malware: kbiwkm, uacbbr. unable to remove

A

Anders61

New member
I have read the posting rules but I am unfortunately able to post an audit report due to malware infection. I cannot Run Spybot or anyother virus cleaner. I had been able to run drweb where it detected uacbbr.dll but could not remove it. It also seemed to find kbiwkm... but skipped over it or could not identify it at that time. I am now in safemode after a rebot that now locked me out of internet access and most all application are running with errors.....

I found that Sedward (http://forums.spybot.info/showthread.php?t=51174&page=3&) case seems to be very similar to my current situation. I believe Blade81 found a solution for cleaning sedwicks machine.

I would greatly appreciate your help!!!
 
Last edited by a moderator:
Am out of safemode after running GMER and disabling both:
UACyvyjhniyyj & kbiwkmubfdcdqp also removed all sign of them in the C:\WINDOWS\system32\

disabling caused .exe errors and have a winlogon.exe issue

I need some security expert support on this one.

thanks,

:rockon:

GMER log now is :

**************************************
GMER 1.0.15.15077 [4x49o2xr.exe] - http://www.gmer.net
Rootkit scan 2009-09-09 19:27:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT F8B46716 ZwCreateKey
SSDT F8B4670C ZwCreateThread
SSDT F8B4671B ZwDeleteKey
SSDT F8B46725 ZwDeleteValueKey
SSDT F8B4672A ZwLoadKey
SSDT F8B466F8 ZwOpenProcess
SSDT F8B466FD ZwOpenThread
SSDT F8B46734 ZwReplaceKey
SSDT F8B4672F ZwRestoreKey
SSDT F8B46720 ZwSetValueKey
SSDT F8B46707 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] image checksum mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll
.data C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe unknown last section [0x00404000, 0x26ACC, 0xC0000040]
? C:\DOCUME~1\Dave\LOCALS~1\Temp\winlogon.exe[476] C:\DOCUME~1\Dave\LOCALS~1\Temp\winlogon.exe The system cannot find the file specified.
? C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] image checksum mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll
.data C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe unknown last section [0x00404000, 0x26ACC, 0xC0000040]
? C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] image checksum mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll
.data C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe unknown last section [0x00404000, 0x26ACC, 0xC0000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!VirtualProtect] FFFFFEDC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetOEMCP] 8B0852FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetWindowsDirectoryW] FFFEE895
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!InterlockedIncrement] FF128BFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CreateFileA] FFFEE8B5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetCurrentThreadId] 0852FFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetVersion] FEF4958B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindFirstFileA] 128BFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetStartupInfoA] FEF4B5FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetCurrentProcessId] 52FFFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetModuleHandleA] 94858B08
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetLocaleInfoA] C9FFFFFE
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GlobalFree] 550008C2
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!SetStdHandle] C483EC8B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!TlsFree] C045C7C0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!InterlockedExchange] 00000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WriteFile] 00F845C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!LoadLibraryA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetACP] 50F8458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CreateDirectoryW] FF0C75FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindNextFileW] 7D833452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!SetConsoleCP] 840F00F8
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WideCharToMultiByte] 00F445C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!lstrcmpiW] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WaitForSingleObject] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!DisableThreadLibraryCalls] 50F4458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!Sleep] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!ExitProcess] 7D832452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CompareStringW] 840F00F4
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindResourceExW] 000000F1
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!VirtualAlloc] 14DC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetTickCount] E9000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetSystemTimeAsFileTime] 000000D5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!IsDebuggerPresent] E8F475FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!LoadResource] 00002B84
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetModuleFileNameW] E850CC45
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!lstrlenA] CC45C766
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindClose] 458B0003
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!TranslateMessage] 00F045C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetWindowLongA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!DialogBoxParamA] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!DispatchMessageW] 50F0458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!GetSysColorBrush] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!IsDlgButtonChecked] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetForegroundWindow] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!GetWindowTextW] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!RedrawWindow] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetScrollInfo] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!IsDialogMessageA] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!MessageBoxA] 7D832C52
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!InvalidateRect] 7E7400F0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!EnableWindow] 7A75C00B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetRect] 00EC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!wcsrchr] 128BF055
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_vsnwprintf] 50EC458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_cexit] 4098E868
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!memcpy] F075FF00
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!??1type_info@@UAE@XZ] 7D8312FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_lock] 4F7400EC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!VirtualProtect] FFFFFEDC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetOEMCP] 8B0852FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetWindowsDirectoryW] FFFEE895
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!InterlockedIncrement] FF128BFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CreateFileA] FFFEE8B5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetCurrentThreadId] 0852FFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetVersion] FEF4958B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindFirstFileA] 128BFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetStartupInfoA] FEF4B5FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetCurrentProcessId] 52FFFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetModuleHandleA] 94858B08
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetLocaleInfoA] C9FFFFFE
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GlobalFree] 550008C2
