Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Antivirus agent pro/Spooldr.sys/BSod

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Antivirus agent pro/Spooldr.sys/BSod

Unread postby outerdrake » July 23rd, 2009, 8:43 am

Hello there.

Got this rogue anti virus without downloading a dam thing and now i'm at my last hope. Immediately started getting the pop up and the nasty sound effect from Anti Virus agent pro. Shortly, the bsod appeared and so i rebooted my pc.


First i thought i could easily solve this problem by running malware bytes and removing all effected files, but even after removing the malwares(i know now that i should not have scan and instead waited for instructions 1st) The BSOD kept appearing. Once in a while i get an error message and i send report to microsoft. Microsoft reads. "Problem was caused by Spooldr.sys . A known virus/malware file. I searched my pc for spooldr.sys and nothing appears. The BSOD appears at random sometimes or when i'm running a software like maya or wmp power dvd etc..

I also ran debugger tools for windows. loaded the memory dump, it says often "problem caused by ntkrnlpa.exe"

I then tried driver verifier and tested all the drivers at a time. Non activated the BSOD. Some times the BSOD appears when i'm using a drawing tablet, and the error message reads "not_enough_or_equal_to(something like that)

Most stop codes:0x00000050

Malwarebytes took care of antivirus agent

but i still get BSOD
And i cant get this pc to standby.(stays on windows is shutting down)


..HELP!! appreciated !!!-Drake





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:27 AM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\IcdSptSv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-57989841-484061587-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ALex OFaithful')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e220e3157f3c) (gupdate1c9e220e3157f3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 11237 bytes
You do not have the required permissions to view the files attached to this post.
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm
Advertisement
Register to Remove

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby Axephilic » July 27th, 2009, 11:59 am

Welcome to the Malware Removal forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within three days after my last instructions this topic will be closed. If you will not be able to reply within three days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

I will post my first fix for you soon.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby Axephilic » July 27th, 2009, 12:15 pm

Hi there,

Nothing to be concerned about is showing up yet, so we will take a deeper look. On a side note, I closed you topic at Bleeping Computer since I am also staff there and found it while I was researching your log.

Upload a file to VirusTotal

Please visit Virustotal
  • Click the Browse.. button
  • Navigate to the file C:\Program Files\AMT Media Manager\AMTDeviceService.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

Run GMER
Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please include:
  1. virustotal results
  2. GMER log
  3. Both RSIT logs

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby outerdrake » July 28th, 2009, 12:25 pm

___________________________________________
GMER log could not be complete. I tried all night and today 4 separate scans, but they blue screen error every time in no more than 15-25 minutes. During the C:local disc file scans.
This is all I could get. it appears within the 1st 7-10 minutes without any thing new appearing
_______________________________________________







File AMTDeviceService.exe received on 2009.07.28 13:13:21 (UTC)
Current status: finished
Result: 0/41 (0%)
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.07.28 -
AhnLab-V3 5.0.0.2 2009.07.28 -
AntiVir 7.9.0.228 2009.07.28 -
Antiy-AVL 2.0.3.7 2009.07.28 -
Authentium 5.1.2.4 2009.07.28 -
Avast 4.8.1335.0 2009.07.27 -
AVG 8.5.0.387 2009.07.28 -
BitDefender 7.2 2009.07.28 -
CAT-QuickHeal 10.00 2009.07.28 -
ClamAV 0.94.1 2009.07.28 -
Comodo 1793 2009.07.28 -
DrWeb 5.0.0.12182 2009.07.28 -
eSafe 7.0.17.0 2009.07.27 -
eTrust-Vet 31.6.6643 2009.07.28 -
F-Prot 4.4.4.56 2009.07.28 -
F-Secure 8.0.14470.0 2009.07.28 -
Fortinet 3.120.0.0 2009.07.28 -
GData 19 2009.07.28 -
Ikarus T3.1.1.64.0 2009.07.28 -
Jiangmin 11.0.800 2009.07.28 -
K7AntiVirus 7.10.803 2009.07.27 -
Kaspersky 7.0.0.125 2009.07.28 -
McAfee 5690 2009.07.27 -
McAfee+Artemis 5690 2009.07.27 -
McAfee-GW-Edition 6.8.5 2009.07.28 -
Microsoft 1.4903 2009.07.28 -
NOD32 4285 2009.07.28 -
Norman 6.01.09 2009.07.28 -
nProtect 2009.1.8.0 2009.07.28 -
Panda 10.0.0.14 2009.07.28 -
PCTools 4.4.2.0 2009.07.28 -
Prevx 3.0 2009.07.28 -
Rising 21.40.14.00 2009.07.28 -
Sophos 4.44.0 2009.07.28 -
Sunbelt 3.2.1858.2 2009.07.28 -
Symantec 1.4.4.12 2009.07.28 -
TheHacker 6.3.4.3.375 2009.07.28 -
TrendMicro 8.950.0.1094 2009.07.28 -
VBA32 3.12.10.9 2009.07.28 -
ViRobot 2009.7.28.1857 2009.07.28 -
VirusBuster 4.6.5.0 2009.07.27 -
Additional information
File size: 184320 bytes
MD5...: 269873baf1db1656cb333ddb50bf34a2
SHA1..: 8294c54f872572003b15ecc5936ee07dbef5156f
SHA256: b0476bca0dddbdd91a72db63882e16c59cf324e00fced7424305036d0f0b671a
ssdeep: 3072:A9og5+J2JrrU1n1+bYZz+mCq+o59jSEODc/g/TVCSb4PH:A026x1q2RZx4c
/g/TV1MPH
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1c54
timedatestamp.....: 0x49532762 (Thu Dec 25 06:25:38 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10c8 0x2000 3.97 478bd4c6843cf2916bcb5515ed4787cb
.rdata 0x3000 0xa22 0x1000 3.61 fd273f724b33db79be3925f93ac54b14
.data 0x4000 0x1120 0x1000 0.40 26604b9173a708d38aa9c6fe19635fb5
.rsrc 0x6000 0x28000 0x28000 5.14 84ef6a0add8d742183e1ab8485e6f841

