PDA

View Full Version : Click.Giftload and Fraud.Sysguard removal



philipyen
2011-04-28, 04:15
Hi, I've been running Spybot S&D for awhile now and these two keep on coming up but Spybot is never able to remove them. I copied the DDS file and the Spybot report.

Thanks for your help in advance!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ph at 20:55:37.69 on Wed 04/27/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1561 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\rpcnet.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\Ph\Program Files\DNA\btdna.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ph\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMYXS596\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\ph\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent DNA] "c:\users\ph\program files\dna\btdna.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Absolute Notifier] "c:\program files\absolute software\absolute notifier\AbsoluteNotifier.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\ph\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ph\appdata\roaming\mozilla\firefox\profiles\tr89liik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100919231349360&tb_oid=19-09-2010&tb_mrud=19-09-2010&query=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ph\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ph\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\ph\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ph\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\ph\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\ph\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-24 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-27 301528]
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-5 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-27 53592]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-21 20376]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-27 42184]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-12 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2146496]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-25 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-1 24652]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2009-2-5 92288]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2009-2-5 92288]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-17 21744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-9-3 209408]
S4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2008-9-3 92288]
.
=============== Created Last 30 ================
.
2011-04-26 17:23:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 17:23:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 17:22:58 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 05:50:59 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8a4f5d30-31de-4fa4-b33e-78b0f2b28fa8}\mpengine.dll
2011-04-14 07:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 07:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-12 20:09:25 -------- d-----w- c:\users\ph\appdata\roaming\Intel Corporation
2011-04-12 20:03:58 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-04-12 19:39:13 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-04-12 04:31:32 -------- d-----w- C:\League of Legends
.
==================== Find3M ====================
.
2011-04-27 16:41:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-04-27 07:09:43 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-15 20:33:42 34816 ----a-w- c:\windows\system32\identprv.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:58:09.13 ===============





Click.GiftLoad: [SBI $89783858] User settings (Registry value, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-21-4290441962-2539738641-782438600-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

Right Media: Tracking cookie (Internet Explorer: Ph) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-03-25 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-05 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-04-06 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Blade81
2011-05-02, 11:41
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
DNA


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Uninstall the programs listed above (in red). Then post fresh dds logs.

philipyen
2011-05-03, 06:09
I had difficulty deleting BitTorrent initially, but I think I finally got it. Here's the DDS and Attach files.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ph at 23:05:02.39 on Mon 05/02/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1469 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\rpcnet.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\Ph\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\ph\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Turbine Download Manager Tray Icon] "c:\program files\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Absolute Notifier] "c:\program files\absolute software\absolute notifier\AbsoluteNotifier.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\ph\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ph\appdata\roaming\mozilla\firefox\profiles\tr89liik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100919231349360&tb_oid=19-09-2010&tb_mrud=19-09-2010&query=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ph\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ph\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\ph\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ph\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\ph\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\ph\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-24 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-27 301528]
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-5 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-27 53592]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-21 20376]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-27 42184]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-12 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2146496]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-25 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-1 24652]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2009-2-5 92288]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2009-2-5 92288]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-17 21744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-9-3 209408]
S4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2008-9-3 92288]
.
=============== Created Last 30 ================
.
2011-05-03 02:10:20 -------- d-----w- c:\program files\VS Revo Group
2011-04-29 06:05:58 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d5b987ea-f9db-41e6-bd8c-e053d47ca5fc}\mpengine.dll
2011-04-26 17:23:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 17:23:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 17:22:58 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-14 07:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 07:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-12 20:09:25 -------- d-----w- c:\users\ph\appdata\roaming\Intel Corporation
2011-04-12 20:03:58 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-04-12 19:39:13 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-04-12 04:31:32 -------- d-----w- C:\League of Legends
.
==================== Find3M ====================
.
2011-05-03 02:17:17 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-05-03 02:17:15 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-15 20:33:42 34816 ----a-w- c:\windows\system32\identprv.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:07:21.07 ===============

Blade81
2011-05-03, 07:56
Hi,

Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

philipyen
2011-05-04, 08:34
Here is the aswMBR scan. Thanks!

Blade81
2011-05-04, 08:36
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

philipyen
2011-05-09, 08:29
I ran ComboFix as instructed. It seemed to work fine and I got the message saying the log would be on my C: drive. However, after ComboFix closed I have been unable to open/run any applications. Anytime I try, I get the error "Illegal operation attempted on a registry key that has been marked for deletion." As a result, I am unable to use my PC at this time (this is being sent from my smartphone). Please respond with further instructions as soon as possible.

