Rootkit dropper/trojan (still)

T

taichi

New member
Hi,

I had a post in progress the end of April, and BLADE81 was kindly helping me. But I got sick & ended up in the hospital for 12 days. Am better now - :-)

Here's the original post if needed :http://forums.spybot.info/showthread.php?t=56775

I hope BLADE81 or someone can help me finish cleaning & fixing my laptop.

Thank you in advance!

Here's some updated info, in case it is needed:
1. Combofix: While I was laid up, my brother came in town to help me & decided to work on my computer woes, as well. He told me he could not get combofix to work.
Although he was vague and doesn't remember what he did with it! A strange thing -- I see an icon that looks like "My Computer" and it is here
C:\ComboFix.
When I click & look inside - there are icons of my DRIVES! I actually don't remember putting the file there and give it a "my computer icon," but I had a fever, so maybe I did. I am afraid to delete it without asking, because it looks like it will delete ALL MY DRIVES! Should I leave it?

2. Updated programs & A-V: My brother was able to get all my windows and ms products updated. And, he installed & ran every free a-v software there is, I think. I kept them installed, but only enable one at a time, just in case. Thats because one would find one thing, and another would not, etc.
I thought if I had them disabled & only enable one, use it, disable it, then another, use it, etc. that it would be okay? Is this okay, or must I remove all but one?

3. He ran secunia and found a few other things I need to get updated, but I want to make sure the computer is safe first.

4. Problems: My laptop problems are still here. A couple of days ago, I was re-directed after doing google searches. First, the valid looking search results come up, but when I chose one, such as a microsoft web site for "windows defender" I am sent to "goodbites" (recipes, I think), not a site I've ever visited. I just closed fire fox. I've also been redirected to a "d link search" address. (There are no spaces in the real addresses, I just put the spaces, so it would not be a real link.) I'm afraid the redirector/trojan/rootkit is still lurking.

I ran ccleaner today and it cleaned a lot of junk left over from old programs, but my programs are still running very slow.

5. Here's whats been found so far:
Windows malicious remover tool, found something called "Aleuron", but I cannot find a log or report for it, so I cannot tell exactly what it was. I believe it reported that it was removed, but to run a full anti-v scan, which I did.

Other things:
ESET Online found these.
C:\Windows\System32\dclfeqbb.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\ddnsfjaa.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\ikvbqtei.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\LnXGPpVw.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\tnrppbkq.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\vkqtnrvn.ini Win32/Adware.Virtumonde.NEO application
C:\Windows\System32\ymcwsnuu.ini Win32/Adware.Virtumonde.NEO application

I looked all over for these files, to scan or delete them, and cannot find them at all. I'm pretty sure I have all files unhidden.

Malawarebytes found & removed:
3 rootkit.droppers & 4 trojan DNS changers (see logs below)

Avira found (see logs below):
W95/blumblebee.1738->object=pskavs.dll
and
EXP/Java.Agent.F.6.
I had them moved to quarantine.

Here's my DDS logs from today:

DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 20:15:14.99 on Fri 05/21/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.832 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Users\admin\Desktop\DDS NEW DOWNLOAD MAY 21 2010\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\apshook.dll,avgrsstx.dll c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-15 164048]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-14 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-14 29512]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-4-9 16744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 30112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-14 267432]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-15 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-15 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-14 308064]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-14 60936]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-9-29 69706]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:39:16 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-15 02:39:31 0 d-----w- c:\users\admin\appdata\roaming\Avira
2010-05-15 02:31:05 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-15 02:31:02 0 d-----w- c:\programdata\Avira
2010-05-15 02:31:02 0 d-----w- c:\program files\Avira
2010-05-15 01:25:05 0 d--h--w- C:\$AVG
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:51:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-14 22:50:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-14 22:50:16 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 22:48:06 0 d-----w- c:\programdata\avg9
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:17:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 05:26:12 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-09 05:25:30 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-09 05:25:28 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-09 05:25:28 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-12 22:02:38 261632 ----a-w- c:\windows\PEV.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 20:18:54.80 ===============
 
Last edited by a moderator:
Hi,

There're way too many antivirus programs installed and running there. Please decide which one you want to keep and uninstall other ones.

Please re-run DDS and post back both logs it creates. Create GMER log too:

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
 
Hi, I chose Comodo & uninstalled AVG9, Avira (Antivir), Avast, Norton I had 2 years ago, which I didn't realize Symantic was still running an "updater." I uninstalled McAfee 2 years ago, also, but still cannot get the "McAfee Virus Scan Enterprise" program unlisted in the the control panel/programs & features.

Windows Defender has been turned off since my problems started and cannot turn it on. Something about a group policy, which I cannot figure out. I didnt uninstall it.

Here are my 2 DDS logs, and gmer log.
Thanks for helping.