( 5 imports )
> KERNEL32.dll: GetLogicalDriveStringsW, GetDriveTypeW, CreateMutexW, GetLastError, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, CloseHandle, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange, DeviceIoControl, CreateFileW, GetModuleFileNameW, QueryPerformanceCounter, GetSystemDefaultLangID
> USER32.dll: PostQuitMessage, EndPaint, BeginPaint, DefWindowProcW, UpdateWindow, ShowWindow, RegisterClassExW, LoadCursorW, DispatchMessageW, TranslateMessage, GetMessageW, LoadStringW, SendMessageW, FindWindowW, CreateWindowExW
> ADVAPI32.dll: RegOpenKeyExW, RegQueryValueExW
> SHELL32.dll: ShellExecuteW
> MSVCR80.dll: _controlfp_s, _invoke_watson, _except_handler4_common, _decode_pointer, wcsncpy, strncmp, _amsg_exit, __wgetmainargs, _cexit, _exit, _XcptFilter, exit, _wcmdln, _initterm, _initterm_e, _configthreadlocale, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _encode_pointer, __set_app_type, _crt_debugger_hook, _unlock, __dllonexit, _lock, _onexit, memset

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-





GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-28 11:47:45
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spqt.sys ZwCreateKey [0xF728A0E0]
SSDT spqt.sys ZwEnumerateKey [0xF72A7CA2]
SSDT spqt.sys ZwEnumerateValueKey [0xF72A8030]
SSDT spqt.sys ZwOpenKey [0xF728A0C0]
SSDT spqt.sys ZwQueryKey [0xF72A8108]
SSDT spqt.sys ZwQueryValueKey [0xF72A7F88]
SSDT spqt.sys ZwSetValueKey [0xF72A819A]

INT 0x62 ? 860CABF8
INT 0x63 ? 85F42F00
INT 0x73 ? 860C9BF8
INT 0x83 ? 860C9BF8

---- Kernel code sections - GMER 1.0.15 ----

? spqt.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6CA78AC 5 Bytes JMP 85F424E0
.text az72h81b.SYS F652A384 1 Byte [20]
.text az72h81b.SYS F652A384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text az72h81b.SYS F652A3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text az72h81b.SYS F652A3C4 3 Bytes [00, 00, 00]
.text az72h81b.SYS F652A3C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F728B040] spqt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728B13C] spqt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F728B0BE] spqt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F728B7FC] spqt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F728B6D2] spqt.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F729AD92] spqt.sys
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\az72h81b.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 013CBCA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 013CBC50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 013C7EA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 013C9100
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 013CAA10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 013C9370
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 013C9180
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 013CA010
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 013CB950
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 013CB990
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 013CBD30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 013CB810
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 013CA970
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 013C9930
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 013C92E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 013C9660
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 013CC2B0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 013CA360
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 013CA7D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 013CAE90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 013CAC20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 013CAE10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 013CB2F0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 013CB000
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 013C9250
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 013C97E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 013CBA70
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 013CAD60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 013CA910
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 013CA790
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 013CAB20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 013CBD50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 013CAB60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 013CBFF0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 013CBF90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 013CC1E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 013CC280
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3544] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 013CC0B0

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 860C71F8
Device \Driver\ACPI \Device\00000041 84B50460
Device \Driver\ACPI \Device\00000042 84B50460
Device \Driver\ACPI \Device\00000050 84B50460
Device \Driver\usbohci \Device\USBPDO-0 85EFC1F8
Device \Driver\PCI_PNP6216 \Device\00000044 spqt.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 860CB1F8
Device \Driver\dmio \Device\DmControl\DmConfig 860CB1F8
Device \Driver\dmio \Device\DmControl\DmPnP 860CB1F8
Device \Driver\dmio \Device\DmControl\DmInfo 860CB1F8
Device \Driver\usbehci \Device\USBPDO-1 85EF01F8
Device \Driver\sptd \Device\1439697466 spqt.sys
Device \Driver\ACPI \Device\00000046 84B50460
Device \Driver\ACPI \Device\00000048 84B50460
Device \Driver\ACPI \Device\00000062 84B50460
Device \Driver\ACPI \Device\00000049 84B50460
Device \Driver\ACPI \Device\00000063 84B50460
Device \Driver\Ftdisk \Device\HarddiskVolume1 860CC1F8
Device \Driver\ACPI \Device\00000058 84B50460
Device \Driver\USB_RNDIS_XP \Device\{63B44620-8424-40C2-A51F-86B4CEACEC9C} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 85EE41F8
Device \Driver\Cdrom \Device\CdRom1 85EE41F8
Device \Driver\ACPI \Device\00000066 84B50460
Device \Driver\ACPI \Device\00000067 84B50460
Device \Driver\NetBT \Device\NetBt_Wins_Export 84D051F8
Device \Driver\ACPI \Device\0000004a 84B50460
Device \Driver\NetBT \Device\NetbiosSmb 84D051F8
Device \Driver\ACPI \Device\0000004c 84B50460
Device \Driver\ACPI \Device\0000004d 84B50460
Device \Driver\ACPI \Device\0000005b 84B50460
Device \Driver\ACPI \Device\0000005c 84B50460
Device \Driver\ACPI \Device\0000004f 84B50460
Device \Driver\ACPI \Device\0000005d 84B50460
Device \Driver\ACPI \Device\0000005e 84B50460
Device \Driver\ACPI \Device\0000006a 84B50460
Device \Driver\nvata \Device\0000006b 860C91F8
Device \Driver\usbohci \Device\USBFDO-0 85EFC1F8
Device \Driver\ACPI \Device\0000006c 84B50460
Device \Driver\usbehci \Device\USBFDO-1 85EF01F8
Device \Driver\nvata \Device\NvAta0 860C91F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84CEA1F8
Device \Driver\nvata \Device\NvAta1 860C91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84CEA1F8
Device \Driver\Ftdisk \Device\FtControl 860CC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{63B44620-8424-40C2-A51F-86B4CEACEC9C} 84D051F8
Device \Driver\az72h81b \Device\Scsi\az72h81b1 85EC01F8
Device \Driver\az72h81b \Device\Scsi\az72h81b1Port4Path0Target0Lun0 85EC01F8
Device \FileSystem\Cdfs \Cdfs 85DBF500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet014\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet015\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet016\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet016\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet016\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet017\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet018\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet018\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet018\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet019\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet019\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet019\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet020\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet020\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet020\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet021\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet021\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet021\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet022\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet022\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet022\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet023\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet023\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet023\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...
Reg HKLM\SYSTEM\ControlSet025\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet025\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet025\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xB6 0x13 0xE6 ...
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xEE 0x09 0x46 0xF9 ...
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x35 0x92 0xEE 0xE2 ...