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!SetStdHandle] C483EC8B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!TlsFree] C045C7C0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!InterlockedExchange] 00000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WriteFile] 00F845C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!LoadLibraryA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetACP] 50F8458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CreateDirectoryW] FF0C75FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindNextFileW] 7D833452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!SetConsoleCP] 840F00F8
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WideCharToMultiByte] 00F445C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!lstrcmpiW] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WaitForSingleObject] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!DisableThreadLibraryCalls] 50F4458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!Sleep] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!ExitProcess] 7D832452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CompareStringW] 840F00F4
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindResourceExW] 000000F1
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!VirtualAlloc] 14DC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetTickCount] E9000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetSystemTimeAsFileTime] 000000D5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!IsDebuggerPresent] E8F475FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!LoadResource] 00002B84
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetModuleFileNameW] E850CC45
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!lstrlenA] CC45C766
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindClose] 458B0003
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!TranslateMessage] 00F045C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetWindowLongA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!DialogBoxParamA] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!DispatchMessageW] 50F0458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!GetSysColorBrush] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!IsDlgButtonChecked] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetForegroundWindow] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!GetWindowTextW] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!RedrawWindow] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetScrollInfo] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!IsDialogMessageA] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!MessageBoxA] 7D832C52
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!InvalidateRect] 7E7400F0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!EnableWindow] 7A75C00B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetRect] 00EC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!wcsrchr] 128BF055
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_vsnwprintf] 50EC458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_cexit] 4098E868
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!memcpy] F075FF00
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!??1type_info@@UAE@XZ] 7D8312FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_lock] 4F7400EC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!VirtualProtect] FFFFFEDC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetOEMCP] 8B0852FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetWindowsDirectoryW] FFFEE895
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!InterlockedIncrement] FF128BFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!CreateFileA] FFFEE8B5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetCurrentThreadId] 0852FFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetVersion] FEF4958B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindFirstFileA] 128BFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetStartupInfoA] FEF4B5FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetCurrentProcessId] 52FFFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetModuleHandleA] 94858B08
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetLocaleInfoA] C9FFFFFE
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GlobalFree] 550008C2
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!SetStdHandle] C483EC8B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!TlsFree] C045C7C0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!InterlockedExchange] 00000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!WriteFile] 00F845C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!LoadLibraryA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetACP] 50F8458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!CreateDirectoryW] FF0C75FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindNextFileW] 7D833452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!SetConsoleCP] 840F00F8
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!WideCharToMultiByte] 00F445C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!lstrcmpiW] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!WaitForSingleObject] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!DisableThreadLibraryCalls] 50F4458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!Sleep] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!ExitProcess] 7D832452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!CompareStringW] 840F00F4
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindResourceExW] 000000F1
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!VirtualAlloc] 14DC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetTickCount] E9000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetSystemTimeAsFileTime] 000000D5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!IsDebuggerPresent] E8F475FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!LoadResource] 00002B84
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetModuleFileNameW] E850CC45
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!lstrlenA] CC45C766
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindClose] 458B0003
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!TranslateMessage] 00F045C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetWindowLongA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!DialogBoxParamA] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!DispatchMessageW] 50F0458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!GetSysColorBrush] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!IsDlgButtonChecked] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetForegroundWindow] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!GetWindowTextW] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!RedrawWindow] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetScrollInfo] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!IsDialogMessageA] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!MessageBoxA] 7D832C52
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!InvalidateRect] 7E7400F0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!EnableWindow] 7A75C00B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetRect] 00EC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!wcsrchr] 128BF055
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!_vsnwprintf] 50EC458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!_cexit] 4098E868
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!memcpy] F075FF00
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!??1type_info@@UAE@XZ] 7D8312FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!_lock] 4F7400EC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A9719C8A
---- Processes - GMER 1.0.15 ----