TC

DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 14:55:04.09 on Wed 05/26/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.998 [GMT -4:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\admin\Desktop\TAICHIdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\apshook.dll,c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-4-9 16744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 30112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-9-29 69706]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:17:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 05:26:12 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-09 05:25:30 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-09 05:25:28 218560 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-09 05:25:28 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-12 22:02:38 261632 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 14:56:23.41 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 5/26/2010 2:43:41 PM (0 hours ago)

Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 98.55 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1153: 5/16/2010 7:37:56 PM - Windows Update
RP1154: 5/17/2010 6:46:49 PM - Windows Update
RP1155: 5/19/2010 5:06:19 AM - Scheduled Checkpoint
RP1156: 5/19/2010 9:22:06 PM - Windows Update
RP1157: 5/20/2010 6:05:12 AM - Windows Update
RP1158: 5/20/2010 6:29:13 AM - Windows Update
RP1159: 5/20/2010 6:35:24 AM - Windows Update
RP1160: 5/22/2010 9:51:56 AM - COMODO Restore Point. (Restore point from the popup alert for Seagate 2GEVWJHH Product Registration.exe)
RP1161: 5/26/2010 1:50:59 PM - Removed AVG Free 9.0
RP1162: 5/26/2010 2:14:43 PM - avast! Free Antivirus Setup
RP1163: 5/26/2010 2:22:22 PM - Removed Ad-Aware 2007
RP1164: 5/26/2010 2:24:47 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP1165: 5/26/2010 2:27:27 PM - Removed McAfee VirusScan Enterprise
RP1166: 5/26/2010 2:29:14 PM - Removed McAfee VirusScan Enterprise
RP1168: 5/26/2010 2:30:30 PM - Configured MediaFACE 4.01

==== Installed Programs ======================

2Wire Gateway
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
COMODO Internet Security
COMODO livePCsupport
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GanttProject
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java(TM) 6 Update 5
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SiteAdvisor
McAfee VirusScan Enterprise
MediaFACE 4.01
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.8)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
Panda ActiveScan 2.0
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip
WModem Driver Installer
WordPerfect Office X3

==== Event Viewer Messages From Past Week ========

5/26/2010 2:46:10 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
5/26/2010 2:46:10 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Color Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Black & White Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer ClickBook Printer because the print processor CBWP could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer HP DeskJet 722C failed to initialize because a suitable HP DeskJet 722C driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:46 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer ClickBook Printer failed to initialize because a suitable ClickBook Printer driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/26/2010 2:44:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/21/2010 9:17:40 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
5/21/2010 8:27:46 PM, Error: NETw4v32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
5/21/2010 8:27:46 PM, Error: NETw4v32 [5002] - Intel(R) Wireless WiFi Link 4965AGN : Has determined that the network adapter is not functioning properly.
5/21/2010 5:32:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NeatReceipts Database Controller service to connect.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi AvgLdx86 AvgMfx86 avipbb cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr ssmdrv tdx Wanarpv6
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/21/2010 4:24:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}
5/21/2010 4:24:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/21/2010 4:24:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/21/2010 4:24:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/21/2010 4:24:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/21/2010 4:24:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/21/2010 4:24:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/21/2010 4:23:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/21/2010 4:23:35 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
5/21/2010 4:23:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/19/2010 3:54:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

==== End Of File ===========================

The gmer log is very big, so will put in next post.
 
Wow, I really did NOT select "all files." I have no idea why the log is so big, I cannot post it, and forum won't allow me to attach it. This is notice I get:

GMER 5262010.txt:
Your file of 745.4 KB bytes exceeds the forum's limit of 48.8 KB for this filetype. t.

I'll try to run it in safe mode and see if results are still too big.
 