-
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby outerdrake » July 28th, 2009, 12:28 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-07-28 12:02:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (19%) free of 76 GB
Total RAM: 895 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:28 PM, on 7/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\IcdSptSv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-57989841-484061587-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ALex OFaithful')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e220e3157f3c) (gupdate1c9e220e3157f3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 10615 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003UA.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-17 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - []
{6dfc55bb-bfff-485a-9709-90c3fdf6db58} - Wisdom-soft toolbar - C:\Program Files\Wisdom-soft\tbWisd.dll [2007-07-17 1379352]
{ecdee021-0d17-467f-a1ff-c7a115230949} - []
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - []
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - []
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-05-19 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-17 185872]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"AMTDeviceService"=C:\Program Files\AMT Media Manager\AMTDeviceService.exe [2008-12-25 184320]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-03-20 217544]
"Google Update"=C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 133104]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-05-19 3561720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^IMVU.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3
"SNAC"=2
"OHWHZKYOXF"=2
"AVGIDSWatcher"=2
"AVGIDSAgent"=2
"avg8wd"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\e frontier\Poser 7\Poser.exe"="C:\Program Files\e frontier\Poser 7\Poser.exe:*:Enabled:Poser executable file"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-07-28 12:02:25 ----D---- C:\rsit
2009-07-26 22:25:44 ----D---- C:\Program Files\rksupport
2009-07-26 22:21:23 ----D---- C:\TEMP
2009-07-26 15:40:34 ----D---- C:\Program Files\YafaRay
2009-07-25 11:12:22 ----D---- C:\Python26
2009-07-24 00:13:48 ----D---- C:\ComboFix
2009-07-24 00:13:48 ----A---- C:\WINDOWS\system32\CF12100.exe
2009-07-24 00:10:18 ----A---- C:\Bug.txt
2009-07-24 00:10:15 ----A---- C:\WINDOWS\system32\cmd.execf
2009-07-24 00:09:08 ----A---- C:\WINDOWS\system32\CF10735.exe
2009-07-23 14:20:01 ----D---- C:\Program Files\TABLET
2009-07-22 10:49:07 ----D---- C:\Program Files\Registry Easy
2009-07-22 08:24:10 ----D---- C:\Program Files\COMODO
2009-07-21 16:49:49 ----D---- C:\WINDOWS\NV10361632.TMP
2009-07-21 02:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-21 02:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-20 12:12:29 ----SHD---- C:\RECYCLER
2009-07-20 12:09:26 ----D---- C:\WINDOWS\temp
2009-07-20 12:09:24 ----A---- C:\ComboFix.txt
2009-07-20 11:51:39 ----SH---- C:\Boot.bak
2009-07-20 11:51:33 ----RASHD---- C:\cmdcons
2009-07-20 11:49:40 ----A---- C:\WINDOWS\zip.exe
2009-07-20 11:49:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-20 11:49:40 ----A---- C:\WINDOWS\SWSC.exe
2009-07-20 11:49:40 ----A---- C:\WINDOWS\SWREG.exe
2009-07-20 11:49:40 ----A---- C:\WINDOWS\sed.exe
2009-07-20 11:49:40 ----A---- C:\WINDOWS\PEV.exe
2009-07-20 11:49:40 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-20 11:49:40 ----A---- C:\WINDOWS\grep.exe
2009-07-20 11:49:35 ----D---- C:\WINDOWS\ERDNT
2009-07-20 11:33:58 ----D---- C:\Qoobox
2009-07-19 22:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-19 14:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-07-19 14:54:09 ----A---- C:\WINDOWS\system32\guard32.dll
2009-07-19 13:10:31 ----D---- C:\WINDOWS\Symbols
2009-07-19 09:44:12 ----D---- C:\log
2009-07-19 09:36:57 ----D---- C:\WINDOWS\Prefetch
2009-07-19 09:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-19 09:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-19 09:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-19 09:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-19 09:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-19 09:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-19 09:32:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-19 09:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-19 09:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-19 09:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-19 09:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-19 09:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-07-19 09:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-19 09:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-19 09:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-19 09:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-07-19 09:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-07-19 09:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-19 09:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-19 09:29:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-19 09:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-19 09:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-19 09:28:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-07-19 09:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-19 09:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-19 09:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-19 09:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-19 09:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-07-19 09:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-19 09:27:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-07-19 09:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-19 09:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-19 09:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-19 09:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-19 09:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-07-19 09:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-19 09:21:50 ----D---- C:\WINDOWS\system32\scripting
2009-07-19 09:21:48 ----D---- C:\WINDOWS\l2schemas
2009-07-19 09:21:45 ----D---- C:\WINDOWS\system32\en
2009-07-19 09:21:43 ----D---- C:\WINDOWS\system32\bits
2009-07-19 09:15:18 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-19 09:05:33 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-19 05:08:04 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-07-18 20:23:57 ----D---- C:\Program Files\Trend Micro
2009-07-17 16:01:59 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-17 15:56:44 ----A---- C:\WINDOWS\SIGVERIF.TXT
2009-07-17 09:24:39 ----A---- C:\rollback.ini
2009-07-17 09:01:59 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-07-15 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-07-15 03:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371_0$
2009-07-13 13:25:13 ----D---- C:\Program Files\Enigma Software Group
2009-07-13 10:54:12 ----A---- C:\WINDOWS\system32\tmp.txt
2009-07-13 10:53:58 ----A---- C:\rapport.txt
2009-07-11 20:53:25 ----D---- C:\Documents and Settings\user\Application Data\Reg Tool
2009-07-10 10:51:01 ----D---- C:\Program Files\Reg Tool
2009-07-10 06:49:33 ----D---- C:\Documents and Settings\user\Application Data\Google
2009-07-10 05:49:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-10 05:48:54 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-10 05:48:54 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-10 05:48:54 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-10 05:48:54 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-10 05:48:54 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-10 05:48:54 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-10 05:48:54 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-10 05:48:54 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-10 05:48:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-10 05:48:45 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-10 05:48:44 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-10 05:48:43 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-10 05:48:36 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-10 05:48:36 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-10 05:48:36 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-10 05:48:36 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-10 05:48:35 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-10 05:48:35 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-10 05:48:35 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-10 05:48:35 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-10 05:48:33 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-07-10 05:48:33 ----A---- C:\WINDOWS\003225_.tmp
2009-07-10 05:48:28 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-10 05:48:26 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-07-10 05:48:25 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-07-10 05:48:20 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-07-10 05:48:20 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-07-10 05:48:09 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-10 05:48:09 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-10 05:48:08 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-10 05:48:08 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-10 05:48:06 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-10 05:48:05 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-10 05:47:52 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-07-10 05:47:49 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-10 05:47:49 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-10 05:47:49 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-10 05:47:49 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-10 05:47:34 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-10 05:47:34 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-10 05:47:32 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-10 05:47:31 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-10 05:47:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-10 05:47:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-10 05:47:24 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-10 05:47:21 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-10 05:47:21 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-10 05:47:21 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-10 05:47:20 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-10 05:47:20 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-10 05:47:19 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-10 05:47:18 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-10 05:47:16 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-10 05:47:14 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-10 05:47:13 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-10 05:47:13 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-10 05:47:13 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-10 05:47:13 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-10 05:47:13 ----N---- C:\WINDOWS\slrundll.exe
2009-07-10 05:47:12 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-10 05:47:12 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-10 05:47:04 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-10 05:47:04 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-10 05:47:00 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-10 03:24:28 ----D---- C:\Program Files\NOS
2009-07-10 03:24:28 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-09 14:38:29 ----D---- C:\WINDOWS\ie8updates
2009-07-09 14:37:21 ----HDC---- C:\WINDOWS\ie8
2009-07-09 13:04:49 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-09 13:04:17 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-09 13:03:33 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-08 23:44:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-08 23:16:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-08 22:56:30 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2009-07-08 11:58:57 ----D---- C:\Program Files\Dachshund Software
2009-07-07 17:29:32 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-07-07 17:29:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-01 00:03:03 ----D---- C:\tox
2009-06-30 23:54:30 ----D---- C:\TOKKKK
2009-06-30 23:26:08 ----D---- C:\mediacache
2009-06-30 23:20:45 ----D---- C:\Program Files\Common Files\Autodesk Shared