Library C:\DOCUME~1\Dave\LOCALS~1\Temp\winlogon.exe (*** hidden *** ) @ C:\DOCUME~1\Dave\LOCALS~1\Temp\winlogon.exe [476] 0x00400000
Library C:\DOCUME~1\Dave\LOCALS~1\Temp\taskmgr.exe (*** hidden *** ) @ C:\DOCUME~1\Dave\LOCALS~1\Temp\taskmgr.exe [480] 0x00400000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmubfdcdqp.sys (*** hidden *** ) [DISABLED] kbiwkmqowyrelt <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACyvyjhniyyj.sys (*** hidden *** ) [DISABLED] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt@imagepath \systemroot\system32\drivers\kbiwkmubfdcdqp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmubfdcdqp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmuebhxgrk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmdtppvyue.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmywsxvvmr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkm.dat \systemroot\system32\kbiwkmawyevdac.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyvyjhniyyj.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt@imagepath \systemroot\system32\drivers\kbiwkmubfdcdqp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main@sid 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmubfdcdqp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmuebhxgrk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmdtppvyue.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmywsxvvmr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkm.dat \systemroot\system32\kbiwkmawyevdac.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyvyjhniyyj.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACsr
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Windows System Recover! C:\DOCUME~1\Dave\LOCALS~1\Temp\install.exe

---- EOF - GMER 1.0.15 ----

**************************************
 
Hello,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
 
I have been having some issue now with winlogon.exe so
many programs dont execute...
My cmd window pop-up and asked how do I want to run
DDS
I dont believe I have any blocking software...

... any suggestion here...
 
yes, I tried all three
I also tried to run it via a command window but unsuccessful.

not sure what else to try...

perhaps a bat?

thank you in advance
 
Let's see if RSIT runs.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
 
here is the log file:

*******************
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-09-11 14:01:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 649 MB (6%) free of 10 GB
Total RAM: 503 MB (30% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}]
C:\WINDOWS\system32\tajf83ikdmf.dll - C:\WINDOWS\system32\tajf83ikdmf.dll [2009-09-08 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-12 155648]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-14 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-14 126976]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-29 385024]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-03 606208]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-25 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-05 127035]
"DataLayer"=C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [2006-10-27 863744]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2006-11-08 222208]
"Adobe Reader Speed Launcher"=D:\Program Downloads\adobe 9\Reader\Reader_sl.exe [2009-02-27 35696]
"RecoverFromReboot"=C:\WINDOWS\Temp\RecoverFromReboot.exe []
"net"=C:\WINDOWS\system32\net.net []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe"=1&1 EasyLogin HIDE []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Windows System Recover!"=C:\DOCUME~1\Dave\LOCALS~1\Temp\debug.exe [2009-09-11 23044]
"WIndows Rescue Disk"=C:\DOCUME~1\Dave\LOCALS~1\Temp\win.exe [2009-09-11 23044]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Picture Package Menu.lnk - D:\Program Downloads\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - D:\Program Downloads\Picture Package Applications\Residence.exe
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-14 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll [2009-09-08 15000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"c:\Program Files\Yahoo!\Messenger\YPager.exe"="c:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"c:\Program Files\Yahoo!\Messenger\yserver.exe"="c:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\wamp\Vista emulator\VistA Emulator.exe"="C:\wamp\Vista emulator\VistA Emulator.exe:*:Enabled:VistA Emulator"
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE"="C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console"
"D:\Movies\VLC\vlc.exe"="D:\Movies\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\SolidWorks\SLDWORKS.exe"="C:\Program Files\SolidWorks\SLDWORKS.exe:*:Enabled:SldWorks"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Disabled:Mozilla Thunderbird"
"C:\wamp\Apache2\bin\Apache.exe"="C:\wamp\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\Program Downloads\bittorent\BitTorrent\bittorrent.exe"="D:\Program Downloads\bittorent\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.exe - open - C:\WINDOWS\system32\desote.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-11 14:01:29 ----D---- C:\Program Files\trend micro
2009-09-11 14:01:28 ----D---- C:\rsit
2009-09-08 09:09:49 ----D---- C:\Program Files\Windows Police Pro
2009-09-08 09:04:20 ----A---- C:\WINDOWS\system32\tajf83ikdmf.dll
2009-08-31 14:57:59 ----D---- C:\Documents and Settings\Dave\Application Data\Auslogics
2009-08-31 14:57:54 ----D---- C:\Program Files\Auslogics
2009-08-31 14:01:58 ----D---- C:\Program Files\Avira
2009-08-31 14:01:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-31 12:09:46 ----D---- C:\Program Files\Wise Disk Cleaner
2009-08-27 10:25:24 ----D---- C:\Documents and Settings\Dave\Application Data\Uniblue
2009-08-26 12:47:26 ----D---- C:\WINDOWS\LastGood
2009-08-25 14:09:22 ----D---- C:\WINDOWS\LastGood.Tmp
2009-08-24 14:21:08 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-24 00:00:32 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-23 23:46:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-08-20 15:25:42 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-08-20 15:25:41 ----D---- C:\Program Files\AML Products
2009-08-20 15:25:41 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-08-20 14:08:35 ----A---- C:\avenger.txt
2009-08-19 15:27:22 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 13:17:40 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-08-18 15:40:52 ----A---- C:\WINDOWS\svchast.exe
2009-08-18 15:40:51 ----A---- C:\WINDOWS\system32\desot.exe
2009-08-18 15:35:20 ----SHD---- C:\WINDOWS\CSC
2009-08-17 15:15:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-17 15:08:40 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2009-09-11 14:01:29 ----RD---- C:\Program Files
2009-09-11 12:02:29 ----D---- C:\Program Files\Mozilla Firefox
2009-09-11 12:02:03 ----D---- C:\WINDOWS\Temp
2009-09-11 11:22:27 ----D---- C:\WINDOWS\Help
2009-09-10 17:18:54 ----A---- C:\WINDOWS\wininit.ini
2009-09-10 11:11:27 ----D---- C:\Program Files\Mozilla Thunderbird
2009-09-09 19:25:04 ----D---- C:\WINDOWS\SYSTEM32
2009-09-08 22:42:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-08 17:33:52 ----D---- C:\Documents and Settings\Dave\Application Data\U3
2009-09-08 09:34:41 ----SHD---- C:\System Volume Information
2009-09-04 15:45:50 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-04 15:02:08 ----D---- C:\WINDOWS
2009-09-04 15:01:53 ----D---- C:\Program Files\HP
2009-08-31 12:30:51 ----D---- C:\Program Files\SolidWorks
2009-08-31 10:41:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-31 10:41:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 09:34:40 ----HD---- C:\WINDOWS\INF
2009-08-28 17:37:06 ----A---- C:\WINDOWS\imsins.BAK
2009-08-28 10:49:04 ----A---- C:\Program Files\SolidWorksswxJRNL.BAK
2009-08-25 14:15:42 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-25 14:09:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-25 14:09:23 ----D---- C:\WINDOWS\ADDINS
2009-08-25 13:50:25 ----D---- C:\Documents and Settings\Dave\Application Data\BitTorrent
2009-08-24 17:05:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-24 17:04:43 ----SHD---- C:\WINDOWS\Installer
2009-08-24 16:22:56 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2009-08-24 16:22:56 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2009-08-24 00:52:57 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-08-24 00:52:57 ----D---- C:\WINDOWS\system32\Setup
2009-08-24 00:52:57 ----D---- C:\WINDOWS\AppPatch
2009-08-24 00:50:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-24 00:49:53 ----D---- C:\Program Files\Messenger
2009-08-24 00:48:19 ----D---- C:\WINDOWS\WinSxS
2009-08-24 00:44:40 ----D---- C:\Program Files\Outlook Express
2009-08-24 00:04:08 ----D---- C:\WINDOWS\Prefetch
2009-08-23 23:56:46 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-23 23:46:15 ----D---- C:\WINDOWS\Debug
2009-08-20 20:31:41 ----D---- C:\I386
2009-08-20 20:31:40 ----D---- C:\WINDOWS\TWAIN_32
2009-08-20 16:35:03 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-17 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-12 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-13 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-13 23545]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-04 62799]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 108791]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-02 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 80384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-22 21744]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-14 804317]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-11 234496]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-16 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-01-08 51582]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 rtfpxmxtycpcdgfn;rtfpxmxtycpcdgfn; C:\WINDOWS\system32\drivers\rtfpxmxtycpcdgfn.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-02 17056]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
S2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
S2 DgivEcp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgivEcp.Sys [1999-01-29 38400]
S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-22 40480]
S2 fpoojms;fpoojms; C:\WINDOWS\system32\drivers\cqfrkd.sys []
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-30 11354]
S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-05 25883]
S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-05 34843]
S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-05 4123]
S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-05 2239]
S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-05 86586]
S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-05 15227]
S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-05 6363]
S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-05 98714]
S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-05 100603]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-16 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-16 9600]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-16 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-01-16 98304]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-08 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-16 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2004-12-15 50048]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
S2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe []
S2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-12 155648]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-03-19 335872]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
S2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
S2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-06-20 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]