Ok, I tried to run gmer again. I also went online and downloaded a fresh gmer file. It runs for about 1 minute then just stops at \device\volumeshadowcopy1. This happens in normal mode, and, I tried it 3 times in safe mode, and the same thing happened. One time in safe mode, I got a blue screen and windows shut down. Do you want me to try to cut and paste the huge log into several posts? Here's the beginning & end of the log if that helps. Thanks for helping.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-26 15:30:40
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwldapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8FB199B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8FB1AD34]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8FB19BA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8FB18CF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8FB1961C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8FB18BCC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8FB193B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8FB1A9C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8FB18710]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8FB18542]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8FB1A600]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8FB18F8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8FB197F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8FB18226]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8FB1923C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8FB183BE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8FB1A094]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8FB1A348]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8FB1A7CC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8FB18F26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8FB19128]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8FB18A6A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8FB18910]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8FB19CB2]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 82CC487C 4 Bytes [B6, 99, B1, 8F] {MOV DH, 0x99; MOV CL, 0x8f}
.text ntkrnlpa.exe!KeSetEvent + 13D 82CC48A0 8 Bytes [34, AD, B1, 8F, A2, 9B, B1, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 82CC4924 4 Bytes [F0, 8C, B1, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82CC493C 4 Bytes [1C, 96, B1, 8F] {SBB AL, 0x96; MOV CL, 0x8f}
.text ntkrnlpa.exe!KeSetEvent + 205 82CC4968 4 Bytes [CC, 8B, B1, 8F]
.text ...
---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!LdrLoadDll 77A49390 5 Bytes JMP 10023430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!LdrUnloadDll 77A5BA50 7 Bytes JMP 1001CF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!LdrGetProcedureAddress 77A65A88 5 Bytes JMP 10025C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtAllocateVirtualMemory 77A84134 5 Bytes JMP 10025C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtClose 77A84314 5 Bytes JMP 1001CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtCreateFile 77A843D4 5 Bytes JMP 10025D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtCreateProcess 77A84494 5 Bytes JMP 10025DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtCreateProcessEx 77A844A4 5 Bytes JMP 10025D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtDeleteFile 77A847B4 5 Bytes JMP 10025CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtFreeVirtualMemory 77A84944 5 Bytes JMP 10025BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtLoadDriver 77A84A64 5 Bytes JMP 10025C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtOpenFile 77A84BB4 5 Bytes JMP 10025CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtProtectVirtualMemory 77A84D34 5 Bytes JMP 10025CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtSetInformationProcess 77A85324 5 Bytes JMP 10025C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtUnloadDriver 77A85574 5 Bytes JMP 10025C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!NtWriteVirtualMemory 77A85674 5 Bytes JMP 10025D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ntdll.dll!RtlAllocateHeap 77A86570 5 Bytes JMP 10025BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CreateProcessW 760F1BF3 5 Bytes JMP 10025D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CreateProcessA 760F1C28 5 Bytes JMP 10025D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!VirtualProtect 760F1DC3 5 Bytes JMP 100258B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!OpenFile 760F355A 5 Bytes JMP 10025B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileW 760FA2F2 5 Bytes JMP 10025A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CopyFileExW 76100211 7 Bytes JMP 10025A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CopyFileW 76100299 5 Bytes JMP 10025AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!DeleteFileW 7610F4B6 5 Bytes JMP 10025970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!DeleteFileA 7610F5D2 5 Bytes JMP 10025990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileWithProgressW 761110A4 5 Bytes JMP 100259B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileExW 761110C8 5 Bytes JMP 100259F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadLibraryExW 76119109 7 Bytes JMP 10025B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadLibraryW 76119362 5 Bytes JMP 100258F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadLibraryExA 761194B4 5 Bytes JMP 10025B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadLibraryA 761194DC 5 Bytes JMP 10025910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!GetProcAddress 7613903B 5 Bytes JMP 10025BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!GetModuleHandleA 761392A5 5 Bytes JMP 10025950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!GetModuleHandleW 7613A804 5 Bytes JMP 10025930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CreateFileW 7613AECB 5 Bytes JMP 10025AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CreateFileA 7613CE5F 5 Bytes JMP 10025B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileExA 76140F0A 5 Bytes JMP 10025A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileWithProgressA 76140F2A 5 Bytes JMP 100259D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CopyFileA 76142433 5 Bytes JMP 10025AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!MoveFileA 7617F641 5 Bytes JMP 10025A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!CopyFileExA 761819F9 5 Bytes JMP 10025A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!WinExec 76185CF7 5 Bytes JMP 100258D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] kernel32.dll!LoadModule 76185E4F 5 Bytes JMP 10025B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] USER32.dll!EndTask 769FAD32 5 Bytes JMP 10027320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!CreateProcessAsUserA 7667CEB9 5 Bytes JMP 1001FEB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!CreateProcessAsUserW 76691EE9 5 Bytes JMP 1001F6A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!OpenServiceA 76692EBD 7 Bytes JMP 10026560 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!OpenServiceW 76698354 3 Bytes JMP 10026800 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!OpenServiceW + 4 76698358 3 Bytes [99, CC, CC] {CDQ ; INT 3 ; INT 3 }
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!CreateServiceW 766B9EB4 7 Bytes JMP 10026A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ADVAPI32.dll!CreateServiceA 766F72A1 7 Bytes JMP 10026D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] WS2_32.dll!WSASocketW 77BD34EB 7 Bytes JMP 100257B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] WS2_32.dll!WSASocketA 77BD8FA9 5 Bytes JMP 100257D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ole32.dll!CoGetClassObject 762CFABC 5 Bytes JMP 10027560 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[420] ole32.dll!CoCreateInstanceEx 762E9EE9 5 Bytes JMP 100277A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!LdrLoadDll 77A49390 5 Bytes JMP 10023430 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!LdrUnloadDll 77A5BA50 7 Bytes JMP 1001CF40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!LdrGetProcedureAddress 77A65A88 5 Bytes JMP 10025C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtAllocateVirtualMemory 77A84134 5 Bytes JMP 10025C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtClose 77A84314 5 Bytes JMP 1001CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtCreateFile 77A843D4 5 Bytes JMP 10025D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtCreateProcess 77A84494 5 Bytes JMP 10025DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtCreateProcessEx 77A844A4 5 Bytes JMP 10025D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtDeleteFile 77A847B4 5 Bytes JMP 10025CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtFreeVirtualMemory 77A84944 5 Bytes JMP 10025BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtLoadDriver 77A84A64 5 Bytes JMP 10025C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtOpenFile 77A84BB4 5 Bytes JMP 10025CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtProtectVirtualMemory 77A84D34 5 Bytes JMP 10025CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtSetInformationProcess 77A85324 5 Bytes JMP 10025C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtUnloadDriver 77A85574 5 Bytes JMP 10025C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!NtWriteVirtualMemory 77A85674 5 Bytes JMP 10025D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ntdll.dll!RtlAllocateHeap 77A86570 5 Bytes JMP 10025BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CreateProcessW 760F1BF3 5 Bytes JMP 10025D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CreateProcessA 760F1C28 5 Bytes JMP 10025D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!VirtualProtect 760F1DC3 5 Bytes JMP 100258B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!OpenFile 760F355A 5 Bytes JMP 10025B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileW 760FA2F2 5 Bytes JMP 10025A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CopyFileExW 76100211 7 Bytes JMP 10025A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CopyFileW 76100299 5 Bytes JMP 10025AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!DeleteFileW 7610F4B6 5 Bytes JMP 10025970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!DeleteFileA 7610F5D2 5 Bytes JMP 10025990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileWithProgressW 761110A4 5 Bytes JMP 100259B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileExW 761110C8 5 Bytes JMP 100259F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadLibraryExW 76119109 7 Bytes JMP 10025B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadLibraryW 76119362 5 Bytes JMP 100258F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadLibraryExA 761194B4 5 Bytes JMP 10025B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadLibraryA 761194DC 5 Bytes JMP 10025910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!GetProcAddress 7613903B 5 Bytes JMP 10025BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!GetModuleHandleA 761392A5 5 Bytes JMP 10025950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!GetModuleHandleW 7613A804 5 Bytes JMP 10025930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CreateFileW 7613AECB 5 Bytes JMP 10025AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CreateFileA 7613CE5F 5 Bytes JMP 10025B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileExA 76140F0A 5 Bytes JMP 10025A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileWithProgressA 76140F2A 5 Bytes JMP 100259D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CopyFileA 76142433 5 Bytes JMP 10025AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!MoveFileA 7617F641 5 Bytes JMP 10025A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!CopyFileExA 761819F9 5 Bytes JMP 10025A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!WinExec 76185CF7 5 Bytes JMP 100258D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] kernel32.dll!LoadModule 76185E4F 5 Bytes JMP 10025B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] USER32.dll!EndTask 769FAD32 5 Bytes JMP 10027320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!CreateProcessAsUserA 7667CEB9 5 Bytes JMP 1001FEB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!CreateProcessAsUserW 76691EE9 5 Bytes JMP 1001F6A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!OpenServiceA 76692EBD 7 Bytes JMP 10026560 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!OpenServiceW 76698354 3 Bytes JMP 10026800 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!OpenServiceW + 4 76698358 3 Bytes [99, CC, CC] {CDQ ; INT 3 ; INT 3 }
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!CreateServiceW 766B9EB4 7 Bytes JMP 10026A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ADVAPI32.dll!CreateServiceA 766F72A1 7 Bytes JMP 10026D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] SHELL32.dll!ShellExecuteW 76F29725 5 Bytes JMP 10025870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] SHELL32.dll!ShellExecuteExW 76F7C135 5 Bytes JMP 10025830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] SHELL32.dll!ShellExecuteEx 77129FE2 5 Bytes JMP 10025850 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] SHELL32.dll!ShellExecuteA 7712A07D 5 Bytes JMP 10025890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ole32.dll!CoGetClassObject 762CFABC 5 Bytes JMP 10027560 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[636] ole32.dll!CoCreateInstanceEx 762E9EE9 5 Bytes JMP 100277A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[640] ntdll.dll!LdrLoadDll