======List of files/folders modified in the last 1 months======

2009-07-28 11:57:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-28 11:57:31 ----D---- C:\WINDOWS\Registration
2009-07-28 11:57:27 ----D---- C:\WINDOWS\Minidump
2009-07-28 11:57:23 ----D---- C:\WINDOWS
2009-07-28 09:13:02 ----D---- C:\WINDOWS\system32
2009-07-28 00:38:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-27 20:48:33 ----D---- C:\tmp
2009-07-26 22:25:58 ----HD---- C:\WINDOWS\inf
2009-07-26 22:25:54 ----D---- C:\WINDOWS\Help
2009-07-26 22:25:44 ----D---- C:\Program Files
2009-07-26 22:10:20 ----D---- C:\Program Files\Registry Mechanic
2009-07-26 15:56:14 ----SHD---- C:\WINDOWS\Installer
2009-07-26 15:55:10 ----HD---- C:\Config.Msi
2009-07-25 21:47:28 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-25 11:07:30 ----D---- C:\Python25
2009-07-24 10:57:43 ----D---- C:\Program Files\Common Files
2009-07-24 10:46:26 ----D---- C:\WINDOWS\system32\config
2009-07-24 10:46:05 ----D---- C:\WINDOWS\system32\wbem
2009-07-24 10:30:49 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-24 09:22:26 ----SH---- C:\boot.ini
2009-07-24 09:22:26 ----A---- C:\WINDOWS\win.ini
2009-07-24 09:22:26 ----A---- C:\WINDOWS\system.ini
2009-07-24 02:20:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-23 23:48:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-23 23:47:59 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-23 23:47:59 ----D---- C:\Program Files\Google
2009-07-23 23:47:59 ----D---- C:\Program Files\Conduit
2009-07-23 23:17:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-23 22:50:54 ----D---- C:\Program Files\NCH Software
2009-07-23 22:49:39 ----D---- C:\Program Files\WebShot
2009-07-23 22:43:04 ----D---- C:\Program Files\DivX
2009-07-23 22:34:12 ----D---- C:\Program Files\Adobe
2009-07-23 17:32:21 ----D---- C:\Program Files\Microsoft GIF Animator
2009-07-23 15:52:48 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-23 15:52:33 ----A---- C:\WINDOWS\setuplog.txt
2009-07-23 14:25:55 ----D---- C:\WINDOWS\system32\drivers
2009-07-22 13:09:24 ----D---- C:\Documents and Settings\user\Application Data\Any Video Converter
2009-07-21 16:52:51 ----D---- C:\WINDOWS\nview
2009-07-21 16:49:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-21 02:25:47 ----A---- C:\WINDOWS\imsins.BAK
2009-07-20 12:08:39 ----SD---- C:\WINDOWS\Tasks
2009-07-20 11:56:21 ----D---- C:\WINDOWS\AppPatch
2009-07-20 08:05:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-19 22:31:02 ----D---- C:\WINDOWS\WinSxS
2009-07-19 09:42:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-19 09:38:44 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-19 09:36:08 ----RSD---- C:\WINDOWS\Fonts
2009-07-19 09:36:08 ----D---- C:\WINDOWS\system32\Setup
2009-07-19 09:27:01 ----D---- C:\Program Files\Messenger
2009-07-19 09:26:18 ----D---- C:\WINDOWS\security
2009-07-19 09:22:15 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-19 09:22:14 ----D---- C:\WINDOWS\network diagnostic
2009-07-19 09:22:14 ----D---- C:\WINDOWS\ime
2009-07-19 09:21:51 ----D---- C:\WINDOWS\system32\usmt
2009-07-19 09:21:51 ----D---- C:\WINDOWS\system32\en-US
2009-07-19 09:21:43 ----D---- C:\WINDOWS\PeerNet
2009-07-19 09:21:42 ----D---- C:\Program Files\Movie Maker
2009-07-19 09:15:00 ----D---- C:\WINDOWS\system32\Restore
2009-07-19 09:15:00 ----D---- C:\WINDOWS\system32\npp
2009-07-19 09:15:00 ----D---- C:\WINDOWS\mui
2009-07-19 09:14:59 ----D---- C:\WINDOWS\msagent
2009-07-19 09:14:56 ----D---- C:\WINDOWS\srchasst
2009-07-19 09:14:53 ----D---- C:\Program Files\NetMeeting
2009-07-19 09:14:52 ----D---- C:\WINDOWS\system32\Com
2009-07-19 09:14:50 ----D---- C:\Program Files\Windows Media Player
2009-07-19 09:14:49 ----D---- C:\Program Files\Windows NT
2009-07-19 09:14:49 ----D---- C:\Program Files\Outlook Express
2009-07-19 09:14:46 ----D---- C:\Program Files\Common Files\System
2009-07-19 09:14:29 ----D---- C:\WINDOWS\system32\oobe
2009-07-19 09:14:27 ----D---- C:\WINDOWS\system
2009-07-19 09:11:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-19 09:05:28 ----D---- C:\WINDOWS\ehome
2009-07-17 16:02:52 ----RSD---- C:\WINDOWS\assembly
2009-07-15 23:42:37 ----A---- C:\WINDOWS\DUMPb6bd.tmp
2009-07-13 16:08:51 ----D---- C:\WINDOWS\pss
2009-07-11 21:38:49 ----D---- C:\Program Files\SopCast
2009-07-10 13:03:26 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2009-07-10 08:36:41 ----D---- C:\Documents and Settings\user\Application Data\Apple Computer
2009-07-10 06:48:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-09 14:41:11 ----D---- C:\WINDOWS\Media
2009-07-09 14:41:11 ----D---- C:\Program Files\Internet Explorer
2009-07-09 13:04:24 ----D---- C:\Program Files\Windows Media Connect 2
2009-07-09 08:32:16 ----D---- C:\WINDOWS\system32\KB905474
2009-07-08 23:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-08 23:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-07-08 23:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-07-08 23:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-07-08 23:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-07-08 23:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-07-08 23:33:17 ----D---- C:\WINDOWS\SHELLNEW
2009-07-08 22:31:28 ----D---- C:\Program Files\Autodesk
2009-07-08 17:11:31 ----D---- C:\Program Files\LimeWire
2009-07-07 17:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-07-07 17:10:02 ----D---- C:\Program Files\FLV Player
2009-07-07 17:10:02 ----D---- C:\Program Files\Error Expert
2009-07-07 11:45:05 ----D---- C:\Program Files\Winamp
2009-07-07 10:10:51 ----D---- C:\Program Files\Windows Live Toolbar
2009-07-07 10:10:51 ----D---- C:\Program Files\Easy TV Free
2009-06-30 23:45:45 ----D---- C:\desktop