Blade81
2011-05-09, 08:31
Hi,

Reboot the system and then try to run DDS again.

philipyen
2011-05-09, 08:54
Hi,

After the reboot, all my applications seem to be working normally again. I have included the ComboFix Log, DDS Log, and attached the Attach.zip file.

ComboFix Log
ComboFix 11-05-08.02 - Ph 05/09/2011 0:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2055 [GMT -4:00]
Running from: c:\users\Ph\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5744\Downloads\162088e9-0b41-471a-947d-e6bfb7774266.dll
c:\programdata\PCDr\5744\Downloads\295a87df-c8df-47c1-8928-31d3bc55eae3.dll
c:\programdata\PCDr\5744\Downloads\3060b7ae-c612-4b71-be9a-0721727ba831.dll
c:\programdata\PCDr\5744\Downloads\3abc4f65-3752-4824-83cd-674c30d9f41c.dll
c:\programdata\PCDr\5744\Downloads\4128ef4c-5308-415e-947b-b523a115be2d.dll
c:\programdata\PCDr\5744\Downloads\4b07fd4d-6cb2-4166-8e08-7e3d0fb96a24.dll
c:\programdata\PCDr\5744\Downloads\654e4133-96c6-421b-9240-26a29538de3f.dll
c:\users\Ph\AppData\Roaming\Install.dat
c:\users\Ph\g2mdlhlpx.exe
.
Infected copy of c:\windows\System32\autochk.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 04:58 . 2011-05-09 05:05 -------- d-----w- c:\users\Ph\AppData\Local\temp
2011-05-09 04:58 . 2011-05-09 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 06:07 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F4F1242-F4CD-4F0E-800F-A78A8C3EF80F}\mpengine.dll
2011-05-03 02:10 . 2011-05-03 02:10 -------- d-----w- c:\program files\VS Revo Group
2011-04-26 17:23 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 17:23 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 17:22 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-25 18:25 . 2011-04-25 18:26 -------- d-----w- c:\program files\ERUNT
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-12 20:09 . 2011-04-12 20:09 -------- d-----w- c:\users\Ph\AppData\Roaming\Intel Corporation
2011-04-12 20:03 . 2006-11-02 11:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-04-12 19:39 . 2010-11-06 03:39 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-04-12 19:39 . 2011-04-12 19:39 -------- d-----w- c:\users\Ph\AppData\Roaming\InstallShield
2011-04-12 04:31 . 2011-04-12 21:02 -------- d-----w- C:\League of Legends
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 05:03 . 2009-02-05 21:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-05-09 05:03 . 2008-09-09 21:14 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-18 17:25 . 2010-10-28 15:27 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-05-28 02:22 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2011-02-24 22:50 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:17 . 2010-05-28 02:22 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-05-28 02:22 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-05-28 02:22 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-05-28 02:22 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:12 . 2010-05-28 02:22 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-18 10:23 . 2010-02-19 16:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-05 17:33 . 2011-04-05 17:33 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-05 17:33 . 2011-04-05 17:33 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-05 17:33 . 2011-04-05 17:33 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-05 17:33 . 2011-04-05 17:33 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-05 17:33 . 2011-04-05 17:33 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-05 17:33 . 2011-04-05 17:33 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-05 17:33 . 2011-04-05 17:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-05 17:33 . 2011-04-05 17:33 367104 ----a-w- c:\windows\system32\html.iec
2011-04-05 17:33 . 2011-04-05 17:33 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-05 17:33 . 2011-04-05 17:33 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-05 17:33 . 2011-04-05 17:33 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-05 17:33 . 2011-04-05 17:33 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-05 17:33 . 2011-04-05 17:33 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-05 17:33 . 2011-04-05 17:33 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-05 17:33 . 2011-04-05 17:33 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-05 17:33 . 2011-04-05 17:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-05 17:33 . 2011-04-05 17:33 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-05 17:33 . 2011-04-05 17:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-05 17:33 . 2011-04-05 17:33 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-05 17:33 . 2011-04-05 17:33 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-05 17:33 . 2011-04-05 17:33 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-03 15:40 . 2011-04-26 17:23 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-26 17:23 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-26 17:23 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-26 17:23 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 00:25 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:25 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:25 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-15 20:33 . 2010-08-20 19:22 34816 ----a-w- c:\windows\system32\identprv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-04-13 331851]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-30 202256]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Absolute Notifier"="c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-12-09 421888]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 279144]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-04-18 3460784]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Ph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-8 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-11 813584]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-03 04:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mferkdk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:14]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 06:21]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 06:21]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4290441962-2539738641-782438600-1000Core.job
- c:\users\Ph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-25 20:47]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4290441962-2539738641-782438600-1000UA.job
- c:\users\Ph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-25 20:47]
.
2011-04-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-05-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ph\AppData\Roaming\Mozilla\Firefox\Profiles\tr89liik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100919231349360&tb_oid=19-09-2010&tb_mrud=19-09-2010&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Ph\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-ExtegrityExam40 - c:\program files\Extegrity\Exam4\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 01:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4290441962-2539738641-782438600-1000\Software\SecuROM\License information*]
"datasecu"=hex:3b,2b,3b,40,ad,6d,54,20,6c,27,68,b1,10,77,8f,88,27,56,c8,5f,99,
41,02,53,fa,a3,06,41,7b,6b,3d,3a,6b,aa,c1,87,45,89,98,41,2e,1e,87,90,71,9e,\
"rkeysecu"=hex:e1,be,6d,c0,14,df,18,d1,e7,97,a0,6a,c9,26,93,ef
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(13980)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\rpcnet.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-05-09 01:17:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-09 05:16
.
Pre-Run: 22,919,827,456 bytes free
Post-Run: 23,002,185,728 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 35186A4936A9E52D4292C815F6E6825B