***** (there were many many more lines just like the ones above,
then it ends like this)*****************

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdMadeAnyProgress] [8CEF47D5] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdCompleteEvent] [8CEF50D6] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdGetLowestDeviceObject] [8CEF504A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdGetDeviceObject] [8CEF5016] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\drivers\VIDEOPRT.SYS[watchdog.sys!WdGetLastEvent] [8CEF5036] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdEnterMonitoredSection] [8CEF480F] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdExitMonitoredSection] [8CEF488B] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdFreeDeferredWatchdog] [8CEF9014] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStopDeferredWatch] [8CEF4972] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStartDeferredWatch] [8CEF46E1] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdAllocateDeferredWatchdog] [8CEF8F7A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdSuspendDeferredWatch] [8CEF4763] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)
IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdResumeDeferredWatch] [8CEF4773] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Hi,

Disable protection software and run ComboFix (let it update itself). Post back the report.
 
Blade81 said:
Disable protection software and run ComboFix (let it update itself). Post back the report.
Click to expand...

Ok, I will try again, but have not had success running it two times before.

ME:
I see an icon that looks like "My Computer" and it is here
C:\ComboFix.
Click to expand...
This is the one that has icons for my drives. Should I leave it there for now and get another combofix?
Sorry for being so confused. Thanks for being patient.
 
combofix does not work :-(

I downloaded a new combofix to desktop & I have the directions. I followed everything exactly as instructed. Made sure all protection was stopped, etc.

In normal mode it notified me that “Kindly write down this .. trying to attach, may need it later “C:\windows\System32\APSHook.dll.” Then it got to “preparing to run – attempting to cerate a new system restore point…” I saw it backing up to C:\windows\erdnt\HIV-backup…(or something like that), and the red/blue progress bars. Then combofix CLOSED, and nothing else happened.

In safe mode, it got to the backing up part (without the “trying to attach” notice). But the computer has been sitting there for 20 minutes at the ComboFix blue screen with “Please wait. ComboFix is preparing to run.”

What should I try next? Thanks.
 
Hi,

It's likely Comodo causing the issue. Uninstall it for now. Then seem if you're able to run ComboFix in safe mode with networking.
 
Blade81 said:
Hi,

It's likely Comodo causing the issue. Uninstall it for now. Then seem if you're able to run ComboFix in safe mode with networking.
Click to expand...