-----------------EOF-----------------


*******************

and the info file:

*******************
info.txt logfile of random's system information tool 1.06 2009-09-11 14:02:13

======Uninstall list======

-->"C:\Program Files\SBC Yahoo!\umuninst.exe" /S
-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
-->C:\PROGRA~1\Yahoo!\browser\unyb.exe
-->C:\PROGRA~1\Yahoo!\common\unwise.exe /S C:\PROGRA~1\Yahoo!\common\install.log
-->C:\PROGRA~1\Yahoo!\common\unybase.exe
-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\yaddbook.dll
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ylogin.dll
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ymmapi.dll
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
-->regsvr32 /s /u C:\PROGRA~1\Yahoo!\common\YCOMP5~1.DLL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1&1 EasyLogin-->C:\Program Files\1&1\1&1 EasyLogin\Uninstall.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AML Free Registry Cleaner 4.18-->"C:\Program Files\AML Products\Registry Cleaner\unins000.exe"
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Broadcom ASF Management Applications-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Canon Digital Camera USB WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities ZoomBrowser EX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
eDrawings 2004-->MsiExec.exe /I{B95432F2-D984-44A1-96B5-68F33AB51C63}
File Shredder 2.0-->"D:\Program Downloads\file schredd\File Shredder\unins000.exe"
FLV Player 2.0, build 23-->D:\Program Downloads\flv\FLV Player\uninst.exe
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP PSC & Officejet 4.2 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{AC1314E7-D28C-40A1-B322-80D2868D35CE}\setup\hpzscr01.exe" -datfile hposcr04.dat
ImageMixer VCD2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{ED903B25-C6E4-4C8D-855C-59FFC42BBF1F}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite-->MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PeaZip 1.10-->"C:\Program Files\PeaZip\unins000.exe"
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SBC Self Support Tool-->C:\WINDOWS\Motive\SBC\MCCUninst.exe
SBC Yahoo! Applications-->C:\Program Files\SBC Yahoo!\UninstallManager.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Shading Analyser-->C:\WINDOWS\st6unst.exe -n "d:\d\Sun\Dean\ST6UNST.LOG"
SolidWorks 2004 SP0-->MsiExec.exe /I{4E921E6B-CFF1-4901-B262-FD049AC8EF56}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
TWAIN Driver Uninstaller-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\twain.isu
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.5-->D:\Movies\VLC\uninstall.exe
Windows Antivirus Pro-->C:\Program Files\Windows Antivirus Pro\AntiSpyware_Uninstall.exe
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Police Pro-->C:\Program Files\Windows Police Pro\AntiSpyware_Uninstall.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Wise Disk Cleaner 4.64-->"C:\Program Files\Wise Disk Cleaner\unins000.exe"
Xerox WC470cx Printer Driver-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Deis470c.isu -c"C:\WINDOWS\ins470cx.dll"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43863
Source Name: DCOM
Time Written: 20090904150319.000000-420
Event Type: error
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43862
Source Name: DCOM
Time Written: 20090904150319.000000-420
Event Type: error
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43861
Source Name: DCOM
Time Written: 20090904150121.000000-420
Event Type: error
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43860
Source Name: DCOM
Time Written: 20090904145854.000000-420
Event Type: error
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43859
Source Name: DCOM
Time Written: 20090904145713.000000-420
Event Type: error
User: D2N8VR1X\Dave

=====Application event log=====

Computer Name: D2N8VR1X
Event Code: 1015
Message: Failed to connect to server. Error: 0x8007043C

Record Number: 35
Source Name: MsiInstaller
Time Written: 20090819124542.000000-420
Event Type: warning
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 1001
Message: Detection of product '{0575C9C9-7B55-44C3-B81A-A0519F2CCCAB}', feature 'Data' failed during request for component '{247A0CD4-88E9-11D4-A755-00B0D0428C0C}'

Record Number: 9
Source Name: MsiInstaller
Time Written: 20090818092156.000000-420
Event Type: warning
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 1004
Message: Detection of product '{0575C9C9-7B55-44C3-B81A-A0519F2CCCAB}', feature 'Data', component '{9B4072CD-645C-4CDD-85EC-E39C24192808}' failed. The resource 'C:\Program Files\Rand McNally\RM Street Guide DE\Data\' does not exist.