DDS Log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ph at 1:42:51.75 on Mon 05/09/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1506 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\rpcnet.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Ph\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Absolute Notifier] "c:\program files\absolute software\absolute notifier\AbsoluteNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\ph\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ph\appdata\roaming\mozilla\firefox\profiles\tr89liik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100919231349360&tb_oid=19-09-2010&tb_mrud=19-09-2010&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\ph\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-27 307288]
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-5 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-27 53592]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-21 20376]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-27 42184]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-12 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2146496]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-25 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-1 24652]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2009-2-5 92288]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2009-2-5 92288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-17 21744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-9-3 209408]
S4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2008-9-3 92288]
.
=============== Created Last 30 ================
.
2011-05-09 05:17:08 -------- d-----w- c:\users\ph\appdata\local\temp
2011-05-09 05:14:29 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-09 04:45:34 98816 ----a-w- c:\windows\sed.exe
2011-05-09 04:45:34 89088 ----a-w- c:\windows\MBR.exe
2011-05-09 04:45:34 256512 ----a-w- c:\windows\PEV.exe
2011-05-09 04:45:34 161792 ----a-w- c:\windows\SWREG.exe
2011-05-06 06:07:27 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7f4f1242-f4cd-4f0e-800f-a78a8c3ef80f}\mpengine.dll
2011-05-03 02:10:20 -------- d-----w- c:\program files\VS Revo Group
2011-04-26 17:23:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 17:23:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 17:22:58 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-14 07:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 07:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-12 20:09:25 -------- d-----w- c:\users\ph\appdata\roaming\Intel Corporation
2011-04-12 20:03:58 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-04-12 19:39:13 354840 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-04-12 04:31:32 -------- d-----w- C:\League of Legends
2011-04-09 22:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
.
==================== Find3M ====================
.
2011-05-09 05:36:49 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-05-09 05:36:47 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-18 17:25:12 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-15 20:33:42 34816 ----a-w- c:\windows\system32\identprv.dll
.
============= FINISH: 1:48:46.40 ===============