My laptop is not cooperating! Sorry, but this is so frustrating.

I uninstalled Comodo’s two programs, I re-downloaded to desktop and re-nemed on the download combofix to tc5272010.exe. Made sure everything turned off. And, restarted in safemode with networking. The Combofix blue screen comes on, gets to part where it backs up registry. Then just sits at “Please wait. Combofix is preparing to run.”
No luck, still not working.

http://forums.spybot.info/images/smilies/confused1.gif
 
Blade81 said:
Please post a fresh dds log.
Click to expand...

Done, here's both logs.

DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 12:55:47.02 on Thu 05/27/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1103 [GMT -4:00]

SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\admin\Desktop\DDS NEW DOWNLOAD MAY 21 2010\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-9-29 69706]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-05-27 16:07:07 0 d-s---w- C:\tc5272010
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 12:56:44.66 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 5/27/2010 12:48:47 PM (0 hours ago)

Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 102.984 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1154: 5/17/2010 6:46:49 PM - Windows Update
RP1155: 5/19/2010 5:06:19 AM - Scheduled Checkpoint
RP1156: 5/19/2010 9:22:06 PM - Windows Update
RP1157: 5/20/2010 6:05:12 AM - Windows Update
RP1158: 5/20/2010 6:29:13 AM - Windows Update
RP1159: 5/20/2010 6:35:24 AM - Windows Update
RP1160: 5/22/2010 9:51:56 AM - COMODO Restore Point. (Restore point from the popup alert for Seagate 2GEVWJHH Product Registration.exe)
RP1161: 5/26/2010 1:50:59 PM - Removed AVG Free 9.0
RP1162: 5/26/2010 2:14:43 PM - avast! Free Antivirus Setup
RP1163: 5/26/2010 2:22:22 PM - Removed Ad-Aware 2007
RP1164: 5/26/2010 2:24:47 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP1165: 5/26/2010 2:27:27 PM - Removed McAfee VirusScan Enterprise
RP1166: 5/26/2010 2:29:14 PM - Removed McAfee VirusScan Enterprise
RP1168: 5/26/2010 2:30:30 PM - Configured MediaFACE 4.01
RP1169: 5/26/2010 7:23:44 PM - Windows Update
RP1170: 5/27/2010 11:55:17 AM - Removed COMODO Internet Security
RP1171: 5/27/2010 12:01:50 PM - Removed COMODO livePCsupport

==== Installed Programs ======================

2Wire Gateway
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GanttProject
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java(TM) 6 Update 5
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SiteAdvisor
McAfee VirusScan Enterprise
MediaFACE 4.01
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.8)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
Panda ActiveScan 2.0
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip
WModem Driver Installer
WordPerfect Office X3

==== Event Viewer Messages From Past Week ========

5/27/2010 12:51:02 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/27/2010 12:51:01 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Color Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Black & White Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer ClickBook Printer because the print processor CBWP could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer HP DeskJet 722C failed to initialize because a suitable HP DeskJet 722C driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:41 PM, Error: Microsoft-Windows-PrintSpooler [23] - Printer ClickBook Printer failed to initialize because a suitable ClickBook Printer driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/27/2010 12:49:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/27/2010 12:06:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp SASDIFSV SASKUTIL spldr Wanarpv6
5/27/2010 12:06:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 12:06:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}
5/27/2010 12:06:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/27/2010 12:05:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/27/2010 12:05:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/27/2010 12:05:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2010 12:05:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/27/2010 12:05:24 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
5/27/2010 12:05:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/27/2010 11:37:06 AM, Error: PlugPlayManager [12] - The device 'PANTECH UM175 WWAN Driver #2' (USB\VID_106c&PID_3714&MI_03\6&31745fba&0&8515) disappeared from the system without first being prepared for removal.
5/27/2010 11:29:37 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:21:41 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:15:56 AM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 11:15:56 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:14:17 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E81CE449. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/27/2010 11:13:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013E81CE449 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2010 10:41:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:41:27 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 10:40:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/27/2010 10:40:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/27/2010 10:38:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007045b'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/26/2010 6:22:52 PM, Error: NETw4v32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
5/26/2010 6:22:52 PM, Error: NETw4v32 [5002] - Intel(R) Wireless WiFi Link 4965AGN : Has determined that the network adapter is not functioning properly.
5/26/2010 6:02:54 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:44 PM on 5/26/2010 was unexpected.
5/26/2010 3:39:25 PM, Error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error 2147549183 (0x8000FFFF).
5/26/2010 3:39:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/21/2010 9:17:40 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
5/21/2010 5:32:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NeatReceipts Database Controller service to connect.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi AvgLdx86 AvgMfx86 avipbb cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr ssmdrv tdx Wanarpv6

==== End Of File ===========================
 
Hi,

Let's try to uninstall old McAfee at this point. Download and run Revo Uninstaller let it uninstall McAfee related findings.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. Post back its report & fresh dds log + description of remaining symptoms.
 
Ok, I will do all of that when I get home from work this evening, and post it tomorrow morning, because laptop is out of battery & I forgot the powercord this morning. Computer is still running so slow, takes forever for firefox to load, or programs to open. Thanks for helping.
 
Used Revo Uninstaller program & removed McAfee Virus Scan Enterprises, also a CD labeler program had same removal problem (MediaFace).
Uninstalled SuperAntispyware program as I prefer Spybot. I hope that was ok to go ahead & do.