Record Number: 8
Source Name: MsiInstaller
Time Written: 20090818092156.000000-420
Event Type: warning
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 2
Message: Disk free space has dropped below the minimum threshold. Free up space on your hard disk drive by:
1. Backing up your data to a tape backup, ZIP or network drive.
2. Delete unused files.

If you are unsure which files are safe to move or delete, contact your Help Desk or consult your software manuals.

Record Number: 7
Source Name: OMCI
Time Written: 20090818091819.000000-420
Event Type: warning
User:

Computer Name: D2N8VR1X
Event Code: 2
Message: Disk free space has dropped below the minimum threshold. Free up space on your hard disk drive by:
1. Backing up your data to a tape backup, ZIP or network drive.
2. Delete unused files.

If you are unsure which files are safe to move or delete, contact your Help Desk or consult your software manuals.

Record Number: 5
Source Name: OMCI
Time Written: 20090817160957.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

*******************
 
Hi,

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif



CF_download_rename.gif

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


If you have problems with Combofix usage, see here
 
Yes, please close those applications that are not needed to run (including browsers).
 
Combo-fix worked as documented.
report log is:

*********************
ComboFix 09-09-11.01 - Dave 09/11/2009 15:02.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.291 [GMT -7:00]
Running from: c:\documents and settings\Dave\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Dave\LOCALS~1\Temp\lsass.exe
c:\docume~1\Dave\LOCALS~1\Temp\svchost.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\windows\AUTOLNCH.REG
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\run.log
c:\windows\svchast.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\desot.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\kbiwkmubfdcdqp.sys
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\drivers\UACyvyjhniyyj.sys
c:\windows\system32\sonhelp.htm
c:\windows\system32\tajf83ikdmf.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmqowyrelt
-------\Legacy_UACd.sys
-------\Service_kbiwkmqowyrelt
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 21:01 . 2009-09-11 21:01 -------- d-----w- c:\program files\trend micro
2009-09-11 21:01 . 2009-09-11 21:02 -------- d-----w- C:\rsit
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\documents and settings\Dave\Application Data\Auslogics
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\program files\Auslogics
2009-08-31 21:02 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-31 21:02 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-31 21:02 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\program files\Avira
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 19:09 . 2009-09-04 21:58 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-27 17:25 . 2009-08-27 17:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Uniblue
2009-08-26 19:47 . 2009-08-26 19:47 -------- d-----w- c:\windows\LastGood
2009-08-25 21:09 . 2009-08-25 21:09 -------- d-----w- c:\windows\LastGood.Tmp
2009-08-24 07:00 . 2009-08-24 07:00 -------- d-----w- c:\windows\ServicePackFiles
2009-08-24 06:46 . 2009-08-24 06:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-20 23:47 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-08-20 23:45 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 23:44 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 22:49 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 22:25 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-20 22:25 . 2009-08-20 22:25 -------- d-----w- c:\program files\AML Products
2009-08-20 22:25 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-19 23:17 . 2009-08-19 23:17 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2009-08-19 22:27 . 2009-08-19 22:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 20:17 . 2009-08-19 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 18:11 . 2005-08-05 07:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-09 00:33 . 2007-02-05 01:23 -------- d-----w- c:\documents and settings\Dave\Application Data\U3
2009-09-04 22:01 . 2007-03-05 21:30 -------- d-----w- c:\program files\HP
2009-08-31 23:36 . 2005-08-05 13:57 78040 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 19:30 . 2005-08-05 13:49 -------- d-----w- c:\program files\SolidWorks
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-28 17:49 . 2005-08-07 14:31 91917 ----a-w- c:\program files\SolidWorksswxJRNL.BAK
2009-08-25 21:15 . 2005-08-02 10:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 20:50 . 2006-07-22 02:54 -------- d-----w- c:\documents and settings\Dave\Application Data\BitTorrent
2009-08-05 09:11 . 2004-08-03 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 21:22 . 2005-08-05 08:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 04:53 . 2004-08-03 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-03 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-03 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2004-08-03 21:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-03 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-03 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-03 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-03 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-03 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-03 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-03 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-03 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-03 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-03 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-03 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-03 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-03 21:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 21:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 21:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 21:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 21:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 21:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-03 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 21:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe"="1&1 EasyLogin HIDE" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-10-27 863744]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"Adobe Reader Speed Launcher"="d:\program downloads\adobe 9\Reader\Reader_sl.exe" [2009-02-28 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-10 1634304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-8-5 49254]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576]
Picture Package Menu.lnk - d:\program downloads\Picture Package Menu\SonyTray.exe [2007-8-23 151552]
Picture Package VCD Maker.lnk - d:\program downloads\Picture Package Applications\Residence.exe [2007-8-23 106496]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-12-24 217088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"d:\\Movies\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