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-06-06 33408]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-01 4356608]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 PTSimBus;PenTablet Bus Enumerator; C:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 a58ehewo;a58ehewo; C:\WINDOWS\system32\drivers\a58ehewo.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 ICDUSB2;Sony IC Recorder (P); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1B.tmp []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\WINDOWS\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys []
S4 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys []
S4 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys []
S4 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys []
S4 catchme;catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys []
S4 CDAVFS;CDAVFS; C:\WINDOWS\system32\DRIVERS\CDAVFS.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 is-G23MVdrv;is-G23MVdrv; C:\WINDOWS\system32\DRIVERS\60732369.sys []
S4 X4HSX32;X4HSX32; \??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2008-06-06 145504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-25 651720]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
R2 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S2 gupdate1c9e220e3157f3c;Google Update Service (gupdate1c9e220e3157f3c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-31 133104]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-06-30 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-08 66056]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 OHWHZKYOXF;OHWHZKYOXF; C:\DOCUME~1\user\LOCALS~1\Temp\OHWHZKYOXF.exe []

-----------------EOF-----------------







info.txt logfile of random's system information tool 1.06 2009-07-28 12:02:31

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Media Live Encoder 3-->MsiExec.exe /I{33F42836-EDFF-44E2-99ED-525CCE864C90}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AMT Media Manager-->"C:\Program Files\InstallShield Installation Information\{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}\setup.exe" -runfromtemp -l0x0009 -removeonly
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Beneton Movie GIF 1.1.2-->"C:\Program Files\Beneton Movie GIF\unins000.exe"
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Click MusicalKEYS 3.0.214-->"C:\midi\unins000.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dassault Systemes Software Prerequisites x86-->MsiExec.exe /X{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}
DAZ|Mimic Pro 2 for Lightwave DEMO-->C:\WINDOWS\unvise32.exe C:\Lightwave\DAZ Mimic Pro for Lightwave DEMO Uninstall.log
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
Digital Voice Editor 3-->C:\Program Files\InstallShield Installation Information\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}\setup.exe -runfromtemp -l0x0009 UNINSTALL /z -removeonly
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Expstudio Audio Editor FREE-->C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
Fake Webcam 6.1.3-->"C:\Program Files\Fake Webcam\unins000.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Free Sound Recorder v6.9.5-->"C:\Program Files\Free Sound Recorder\unins000.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
honestech Video Editor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5F56D88-56A2-4157-BED4-D650634974E3}\Setup.exe" -l0x9
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft GIF Animator-->C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows NT Resource Kit 4.0 Support Tools-->C:\Program Files\rksupport\Acmsetup.exe /u /t reskit.stf
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Poser 7-->C:\WINDOWS\unvise32.exe C:\Program Files\e frontier\Poser 7\uninstal.log
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
Python 2.6-->MsiExec.exe /I{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TMPGEnc DVD Author 3 with DivX Authoring-->MsiExec.exe /I{4EF35707-7052-4331-B8FD-549DB3922AD7}
Toon Boom Studio 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62616A4E-82E4-424A-A201-3D29ABB6B7FD}\setup.exe" -l0x9 UNINSTALL -removeonly
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wisdom-soft AutoScreenRecorder 3.0 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
Wisdom-soft Toolbar-->C:\PROGRA~1\WISDOM~2\UNWISE.EXE C:\PROGRA~1\WISDOM~2\INSTALL.LOG
XBCD 360 0.2.5-->C:\Program Files\XBCD 360\uninst.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
YafaRay MinGW32 Build-->C:\Program Files\YafaRay\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yet Another Free RayTracer for Windows 0.0.9-->"C:\Program Files\YafRay\unins000.exe"
ZAppLink-->MsiExec.exe /I{BC352445-5DD8-4C4F-909A-21A9E75017B1}
ZBrush3-->MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}

======Security center information======

AV: AVG Internet Security
AV: CyberDefender Internet Security
AV: avast! antivirus 4.8.1229 [VPS 080915-0]
FW: ActiveArmor Firewall (disabled)

======System event log======

Computer Name: USER-F09B5B0C2F
Event Code: 7000
Message: The X4HSX32 service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 9
Source Name: Service Control Manager
Time Written: 20090720112132.000000-240
Event Type: error
User:

Computer Name: USER-F09B5B0C2F
Event Code: 7024
Message: The Routing and Remote Access service terminated with service-specific error 2 (0x2).

Record Number: 8
Source Name: Service Control Manager
Time Written: 20090720112132.000000-240
Event Type: error
User:

Computer Name: USER-F09B5B0C2F
Event Code: 7023
Message: The Human Interface Device Access service terminated with the following error:
The specified module could not be found.


Record Number: 7
Source Name: Service Control Manager
Time Written: 20090720112132.000000-240
Event Type: error
User:

Computer Name: USER-F09B5B0C2F
Event Code: 7023
Message: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error:
A device attached to the system is not functioning.


Record Number: 6
Source Name: Service Control Manager
Time Written: 20090720112132.000000-240
Event Type: error
User:

Computer Name: USER-F09B5B0C2F
Event Code: 20103
Message: Unable to load C:\WINDOWS\System32\iprtrmgr.dll.