While I was in Revo Uninstaller, I searched everywhere and cannot find this av program listed in DDS logs, and have already
uninstalled Avira: SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

Removed old Java & updated to Java 6 update 20.
Used ATF cleaner as directed.
Ran Kaspersky, which found nothing, but I'm not surprised, it did not find anything before, when had trojan & rootkit dropper.
DDS run again this morning & all logs below.


I downloaded and tried to run gmer two more times, but each time it stopped at \device\hardisk volume shadowcopy1
the 2nd time I got a blue screen and windows crashed & shut down, so I did not try again. I re-downloaded and tried to
run Combofix again this morning, but it only makes the backup of registry, then sits at the little blue screen Please wait..preparing to run.
Why does Combofix or gmer not work for me, but seems like it does for all other computers?

I was nervous because no firewall or av program, so I reinstalled AVAST this morning. I have NOT used internet for anything except this forum & progs you wanted me to run, because I was too worried that the redirector/rootkit/trojan things would reappear and re-direct would start again.

Should I try any google search and see if I get redirected, or do you have other things to check?

One more thing, I have a Seagate freeagent backup drive, which I copied my full c drive to before I had comodo installed (which killed the seagate program). Anyway it has not been connected to the laptop ever since. Do you think it is safe to re-connect it? Or, should I run something to check it first?

Thanks for all your help!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, May 28, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, May 27, 2010 17:33:33
Records in database: 4190279
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 243757
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 06:01:51
No threats found. Scanned area is clean.
Selected area has been scanned.

************
DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 10:03:46.34 on Fri 05/28/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1034 [GMT -4:00]

SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\McAfee Security Scan Plus.lnk.disabled
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: kaspersky.com\www
Trusted Zone: symantec.com\service1
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5296/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\6owh1r5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-28 164048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-4-1 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-28 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-28 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-12 206096]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2007-10-22 230728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-10 1153368]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-1 21504]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2010-2-8 103424]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2010-2-8 103424]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-5-3 4736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-5-3 8960]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-12 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-12 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-12 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-12 59904]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-27 27192]
S4 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" --> c:\program files\network associates\virusscan\VsTskMgr.exe [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-05-28 10:28:05 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-27 21:40:05 0 d-----w- c:\programdata\Sun
2010-05-27 21:39:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 21:05:07 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 21:05:05 0 d-----w- c:\program files\VS Revo Group
2010-05-27 17:12:23 0 d-s---w- C:\tc5272010
2010-05-26 10:08:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 22:04:18 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-21 22:04:03 0 d-----w- c:\users\admin\Office Genuine Advantage
2010-05-20 10:36:13 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-05-17 22:54:10 0 d-----w- c:\program files\Windows Portable Devices
2010-05-17 22:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-17 22:52:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 22:52:16 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 22:52:16 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 22:50:46 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 22:49:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 22:49:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 22:49:05 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-17 10:48:09 0 d-----w- c:\program files\CCleaner
2010-05-17 10:19:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-17 10:18:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-17 10:18:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-17 10:18:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\eu-ES
2010-05-17 00:38:16 0 d-----w- c:\windows\system32\ca-ES
2010-05-17 00:38:15 0 d-----w- c:\windows\system32\vi-VN
2010-05-16 23:38:50 0 d-----w- c:\windows\system32\EventProviders
2010-05-16 23:21:14 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-05-16 23:21:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-05-16 23:21:03 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-05-16 23:19:59 324608 ----a-w- c:\windows\system32\sdohlp.dll
2010-05-16 23:18:59 1985024 ----a-w- c:\windows\system32\authui.dll
2010-05-16 23:17:59 704512 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-05-16 23:16:59 869888 ----a-w- c:\windows\system32\printui.dll
2010-05-16 23:15:57 33280 ----a-w- c:\windows\system32\mssprxy.dll
2010-05-16 23:14:58 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-05-16 23:13:30 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-16 23:13:30 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-16 23:13:30 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-16 23:13:30 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-16 23:13:30 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-16 23:13:30 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-16 23:13:25 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-16 23:13:19 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-16 23:13:19 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-16 23:13:06 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-16 22:41:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 22:41:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 22:41:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-05-16 22:16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-16 13:04:13 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-16 13:04:04 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-16 12:42:08 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-15 23:29:14 0 d-----w- C:\PerfLogs
2010-05-15 17:44:57 0 d--h--w- C:\VritualRoot
2010-05-15 17:44:08 0 d-----w- c:\programdata\COMODO
2010-05-15 17:43:35 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 17:27:24 0 d-----w- c:\programdata\Comodo Downloader
2010-05-15 14:38:14 0 d-----w- c:\programdata\Alwil Software
2010-05-14 22:52:52 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-14 22:48:33 0 d-----w- c:\program files\AVG
2010-05-14 21:53:10 277784 ----a-w- c:\windows\system32\drivers\IASTOR.SYS
2010-05-14 11:03:21 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 10:26:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-14 10:26:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-14 10:26:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-13 23:00:05 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-13 23:00:04 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-13 23:00:04 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-13 23:00:04 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-13 23:00:03 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-13 23:00:03 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-13 23:00:01 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-13 23:00:01 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-13 13:21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-13 13:21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-13 13:21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-13 13:21:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-13 13:19:59 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-13 13:19:59 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-13 13:19:59 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-13 13:19:58 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-13 13:19:52 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-13 13:19:52 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-13 13:19:32 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-13 13:19:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-13 13:18:56 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-13 13:18:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-13 13:18:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-13 13:18:48 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-13 13:18:17 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-13 13:16:24 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-13 13:16:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-13 13:16:02 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-13 13:16:02 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-13 13:15:55 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-13 13:15:55 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-13 13:15:54 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-13 13:15:54 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-13 13:15:54 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-13 13:15:54 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-13 13:15:25 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-13 13:15:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-13 13:15:02 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-13 13:15:02 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-13 13:11:49 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-13 13:11:34 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-13 13:11:25 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-13 13:11:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-13 13:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-13 12:35:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-13 12:35:08 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-17 22:54:04 86016 ----a-w- c:\windows\inf\infpub.dat
2010-05-17 22:54:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-17 22:54:03 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-16 23:52:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-15 23:50:25 174 --sha-w- c:\program files\desktop.ini
2010-05-15 22:31:48 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-15 22:31:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-06 14:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-30 18:26:26 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-02 14:12:20 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008042820080505\index.dat
2008-05-13 01:09:27 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008051220080513\index.dat