R3 GTIPCI21;GTIPCI21;c:\windows\SYSTEM32\DRIVERS\gtipci21.sys [12/31/1979 9:00 AM 80384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/31/2009 2:02 PM 108289]
S2 fpoojms;fpoojms;c:\windows\system32\drivers\cqfrkd.sys --> c:\windows\system32\drivers\cqfrkd.sys [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [8/16/2005 7:00 AM 26488]
.
Contents of the 'Scheduled Tasks' folder

2007-05-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-08-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\mine.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\mine.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\Reader\browser\nppdf32.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKLM-Run-net - c:\windows\system32\net.net



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 15:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(280)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2009-09-11 15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 22:14

Pre-Run: 583,081,984 bytes free
Post-Run: 435,761,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

233 --- E O F --- 2009-08-24 07:50

*********************
 
here is the attach file from DDS

****************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2005 8:32:06 PM
System Uptime: 9/12/2009 9:01:39 AM (0 hours ago)

Motherboard: Dell Inc. | | 0D4571
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 10 GiB total, 0.423 GiB free.
D: is FIXED (NTFS) - 46 GiB total, 2.805 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Service: w29n51

==== System Restore Points ===================

RP1: 9/11/2009 3:10:58 PM - System Checkpoint

==== Installed Programs ======================

1&1 EasyLogin
Adobe Acrobat 5.0
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1
AiO_Scan
ALPS Touch Pad Driver
AML Free Registry Cleaner 4.18
Ask Toolbar
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
BitTorrent
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Canon Digital Camera USB WIA Driver
Canon PhotoRecord
Canon Utilities ZoomBrowser EX
CDBurnerXP Pro 3
Conexant D110 MDC V.9x Modem
Digital Line Detect
DNA
eDrawings 2004
Enterprise
File Shredder 2.0
FLV Player 2.0, build 23
Hotfix for Windows XP (KB952287)
HP PSC & Officejet 4.2 Corporate Edition
ImageMixer VCD2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 6
Logitech MouseWare 9.79.1
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft FrontPage Client - English
Microsoft Office Live Meeting 2005
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.13)
Mozilla Thunderbird (2.0.0.22)
Mozilla Thunderbird (2.0.0.23)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
OMCI
PC Connectivity Solution
PeaZip 1.10
Picture Package
PowerDVD 5.1
QFolder
QuickSet
Rand Mc Nally Street Guide Bay Area Counties 2006
RealPlayer
RegCure 1.6.0.0
SBC Self Support Tool
SBC Yahoo! Applications
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shading Analyser
SolidWorks 2004 SP0
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SyncBack
TextPad 4.7
TWAIN Driver Uninstaller
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.5
Visual Studio.NET Baseline - English
WebFldrs XP
Windows Antivirus Pro
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Police Pro
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Wise Disk Cleaner 4.64
Xerox WC470cx Printer Driver

==== Event Viewer Messages From Past Week ========

9/8/2009 9:38:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/8/2009 9:34:41 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/8/2009 7:22:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
9/8/2009 6:48:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/8/2009 5:24:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
9/8/2009 5:23:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/8/2009 10:58:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/8/2009 10:57:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
9/8/2009 10:55:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV avgio avipbb Fips intelppm ssmdrv Tosrfcom
9/8/2009 10:53:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