Blade81
2011-05-09, 16:04
Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

philipyen
2011-05-09, 20:50
2011/05/09 13:49:04.0021 9000 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/09 13:49:04.0419 9000 ================================================================================
2011/05/09 13:49:04.0419 9000 SystemInfo:
2011/05/09 13:49:04.0419 9000
2011/05/09 13:49:04.0419 9000 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/09 13:49:04.0419 9000 Product type: Workstation
2011/05/09 13:49:04.0419 9000 ComputerName: PHILIP-PC
2011/05/09 13:49:04.0419 9000 UserName: Ph
2011/05/09 13:49:04.0420 9000 Windows directory: C:\Windows
2011/05/09 13:49:04.0420 9000 System windows directory: C:\Windows
2011/05/09 13:49:04.0420 9000 Processor architecture: Intel x86
2011/05/09 13:49:04.0420 9000 Number of processors: 2
2011/05/09 13:49:04.0420 9000 Page size: 0x1000
2011/05/09 13:49:04.0420 9000 Boot type: Normal boot
2011/05/09 13:49:04.0420 9000 ================================================================================
2011/05/09 13:49:04.0898 9000 Initialize success
2011/05/09 13:49:14.0684 5924 ================================================================================
2011/05/09 13:49:14.0684 5924 Scan started
2011/05/09 13:49:14.0684 5924 Mode: Manual;
2011/05/09 13:49:14.0684 5924 ================================================================================
2011/05/09 13:49:16.0531 5924 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/09 13:49:16.0662 5924 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/09 13:49:16.0706 5924 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/09 13:49:16.0737 5924 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/09 13:49:16.0777 5924 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/09 13:49:16.0874 5924 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/09 13:49:16.0909 5924 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/09 13:49:16.0952 5924 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/09 13:49:16.0991 5924 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/09 13:49:17.0017 5924 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/09 13:49:17.0047 5924 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/09 13:49:17.0082 5924 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/09 13:49:17.0118 5924 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/09 13:49:17.0162 5924 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/05/09 13:49:17.0250 5924 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/09 13:49:17.0316 5924 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/09 13:49:17.0398 5924 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/09 13:49:17.0425 5924 aswMonFlt (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/09 13:49:17.0445 5924 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
2011/05/09 13:49:17.0601 5924 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
2011/05/09 13:49:17.0690 5924 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
2011/05/09 13:49:17.0756 5924 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
2011/05/09 13:49:17.0821 5924 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/09 13:49:17.0858 5924 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/09 13:49:17.0946 5924 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/09 13:49:18.0015 5924 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/09 13:49:18.0080 5924 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/09 13:49:18.0147 5924 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/09 13:49:18.0173 5924 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/09 13:49:18.0211 5924 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/09 13:49:18.0247 5924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/09 13:49:18.0278 5924 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/09 13:49:18.0306 5924 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/09 13:49:18.0346 5924 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/09 13:49:18.0384 5924 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/09 13:49:18.0430 5924 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/09 13:49:18.0467 5924 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/09 13:49:18.0529 5924 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/09 13:49:18.0615 5924 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/09 13:49:18.0665 5924 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/09 13:49:18.0704 5924 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/09 13:49:18.0749 5924 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/09 13:49:18.0861 5924 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/09 13:49:18.0891 5924 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/09 13:49:18.0920 5924 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/09 13:49:18.0939 5924 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/09 13:49:19.0012 5924 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/09 13:49:19.0071 5924 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/09 13:49:19.0168 5924 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/09 13:49:19.0249 5924 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/09 13:49:19.0287 5924 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/09 13:49:19.0334 5924 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/09 13:49:19.0409 5924 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/09 13:49:19.0459 5924 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/09 13:49:19.0499 5924 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/09 13:49:19.0607 5924 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/09 13:49:19.0654 5924 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/09 13:49:19.0708 5924 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/09 13:49:19.0751 5924 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/09 13:49:19.0784 5924 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/09 13:49:19.0848 5924 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/09 13:49:19.0886 5924 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/09 13:49:19.0932 5924 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/09 13:49:19.0965 5924 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/09 13:49:20.0093 5924 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/09 13:49:20.0153 5924 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/09 13:49:20.0186 5924 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/09 13:49:20.0211 5924 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/09 13:49:20.0289 5924 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/09 13:49:20.0321 5924 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/09 13:49:20.0361 5924 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/09 13:49:20.0390 5924 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/09 13:49:20.0459 5924 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/09 13:49:20.0581 5924 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys
2011/05/09 13:49:20.0640 5924 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\drivers\iastor.sys