============= FINISH: 10:04:50.36 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2007 5:10:45 PM
System Uptime: 5/28/2010 9:49:21 AM (1 hours ago)

Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 99.305 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.545 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1154: 5/17/2010 6:46:49 PM - Windows Update
RP1155: 5/19/2010 5:06:19 AM - Scheduled Checkpoint
RP1156: 5/19/2010 9:22:06 PM - Windows Update
RP1157: 5/20/2010 6:05:12 AM - Windows Update
RP1158: 5/20/2010 6:29:13 AM - Windows Update
RP1159: 5/20/2010 6:35:24 AM - Windows Update
RP1160: 5/22/2010 9:51:56 AM - COMODO Restore Point. (Restore point from the popup alert for Seagate 2GEVWJHH Product Registration.exe)
RP1161: 5/26/2010 1:50:59 PM - Removed AVG Free 9.0
RP1162: 5/26/2010 2:14:43 PM - avast! Free Antivirus Setup
RP1163: 5/26/2010 2:22:22 PM - Removed Ad-Aware 2007
RP1164: 5/26/2010 2:24:47 PM - Removed LiveUpdate Notice (Symantec Corporation)
RP1165: 5/26/2010 2:27:27 PM - Removed McAfee VirusScan Enterprise
RP1166: 5/26/2010 2:29:14 PM - Removed McAfee VirusScan Enterprise
RP1168: 5/26/2010 2:30:30 PM - Configured MediaFACE 4.01
RP1169: 5/26/2010 7:23:44 PM - Windows Update
RP1170: 5/27/2010 11:55:17 AM - Removed COMODO Internet Security
RP1171: 5/27/2010 12:01:50 PM - Removed COMODO livePCsupport
RP1173: 5/27/2010 5:06:07 PM - Revo Uninstaller Pro's restore point - McAfee VirusScan Enterprise
RP1175: 5/27/2010 5:16:20 PM - Revo Uninstaller Pro's restore point - MediaFACE 4.01
RP1177: 5/27/2010 5:17:41 PM - Configured MediaFACE 4.01
RP1178: 5/27/2010 5:22:41 PM - Removed Java(TM) 6 Update 5
RP1179: 5/27/2010 5:38:37 PM - Installed Java(TM) 6 Update 20
RP1181: 5/27/2010 5:42:47 PM - Revo Uninstaller Pro's restore point - SUPERAntiSpyware Free Edition
RP1182: 5/27/2010 5:43:50 PM - Removed SUPERAntiSpyware Free Edition
RP1183: 5/28/2010 6:27:14 AM - avast! Free Antivirus Setup

==== Installed Programs ======================

2Wire Gateway
Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.3.2
Adobe Reader for Pocket PC 2.0
ALPS Touch Pad Driver
AMOS 5
ArcSoft Panorama Maker 3
ASF
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
Avery Wizard 3.1
BCPS CAB Client
BellSouth® Communications Suite
Better Homes and Gardens Home Designer Suite 7.0
Blue Squirrel ClickBook 9.0
Board Games
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BroadJump Client Foundation
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Brother P-touch Editor 4.2
Brother P-touch Software
Business Card Factory Deluxe 3.0
Business Contact Manager for Outlook 2003
CCleaner
Conexant D480 MDC V.9x Modem
CorelDRAW Graphics Suite 12
CrossEyes
Cyber Chess
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DivX 5.2.1 (Playback Only)
DVDSentry
Easy CD Creator 5 Basic
eListen
EndNote X1
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
ESU for Microsoft Vista
EXTRA! for SNA Server 32-bit
FileMaker Pro 6
FirstClass® Client
FirstClass® Palm Conduits
GanttProject
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesys USB Mass Storage Device
Google Earth
Greetings Workshop
Help and Support Customization
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HLM 5
HLM6.0
HLM6.0 (Student Edition)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iPAQ WebReg
iPod for Windows 2005-09-23
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Online Scanner
KONICA MINOLTA magicolor 2590MF
Konica Minolta magicolor 2590MF LSU
KONICA MINOLTA magicolor 2590MF Scanner
LightScribe 1.4.136.1
LinkMagic for magicolor 2590MF
LISREL 8.7 Student
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SiteAdvisor
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Encarta 98 Encyclopedia
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Keyboard
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.8)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
Neat OCR15
NeatReceipts Database Controller
NeatReceipts Professional 2.8 Core Files
NeatReceipts Professional v2.8.1
NetWaiting
Nikon Message Center
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Palm
Panda ActiveScan 2.0
PANTECH UM175 Driver
Paradox
PCFriendly
PictureProject
PictureProject In Touch Downloader 1.0
PIRLS2001
PSSWCORE
Quicken 2007
QuickSet
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.2.0
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
SPSS 13.0 for Windows
SPSS 15 Vista Hotfix
SPSS 15.0 for Windows
Spybot - Search & Destroy
SpywareBlaster 4.0
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Manager
VeriSoft Access Manager
VZAccess Manager
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip
WModem Driver Installer
WordPerfect Office X3

