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: B2B3B936
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: B2B9FED4
Driver Base: B2B96000
Driver End: B2BE0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: B2B5D8D8
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: B2B39BA0
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: B2B5D72A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwRenameKey
Address: B2BA810E
Driver Base: B2B96000
Driver End: B2BE0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: B2B5C6E8
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootEntryOrder
Address: B2B3926E
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: B2B39292
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemInformation
Address: B2B3904A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: B2B39186
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: B2B5DE8E
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: B2B39162
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSystemDebugControl
Address: B2B391AA
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwVdmControl
Address: B2B392B6
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\System Recovery\I386
Status: Access denied

Object: C:\System Recovery\SYSRST
Status: Access denied

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[JAJsangel]

Uh how do I do that without the internet?

[SuperDave]

Uh how do I do that without the internet?

Sorry. I didn't realize that you still can't connect.

Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:

Code: [Select]

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.

[JAJsangel]

Windows IP Configuration



        Host Name . . . . . . . . . . . . : YOUR-433A10CD72

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 7:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

        Physical Address. . . . . . . . . : 00-40-CA-93-6F-F1

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 10.0.0.1

Server:  UnKnown
Address:  127.0.0.1

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 ca 93 6f f1 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1     1
  255.255.255.255  255.255.255.255  255.255.255.255               2     1
===========================================================================
Persistent Routes:
  None

[SuperDave]

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post. .

[JAJsangel]

MiniToolBox by Farbar
Ran by Owner (administrator) on 04-08-2011 at 20:12:09
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 7"

set address name="Local Area Connection 7" source=dhcp
set dns name="Local Area Connection 7" source=dhcp register=PRIMARY
set wins name="Local Area Connection 7" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : YOUR-433A10CD72

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 7:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

        Physical Address. . . . . . . . . : 00-40-CA-93-6F-F1

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 10.0.0.1

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 ca 93 6f f1 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1     1
  255.255.255.255  255.255.255.255  255.255.255.255               2     1
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/04/2011 01:38:13 AM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.2.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (08/03/2011 09:59:44 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.

Error: (08/03/2011 09:59:41 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.

Error: (08/03/2011 09:53:42 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (08/02/2011 09:38:19 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.2.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (08/02/2011 07:52:44 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.

Error: (08/02/2011 07:52:38 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.

Error: (08/02/2011 07:51:38 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (08/02/2011 11:38:01 AM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.5.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (08/02/2011 11:02:04 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.


System errors:
=============
Error: (08/04/2011 11:24:53 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (08/03/2011 10:44:50 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (08/03/2011 10:44:49 PM) (Source: DCOM) (User: Owner)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (08/03/2011 10:44:20 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (08/03/2011 09:59:44 PM) (Source: DCOM) (User: Owner)
Description: Unable to start a DCOM Server: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}.
The error:
"%%2"
Happened while starting this command:
C:\PROGRA~1\HP\DIGITA~1\bin\hpqgpc01.exe -Embedding

Error: (08/03/2011 09:54:24 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (08/03/2011 09:54:04 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (08/03/2011 09:53:53 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (08/03/2011 09:53:52 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (08/03/2011 09:53:52 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 83%
Total physical RAM: 1502.42 MB
Available physical RAM: 244.28 MB
Total Pagefile: 2696.08 MB
Available Pagefile: 1491.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.93 GB) (Free:96.43 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:4.43 GB) (Free:2.23 GB) FAT32
4 Drive f: () (Removable) (Total:3.72 GB) (Free:3.62 GB) FAT32
5 Drive g: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:134.14 GB) NTFS

========================= Users: ========================================

User accounts for \\YOUR-433A10CD72

Administrator            ASPNET                   Guest                   
HelpAssistant            Owner                    SUPPORT_388945a0         
UpdatusUser             


== End of log ==

[SuperDave]

The ping test shows 2 sent and 2 received. Can you connect to the net now? What browser do you use?

[JAJsangel]

No it still has the same error. I use Firefox.

[SuperDave]

No it still has the same error.

What was that error again?

AVENGER

• Download The Avenger by Swandog46 from here.
  
• Unzip/extract it to a folder on your desktop.
• Double click on avenger.exe to run The Avenger.
  
• Click OK.
  
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  
• Click the Execute button.
  
• You will be asked No script has been entered.  Do you want to execute a rootkit scan only?.
  
• Click Yes.
  
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot.  Reboot now?.
  
• Click Yes.
  
• Your PC will now be rebooted.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  
• Please post this log in your next reply.

[JAJsangel]

"Error 1075: The dependency does not exist or has been marked for deletion"
when I try to start the DHCP client or TCP/IP netbios helper

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished!  Terminate.

[SuperDave]

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

[JAJsangel]

both things were already checked in that tab.

[SuperDave]

Ok. Can you please run the ping test in Reply # 16 and post the log again?

[JAJsangel]

Windows IP Configuration



        Host Name . . . . . . . . . . . . : YOUR-433A10CD72

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 7:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

        Physical Address. . . . . . . . . : 00-40-CA-93-6F-F1

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 10.0.0.1

Server:  UnKnown
Address:  127.0.0.1

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 ca 93 6f f1 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1     1
  255.255.255.255  255.255.255.255  255.255.255.255               2     1
===========================================================================
Persistent Routes:
  None

[SuperDave]

I can't remember if I asked you what browser do you use? Could you please try another browser?

•Please download Dial-A-Fix from one of the following mirrors:

Primary mirror
Secondary mirror

•Extract the zip file to your desktop.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
to continue.

•Press the green double checkmark box (Looks like this:


UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:





•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix
**********************************************
If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

[JAJsangel]

none of those worked and I figured that the other two wouldn't work because the internet works fine just not on that computer.

[SuperDave]

The default gateway is missing on that computer. That's what I'm trying to repair. Please try this:

Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

[JAJsangel]

That didn't work either 

[immental1200]

Edited.

[JAJsangel]

should I post about this in the networking section???

[SuperDave]

should I post about this in the networking section???

You may just as well post it there. I've reached the bottom of my bag of tricks.
If you can succeed in getting connected to the net, please run the ESET scan.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

**************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.