2011/05/09 13:49:20.0718 5924 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/09 13:49:20.0760 5924 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/09 13:49:20.0792 5924 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/09 13:49:20.0817 5924 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/09 13:49:20.0882 5924 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/09 13:49:20.0933 5924 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/09 13:49:20.0963 5924 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/09 13:49:20.0987 5924 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/09 13:49:21.0020 5924 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/09 13:49:21.0067 5924 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/09 13:49:21.0106 5924 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/09 13:49:21.0137 5924 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/09 13:49:21.0232 5924 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/09 13:49:21.0275 5924 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/09 13:49:21.0394 5924 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/09 13:49:21.0569 5924 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/05/09 13:49:21.0667 5924 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/05/09 13:49:21.0718 5924 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/09 13:49:21.0782 5924 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/09 13:49:21.0832 5924 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/09 13:49:21.0864 5924 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/09 13:49:21.0895 5924 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/09 13:49:21.0928 5924 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/09 13:49:21.0960 5924 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/09 13:49:22.0011 5924 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/05/09 13:49:22.0133 5924 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/05/09 13:49:22.0307 5924 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/05/09 13:49:22.0378 5924 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/09 13:49:22.0474 5924 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/09 13:49:22.0570 5924 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/09 13:49:22.0617 5924 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/09 13:49:22.0695 5924 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/09 13:49:22.0714 5924 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/09 13:49:22.0739 5924 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/09 13:49:22.0762 5924 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/09 13:49:22.0826 5924 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/09 13:49:22.0854 5924 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/09 13:49:22.0888 5924 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/09 13:49:22.0919 5924 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/09 13:49:22.0986 5924 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/09 13:49:23.0058 5924 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/09 13:49:23.0087 5924 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/09 13:49:23.0122 5924 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/09 13:49:23.0146 5924 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/09 13:49:23.0187 5924 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/09 13:49:23.0204 5924 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/09 13:49:23.0288 5924 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/09 13:49:23.0310 5924 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/09 13:49:23.0330 5924 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/09 13:49:23.0368 5924 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/09 13:49:23.0398 5924 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/09 13:49:23.0423 5924 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/09 13:49:23.0447 5924 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/09 13:49:23.0580 5924 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/09 13:49:23.0698 5924 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/09 13:49:23.0750 5924 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/09 13:49:23.0770 5924 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/09 13:49:23.0803 5924 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/09 13:49:23.0837 5924 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/09 13:49:23.0862 5924 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/09 13:49:23.0910 5924 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/09 13:49:24.0103 5924 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/05/09 13:49:24.0305 5924 NETw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/09 13:49:24.0409 5924 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/09 13:49:24.0523 5924 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/09 13:49:24.0543 5924 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/09 13:49:24.0602 5924 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/09 13:49:24.0651 5924 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/09 13:49:24.0668 5924 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/09 13:49:24.0944 5924 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/09 13:49:25.0143 5924 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/09 13:49:25.0181 5924 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/09 13:49:25.0221 5924 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/09 13:49:25.0272 5924 NWADI (9edf6fd48a9eb4afdf225eb9c5111df6) C:\Windows\system32\drivers\nwadienum.sys
2011/05/09 13:49:25.0317 5924 NWDellModem (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\DRIVERS\nwdelmdm.sys
2011/05/09 13:49:25.0339 5924 NWDellPort (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\DRIVERS\nwdelser.sys
2011/05/09 13:49:25.0378 5924 NWDellPort2 (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\drivers\nwdelser2.sys
2011/05/09 13:49:25.0453 5924 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/05/09 13:49:25.0472 5924 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/05/09 13:49:25.0544 5924 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/09 13:49:25.0580 5924 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/09 13:49:25.0626 5924 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/09 13:49:25.0652 5924 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/09 13:49:25.0689 5924 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2011/05/09 13:49:25.0790 5924 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/05/09 13:49:25.0822 5924 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/09 13:49:25.0844 5924 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/09 13:49:25.0873 5924 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/09 13:49:25.0961 5924 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/09 13:49:26.0046 5924 pnarp (3de33bce4a930edf57bd1f742823bcd8) C:\Windows\system32\DRIVERS\pnarp.sys