==== Event Viewer Messages From Past Week ========

5/28/2010 9:51:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
5/28/2010 9:51:50 AM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
5/28/2010 9:51:50 AM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/28/2010 9:50:22 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Color Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer PaperPort Black & White Image because the print processor PaperPort Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer ClickBook Printer because the print processor CBWP could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer HP DeskJet 722C failed to initialize because a suitable HP DeskJet 722C driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 9:50:22 AM, Error: Microsoft-Windows-PrintSpooler [23] - Printer ClickBook Printer failed to initialize because a suitable ClickBook Printer driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
5/28/2010 7:09:49 AM, Error: EventLog [6008] - The previous system shutdown at 7:07:46 AM on 5/28/2010 was unexpected.
5/28/2010 5:05:00 AM, Error: NETw4v32 [5005] - Intel(R) Wireless WiFi Link 4965AGN : Has encountered an internal error and has failed.
5/28/2010 5:04:59 AM, Error: NETw4v32 [5002] - Intel(R) Wireless WiFi Link 4965AGN : Has determined that the network adapter is not functioning properly.
5/27/2010 6:06:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WcesComm with arguments "" in order to run the server: {373E19B5-76AA-46D5-93A9-2E39A99B39B2}
5/27/2010 6:06:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2010 6:06:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2010 6:06:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/27/2010 6:05:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/27/2010 6:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/27/2010 6:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/27/2010 6:05:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/27/2010 6:05:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2010 6:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/27/2010 6:04:55 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
5/27/2010 6:04:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
5/27/2010 12:06:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp SASDIFSV SASKUTIL spldr Wanarpv6
5/27/2010 11:37:06 AM, Error: PlugPlayManager [12] - The device 'PANTECH UM175 WWAN Driver #2' (USB\VID_106c&PID_3714&MI_03\6&31745fba&0&8515) disappeared from the system without first being prepared for removal.
5/27/2010 11:29:37 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:21:41 AM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 11:14:17 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E81CE449. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
5/27/2010 11:13:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013E81CE449 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2010 10:41:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
5/27/2010 10:38:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007045b'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The NeatReceipts Database Controller service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7034] - The CyberLink Background Capture Service (CBCS) service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 1:12:59 PM, Error: Service Control Manager [7031] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2010 1:12:08 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 1:12:08 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/26/2010 6:02:54 PM, Error: EventLog [6008] - The previous system shutdown at 6:00:44 PM on 5/26/2010 was unexpected.
5/26/2010 3:39:25 PM, Error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error 2147549183 (0x8000FFFF).
5/26/2010 3:39:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/21/2010 9:17:40 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
5/21/2010 5:32:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NeatReceipts Database Controller service to connect.
5/21/2010 4:24:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi AvgLdx86 AvgMfx86 avipbb cdudf_xp cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr ssmdrv tdx Wanarpv6

==== End Of File ===========================
 
Why does Combofix or gmer not work for me, but seems like it does for all other computers?
Click to expand...
There's still likely some protection preventing it from running properly. Seems to be problem especially with certain protection software and Vista combinations.

Should I try any google search and see if I get redirected, or do you have other things to check?
Click to expand...
Please try.

One more thing, I have a Seagate freeagent backup drive, which I copied my full c drive to before I had comodo installed (which killed the seagate program). Anyway it has not been connected to the laptop ever since. Do you think it is safe to re-connect it? Or, should I run something to check it first?
Click to expand...
It can be connected. You can scan the drive with Kaspersky online scanner.
 
I tried several different google searches and so far, when I followed the links, they took me to the actual site, and not a re-direct.

Are there other programs I need to run or things to check to see if my laptop is still harboring bad programs?

How do I uninstall combofix? It's in c:\ root directory?

I thought this was Avira, but now I'm not so sure. Any idea what this could be and how I can remove it?
From DDS logs: SP: AntiVir Desktop *disabled* (Updated {AD166499-45F9-482A-A743-FDD3350758C7}

Thanks for all your help!
 
Hi,

Ill provide instructions for system restore reset etc when the time is right (cleaning process is still incomplete). Please see if ComboFix-quarantined-files.txt file exists on your c: drive. Attach it to your reply if found.
 
You must log in or register to reply here.
Back
Top