Record Number: 5
Source Name: RemoteAccess
Time Written: 20090720112119.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: USER-F09B5B0C2F
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 32581
Source Name: Userenv
Time Written: 20090707084033.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USER-F09B5B0C2F
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 32561
Source Name: Userenv
Time Written: 20090707070731.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USER-F09B5B0C2F
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 32560
Source Name: Userenv
Time Written: 20090707070731.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USER-F09B5B0C2F
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 32559
Source Name: Userenv
Time Written: 20090707070730.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: USER-F09B5B0C2F
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Record Number: 32558
Source Name: Userenv
Time Written: 20090707070730.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files\ImageConverter Plus\Microsoft.VC80.MFC;C:\Program Files\QuickTime\QTSystem;C:\Program Files\rksupport
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 1, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=7f01
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"NTRESKIT"=C:\Program Files\rksupport

-----------------EOF-----------------
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby Axephilic » July 28th, 2009, 12:53 pm

Download and Rename ComboFix

  • Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    Image


    Image

    --------------------------------------------------------------------


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can get help on disabling your protection programs here

  • Double click on Combo-Fix.exe & follow the prompts. When prompted, please agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Image

  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby outerdrake » July 28th, 2009, 4:29 pm

Don't know why those scanners say enabled and the warning label(for scanners)appeared at the beginning for a brief moment? I uninstall all those virus removal software weeks ago. They aren't on my computer or my task bar. the log finish regardless.





ComboFix 09-07-28.01 - user 07/28/2009 16:06.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.466 [GMT -4:00]



Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1229 [VPS 080915-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {4D2E25A0-79E5-401A-8AB8-17A795089D69}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-28 19:51 . 2009-07-28 20:05 -------- d-s---w- C:\ComboFix
2009-07-28 16:02 . 2009-07-28 16:02 -------- d-----w- C:\rsit
2009-07-27 02:25 . 2009-07-27 02:25 -------- d-----w- c:\program files\rksupport
2009-07-27 02:21 . 2009-07-27 02:31 -------- d-----w- C:\TEMP
2009-07-27 02:21 . 2009-07-27 02:26 -------- d-----w- c:\temp\SP4RK
2009-07-26 19:40 . 2009-07-26 20:45 -------- d-----w- c:\program files\YafaRay
2009-07-25 15:12 . 2009-07-25 15:12 -------- d-----w- C:\Python26
2009-07-24 14:46 . 2009-07-24 14:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-23 18:20 . 2009-07-23 18:20 -------- d-----w- c:\program files\TABLET
2009-07-22 14:49 . 2009-07-22 14:58 -------- d-----w- c:\program files\Registry Easy
2009-07-22 12:27 . 2009-07-23 17:08 352160 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-22 12:24 . 2009-07-22 12:24 -------- d-----w- c:\program files\COMODO
2009-07-21 21:18 . 2008-07-08 12:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-07-21 20:49 . 2009-07-21 20:52 -------- d-----w- c:\windows\NV10361632.TMP
2009-07-19 18:54 . 2009-07-22 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-07-19 18:54 . 2009-07-22 12:24 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-19 18:54 . 2009-07-22 12:24 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-19 18:54 . 2009-07-22 12:24 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-19 18:54 . 2009-07-22 12:24 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-19 17:10 . 2009-07-19 17:13 -------- d-----w- c:\windows\Symbols
2009-07-19 13:44 . 2009-07-19 13:44 -------- d-----w- C:\log
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\scripting
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\l2schemas
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\en
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\bits
2009-07-19 13:15 . 2009-07-19 13:22 -------- d-----w- c:\windows\ServicePackFiles
2009-07-19 09:08 . 2009-07-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-19 00:23 . 2009-07-19 00:23 -------- d-----w- c:\program files\Trend Micro
2009-07-17 20:01 . 2009-07-17 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-17 13:01 . 2009-07-17 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-07-13 17:29 . 2009-07-19 17:20 43632672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-13 17:25 . 2009-07-13 18:24 -------- d-----w- c:\program files\Enigma Software Group
2009-07-12 03:49 . 2009-07-17 21:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2009-07-12 00:53 . 2009-07-12 16:00 -------- d-----w- c:\documents and settings\user\Application Data\Reg Tool
2009-07-10 14:51 . 2009-07-12 16:02 -------- d-----w- c:\program files\Reg Tool
2009-07-10 12:36 . 2009-07-10 12:36 74412 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-10 09:49 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2009-07-10 09:49 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2009-07-10 09:49 . 2008-04-13 18:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2009-07-10 09:49 . 2008-04-13 18:36 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-07-10 09:47 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-10 09:43 . 2004-08-04 02:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-07-10 07:24 . 2009-07-10 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-10 07:24 . 2009-07-10 07:24 -------- d-----w- c:\program files\NOS
2009-07-09 19:24 . 2009-07-09 19:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-09 18:44 . 2009-07-09 18:44 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-07-09 18:41 . 2009-07-09 18:41 -------- d-sh--w- c:\documents and settings\user\IETldCache
2009-07-09 18:38 . 2009-07-09 18:38 -------- d-----w- c:\windows\ie8updates
2009-07-09 18:37 . 2009-07-09 18:37 -------- dc-h--w- c:\windows\ie8
2009-07-09 18:35 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 18:35 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 18:35 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 03:44 . 2009-07-28 20:05 -------- d-----w- c:\windows\system32\CatRoot2
2009-07-09 03:16 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 03:16 . 2009-07-19 12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:16 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 02:56 . 2009-07-28 19:03 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-07-08 15:59 . 2009-07-09 02:05 224 ---ha-w- c:\windows\winshell.dat
2009-07-08 15:58 . 2009-07-09 03:13 -------- d-----w- c:\program files\Dachshund Software
2009-07-07 21:29 . 2009-07-07 21:29 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-07-07 21:29 . 2009-07-07 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-01 04:03 . 2009-07-01 04:03 -------- d-----w- C:\tox
2009-07-01 03:54 . 2009-07-01 03:54 -------- d-----w- C:\TOKKKK
2009-07-01 03:26 . 2009-07-01 03:27 -------- d-----w- C:\mediacache