2011/05/09 13:49:26.0099 5924 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/09 13:49:26.0150 5924 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/09 13:49:26.0197 5924 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/09 13:49:26.0259 5924 purendis (53efa6066e7ffaa1ad91c7fb40ffd2ec) C:\Windows\system32\DRIVERS\purendis.sys
2011/05/09 13:49:26.0312 5924 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/09 13:49:26.0390 5924 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/09 13:49:26.0445 5924 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/09 13:49:26.0476 5924 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/09 13:49:26.0552 5924 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/09 13:49:26.0606 5924 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/09 13:49:26.0666 5924 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/09 13:49:26.0705 5924 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/09 13:49:26.0758 5924 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/09 13:49:26.0801 5924 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/09 13:49:26.0850 5924 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/09 13:49:26.0871 5924 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/09 13:49:26.0917 5924 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/09 13:49:26.0962 5924 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/09 13:49:27.0046 5924 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/09 13:49:27.0113 5924 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/09 13:49:27.0146 5924 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/09 13:49:27.0196 5924 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/09 13:49:27.0231 5924 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/09 13:49:27.0280 5924 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/09 13:49:27.0303 5924 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/09 13:49:27.0337 5924 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/09 13:49:27.0364 5924 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/09 13:49:27.0387 5924 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/09 13:49:27.0424 5924 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/09 13:49:27.0449 5924 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/09 13:49:27.0472 5924 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/09 13:49:27.0551 5924 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/09 13:49:27.0591 5924 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/09 13:49:27.0634 5924 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/09 13:49:27.0665 5924 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/09 13:49:27.0710 5924 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/09 13:49:27.0744 5924 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/09 13:49:27.0828 5924 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/09 13:49:27.0863 5924 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/09 13:49:27.0896 5924 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/09 13:49:28.0016 5924 STHDA (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys
2011/05/09 13:49:28.0093 5924 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/09 13:49:28.0127 5924 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/09 13:49:28.0153 5924 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/09 13:49:28.0177 5924 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/09 13:49:28.0254 5924 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/09 13:49:28.0321 5924 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/09 13:49:28.0374 5924 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/09 13:49:28.0460 5924 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
2011/05/09 13:49:28.0497 5924 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/09 13:49:28.0532 5924 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/09 13:49:28.0582 5924 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/09 13:49:28.0618 5924 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/09 13:49:28.0686 5924 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/09 13:49:28.0713 5924 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/09 13:49:28.0756 5924 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/09 13:49:28.0785 5924 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/09 13:49:28.0820 5924 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/09 13:49:28.0860 5924 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/09 13:49:28.0901 5924 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/09 13:49:28.0946 5924 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/09 13:49:28.0984 5924 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/09 13:49:29.0017 5924 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/09 13:49:29.0048 5924 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/09 13:49:29.0076 5924 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/09 13:49:29.0149 5924 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/09 13:49:29.0184 5924 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/09 13:49:29.0218 5924 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/09 13:49:29.0265 5924 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/09 13:49:29.0346 5924 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/09 13:49:29.0384 5924 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/09 13:49:29.0426 5924 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/09 13:49:29.0500 5924 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/09 13:49:29.0547 5924 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/09 13:49:29.0611 5924 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/09 13:49:29.0647 5924 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/09 13:49:29.0677 5924 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/09 13:49:29.0715 5924 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/09 13:49:29.0745 5924 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/09 13:49:29.0783 5924 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/09 13:49:29.0821 5924 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/09 13:49:29.0862 5924 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/09 13:49:29.0888 5924 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 13:49:29.0898 5924 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 13:49:29.0947 5924 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/09 13:49:29.0979 5924 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/09 13:49:30.0057 5924 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/09 13:49:30.0139 5924 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/09 13:49:30.0172 5924 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/09 13:49:30.0248 5924 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/09 13:49:30.0290 5924 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/09 13:49:30.0345 5924 ================================================================================
2011/05/09 13:49:30.0345 5924 Scan finished
2011/05/09 13:49:30.0345 5924 ================================================================================