****************************
 
thank you very much for your help, its a relief to have things coming back on line and see it develop...:thanks:

second file DDS:

******************************

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Dave at 9:29:55.17 on Sat 09/12/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.186 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: Ask Toolbar Quick View: {b0de3308-5d5a-470d-81b9-634fc078393b} - c:\windows\system32\shdocvw.dll
uRun: [c:\program files\1&1\1&1 easylogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "d:\program downloads\adobe 9\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - d:\program downloads\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - d:\program downloads\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program downloads\spybot\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\mine.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\dave\application data\mozilla\firefox\profiles\mine.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\reader\browser\nppdf32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-31 11608]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [1979-12-31 80384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-31 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-31 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-20 55656]
S2 fpoojms;fpoojms;c:\windows\system32\drivers\cqfrkd.sys --> c:\windows\system32\drivers\cqfrkd.sys [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-8-16 26488]

=============== Created Last 30 ================

2009-09-11 15:02 <DIR> a-dshr-- C:\cmdcons
2009-09-11 15:00 230,912 a------- c:\windows\PEV.exe
2009-09-11 15:00 161,792 a------- c:\windows\SWREG.exe
2009-09-11 15:00 98,816 a------- c:\windows\sed.exe
2009-09-11 14:01 <DIR> --d----- c:\program files\trend micro
2009-09-04 14:59 102,032 -------- c:\windows\hpoins04.dat.temp
2009-09-04 14:59 17,218 -------- c:\windows\hpomdl04.dat.temp
2009-08-31 14:57 <DIR> --d----- c:\docume~1\dave\applic~1\Auslogics
2009-08-31 14:57 <DIR> --d----- c:\program files\Auslogics
2009-08-31 14:01 <DIR> --d----- c:\program files\Avira
2009-08-31 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-31 12:09 <DIR> --d----- c:\program files\Wise Disk Cleaner
2009-08-27 10:25 <DIR> --d----- c:\docume~1\dave\applic~1\Uniblue
2009-08-25 14:09 <DIR> --d----- c:\windows\LastGood.Tmp
2009-08-24 00:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-23 23:46 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-08-20 16:52 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-20 16:52 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-08-20 16:49 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-20 16:47 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-08-20 16:45 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 16:44 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-08-20 16:44 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 15:49 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 15:25 487,424 a------- c:\windows\system32\msvcp70.dll
2009-08-20 15:25 974,848 a------- c:\windows\system32\mfc70.dll
2009-08-20 15:25 <DIR> --d----- c:\program files\AML Products
2009-08-19 16:17 <DIR> --d----- c:\documents and settings\dave\DoctorWeb
2009-08-19 15:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 13:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations

==================== Find3M ====================

2009-08-28 10:49 91,917 a------- c:\program files\SolidWorksswxJRNL.BAK
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 01:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 01:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 01:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 04:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 04:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 04:34 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2008-01-22 09:44 560 a------- c:\docume~1\dave\applic~1\ViewerApp.dat

============= FINISH: 9:30:21.00 ===============

******************************
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
DNA


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:
Ask Toolbar
Macromedia Flash Player
Macromedia Shockwave Player

After that:

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer



Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Driver::
fpoojms
File::
c:\windows\system32\drivers\cqfrkd.sys
Folder::
C:\Documents and Settings\Dave\Application Data\BitTorrent
D:\Program Downloads\bittorent
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into Combo-Fix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Get updates 9.1.2 and 9.1.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Hi Blade
thank you again for the outstanding support !!! I greatly appreciate it.

I ran into an issue where I cannot drag and drop the CFScript.txt file to Combo-fix it doesnt launch...
is there another way to do this?
 
Hi,

Please delete Combo-Fix.exe and then download a fresh one from the same location you did earlier. Then try to drag'n'drop CFScript file to it.
 
I had a quick note: I had deleted most if not all of the files you noted earlier using the add/remove on the control panel.
but they were still registered in the registry as installed. I then removed them using regit but was never able to locate
DNA however bitorrent and ask toolbars were and deleted them from the registry that way... I ran dds again and saw everything was removed except the dds which I cannot find anywhere... is this a problem at this point?
 
... correction: DNA is still listed on the dds report log but I am not able to locate by means of using the:

"regedt32" run command and searching for it in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Do you believe this would this be a problem?
 
You must log in or register to reply here.
Back
Top