Blade81
2011-05-10, 07:31
Hi again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:



DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 25 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

philipyen
2011-05-16, 05:16
ESET scan didn't detect anything. It didn't let me copy and paste the report, but it just listed the number of files scanned, etc. Below are the ComboFix and DDS logs.

ComboFix Log
ComboFix 11-05-15.03 - Ph 05/15/2011 17:29:52.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1854 [GMT -4:00]
Running from: c:\users\Ph\Desktop\ComboFix.exe
Command switches used :: c:\users\Ph\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5744\Downloads\09c89f7c-3785-4562-bfa2-0294dad219cb.dll
c:\programdata\PCDr\5744\Downloads\211f2e06-18cf-4b15-8d16-613c14340779.dll
c:\programdata\PCDr\5744\Downloads\295a87df-c8df-47c1-8928-31d3bc55eae3.dll
c:\programdata\PCDr\5744\Downloads\7cfc7ddb-2ff0-41ad-a5d7-3e2c7c6da278.dll
c:\programdata\PCDr\5744\Downloads\9f7cb229-6226-4846-9375-1b73ad107c4e.dll
c:\programdata\PCDr\5744\Downloads\aad4193c-5f11-4479-83a6-e739206cb375.dll
c:\programdata\PCDr\5744\Downloads\ccb2bb33-3a38-4a93-93e7-871d4d9be0b6.dll
c:\programdata\PCDr\5744\Downloads\d57ca607-df9e-42be-b6e5-f975ebf2105b.dll
c:\programdata\PCDr\5744\Downloads\db49fe36-7c40-41f5-b9c1-5a7c3297c269.dll
c:\programdata\PCDr\5744\Downloads\e3d50fea-9128-4ef0-9ea5-b4d74186612f.dll
c:\programdata\PCDr\5744\Downloads\e87994e7-694e-4058-a64a-df23fd76e4df.dll
c:\tdsskiller\tdsskiller.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
.
.
2011-05-15 21:39 . 2011-05-15 21:43 -------- d-----w- c:\users\Ph\AppData\Local\temp
2011-05-15 21:39 . 2011-05-15 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-15 21:11 . 2011-05-15 21:12 -------- d-----w- c:\programdata\Skype Extras
2011-05-15 21:10 . 2011-05-15 21:10 -------- d-----w- c:\program files\Common Files\Skype
2011-05-13 05:53 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB7936B-75B0-4039-B4E2-04DDFF159AA7}\mpengine.dll
2011-05-11 01:28 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-09 17:35 . 2011-05-15 21:38 -------- d-----w- C:\tdsskiller
2011-05-09 07:56 . 2011-05-09 07:56 -------- d-----w- c:\program files\Atari
2011-05-03 02:10 . 2011-05-03 02:10 -------- d-----w- c:\program files\VS Revo Group
2011-04-26 17:23 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 17:23 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 17:22 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-25 18:25 . 2011-04-25 18:26 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 21:41 . 2009-02-05 21:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-05-15 21:41 . 2008-09-09 21:14 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-18 17:25 . 2010-10-28 15:27 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-05-28 02:22 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2011-02-24 22:50 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:17 . 2010-05-28 02:22 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-05-28 02:22 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-05-28 02:22 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-05-28 02:22 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:12 . 2010-05-28 02:22 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-18 10:23 . 2010-02-19 16:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-05 17:33 . 2011-04-05 17:33 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-05 17:33 . 2011-04-05 17:33 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-05 17:33 . 2011-04-05 17:33 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-05 17:33 . 2011-04-05 17:33 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-05 17:33 . 2011-04-05 17:33 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-05 17:33 . 2011-04-05 17:33 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-05 17:33 . 2011-04-05 17:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-05 17:33 . 2011-04-05 17:33 367104 ----a-w- c:\windows\system32\html.iec
2011-04-05 17:33 . 2011-04-05 17:33 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-05 17:33 . 2011-04-05 17:33 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-05 17:33 . 2011-04-05 17:33 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-05 17:33 . 2011-04-05 17:33 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-05 17:33 . 2011-04-05 17:33 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-05 17:33 . 2011-04-05 17:33 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-05 17:33 . 2011-04-05 17:33 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-05 17:33 . 2011-04-05 17:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-05 17:33 . 2011-04-05 17:33 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-05 17:33 . 2011-04-05 17:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-05 17:33 . 2011-04-05 17:33 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-05 17:33 . 2011-04-05 17:33 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-05 17:33 . 2011-04-05 17:33 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-10 17:03 . 2011-04-14 12:30 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 12:30 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 12:30 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-26 17:23 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-26 17:23 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-26 17:23 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-26 17:23 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-14 12:30 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 12:30 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13 . 2011-03-23 00:25 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:25 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:25 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24 . 2011-04-14 12:30 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-14 12:30 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-14 12:30 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-14 12:30 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-18 14:03 . 2011-04-14 12:30 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-18 14:03 . 2011-04-14 12:30 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-18 14:03 . 2011-04-14 12:30 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-16 16:16 . 2011-04-14 12:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02 . 2011-04-14 12:30 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-15 20:33 . 2010-08-20 19:22 34816 ----a-w- c:\windows\system32\identprv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-04-13 331851]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-30 202256]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Absolute Notifier"="c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-12-09 421888]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 279144]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-04-18 3460784]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Ph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-8 0]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-11 813584]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-03 04:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
R4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2007-12-06 92288]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-12-06 92288]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-12-06 92288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mferkdk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:14]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 06:21]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 06:21]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4290441962-2539738641-782438600-1000Core.job
- c:\users\Ph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-25 20:47]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4290441962-2539738641-782438600-1000UA.job
- c:\users\Ph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-25 20:47]
.
2011-04-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-05-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ph\AppData\Roaming\Mozilla\Firefox\Profiles\tr89liik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100919231349360&tb_oid=19-09-2010&tb_mrud=19-09-2010&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Ph\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4290441962-2539738641-782438600-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,2e,61,a3,2d,b4,8d,fb,a0,57,d0,26,4b,b5,c6,e5,a1,63,8c,5c,59,
33,a4,2b,df,f7,a4,97,21,7a,09,c0,80,76,d1,80,06,8d,1d,e6,08,53,50,c7,45,65,\
"rkeysecu"=hex:1b,24,40,77,9e,71,0f,23,90,f9,a1,33,51,27,00,96
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(12264)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\rpcnet.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-15 17:53:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-15 21:53
ComboFix2.txt 2011-05-09 05:17
.
Pre-Run: 24,855,953,408 bytes free
Post-Run: 24,633,593,856 bytes free
.
- - End Of File - - 3AEBF0B71D740B84C22B0B01E3941292

DDS Log
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ph at 22:10:44.27 on Sun 05/15/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.1623 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\rpcnet.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ph\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WerCon.exe
C:\Users\Ph\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Absolute Notifier] "c:\program files\absolute software\absolute notifier\AbsoluteNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\ph\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\ph\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ph\appdata\roaming\mozilla\firefox\profiles\tr89liik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100919231349360&tb_oid=19-09-2010&tb_mrud=19-09-2010&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\ph\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-6 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-27 307288]
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-5 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-27 53592]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-21 20376]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-27 42184]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-4-12 13336]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-25 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-1 24652]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2009-2-5 92288]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2009-2-5 92288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2146496]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-17 21744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-9-3 209408]
S4 NWDellPort2;Dell Wireless Mobile Broadband Status2 Port Driver;c:\windows\system32\drivers\nwdelser2.sys [2008-9-3 92288]
.
=============== Created Last 30 ================
.
2011-05-15 22:10:31 -------- d-----w- c:\program files\ESET
2011-05-15 21:53:32 -------- d-----w- c:\users\ph\appdata\local\temp
2011-05-15 21:43:06 -------- d-----w- C:\$RECYCLE.BIN
2011-05-15 21:11:11 -------- d-----w- c:\progra~2\Skype Extras
2011-05-13 05:53:25 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6ab7936b-75b0-4039-b4e2-04ddff159aa7}\mpengine.dll
2011-05-11 01:28:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-09 17:35:37 -------- d-----w- C:\tdsskiller
2011-05-09 07:56:30 -------- d-----w- c:\program files\Atari
2011-05-09 04:45:34 98816 ----a-w- c:\windows\sed.exe
2011-05-09 04:45:34 89088 ----a-w- c:\windows\MBR.exe
2011-05-09 04:45:34 256512 ----a-w- c:\windows\PEV.exe
2011-05-09 04:45:34 161792 ----a-w- c:\windows\SWREG.exe
2011-05-03 02:10:20 -------- d-----w- c:\program files\VS Revo Group
2011-04-26 17:23:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-26 17:23:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 17:22:58 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
==================== Find3M ====================
.
2011-05-16 02:09:53 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-05-15 22:06:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-15 21:41:56 57752 ----a-w- c:\windows\system32\rpcnet.dll
2011-04-18 17:25:12 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-09 22:55:44 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 22:55:42 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-15 20:33:42 34816 ----a-w- c:\windows\system32\identprv.dll
.
============= FINISH: 22:13:20.29 ===============

Blade81
2011-05-16, 10:54
Good. How's the system running now?

philipyen
2011-05-17, 20:09
Well, the system is running fine but it has been from the beginning. My main concern was just eliminating the two malware that Spybot identified but could not remove. I just ran Spybot again and Fraud.Sysguard is no longer there but Click.Giftload is still showing up unfortunately.

Blade81
2011-05-18, 07:49
Hi,

Let Spybot fix the entry and reboot the system. See if the item is still detected.

Blade81
2011-05-25, 16:07
What's the status with this case?

Blade81
2011-05-31, 20:09
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.