2009-07-01 03:20 . 2009-07-01 03:20 -------- d-----w- c:\program files\Common Files\Autodesk Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 19:05 . 2008-05-06 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-24 03:51 . 2008-05-22 03:57 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-24 03:47 . 2008-08-27 15:21 -------- d-----w- c:\program files\Conduit
2009-07-24 03:47 . 2008-08-14 18:13 -------- d-----w- c:\program files\Google
2009-07-24 03:47 . 2008-04-03 08:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 02:50 . 2008-04-04 05:06 -------- d-----w- c:\program files\NCH Software
2009-07-24 02:49 . 2008-05-06 20:58 -------- d-----w- c:\program files\WebShot
2009-07-24 02:43 . 2008-04-04 04:58 -------- d-----w- c:\program files\DivX
2009-07-23 21:32 . 2008-05-05 02:44 -------- d-----w- c:\program files\Microsoft GIF Animator
2009-07-22 17:09 . 2008-06-08 13:56 -------- d-----w- c:\documents and settings\user\Application Data\Any Video Converter
2009-07-19 21:52 . 2008-04-03 08:54 95160 -c--a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 17:20 . 2009-07-13 17:29 512396 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-19 13:24 . 2008-04-03 08:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-16 03:42 . 2008-04-03 01:15 98304 ----a-w- c:\windows\DUMPb6bd.tmp
2009-07-12 01:38 . 2008-09-07 02:18 -------- d-----w- c:\program files\SopCast
2009-07-10 12:36 . 2008-06-10 12:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2009-07-09 17:04 . 2008-07-20 16:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-09 03:50 . 2008-09-19 02:47 -------- d-----w- c:\documents and settings\ALex OFaithful\Application Data\MEGAUPLOADTOOLBAR
2009-07-09 02:31 . 2008-07-18 02:49 -------- d-----w- c:\program files\Autodesk
2009-07-08 21:11 . 2008-05-17 19:08 -------- d-----w- c:\program files\LimeWire
2009-07-07 21:10 . 2008-09-16 20:43 -------- d-----w- c:\program files\Error Expert
2009-07-07 21:10 . 2008-04-07 17:17 -------- d-----w- c:\program files\FLV Player
2009-07-07 15:45 . 2009-05-14 15:26 -------- d-----w- c:\program files\Winamp
2009-07-07 14:10 . 2008-06-08 15:28 -------- d-----w- c:\program files\Easy TV Free
2009-07-07 14:10 . 2008-04-06 22:05 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-28 13:26 . 2008-06-10 20:45 -------- d-----w- c:\program files\Common Files\DAZ
2009-06-21 00:30 . 2009-06-21 00:30 -------- d-----w- c:\program files\Common Files\fwc
2009-06-21 00:30 . 2009-04-18 04:47 -------- d-----w- c:\program files\Fake Webcam
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 04:37 . 2008-04-06 21:49 -------- d-----w- c:\program files\Windows Live
2009-06-10 04:37 . 2009-06-10 04:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-10 04:36 . 2009-06-10 04:36 -------- d-----w- c:\program files\Microsoft
2009-06-10 04:36 . 2009-06-10 04:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 04:05 . 2009-06-10 04:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-07 03:59 . 2008-05-17 19:17 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 03:22 . 2008-04-24 20:39 -------- d-----w- c:\documents and settings\user\Application Data\Image Zone Express
2009-05-31 18:51 . 2009-05-31 18:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-17 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2008-12-25 184320]
"WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3 (0x3)
"SNAC"=2 (0x2)
"OHWHZKYOXF"=2 (0x2)
"AVGIDSWatcher"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"56513:TCP"= 56513:TCP:Pando P2P TCP Listening Port
"56513:UDP"= 56513:UDP:Pando P2P UDP Listening Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2009 6:39 PM 24652]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/7/2007 1:16 PM 18944]
S2 gupdate1c9e220e3157f3c;Google Update Service (gupdate1c9e220e3157f3c);c:\program files\Google\Update\GoogleUpdate.exe [5/31/2009 2:52 PM 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/10/2009 3:24 AM 66056]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [11/28/2002 9:23 PM 39048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1B.tmp --> c:\windows\system32\1B.tmp [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [4/23/2007 11:28 AM 10752]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S4 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys --> c:\windows\system32\Drivers\avgrkx86.sys [?]
S4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S4 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys --> c:\windows\system32\DRIVERS\CDAVFS.sys [?]
S4 is-G23MVdrv;is-G23MVdrv;c:\windows\system32\DRIVERS\60732369.sys --> c:\windows\system32\DRIVERS\60732369.sys [?]
S4 OHWHZKYOXF;OHWHZKYOXF;c:\docume~1\user\LOCALS~1\Temp\OHWHZKYOXF.exe --> c:\docume~1\user\LOCALS~1\Temp\OHWHZKYOXF.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 18:51]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 18:51]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-12 12:28]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-12 12:28]

2009-07-22 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-07-22 15:10]
.
.
------- Supplementary Scan -------
.
uStart Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 16:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet024\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,a9,8a,f0,dc,57,b0,43,ac,a2,aa,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,a9,8a,f0,dc,57,b0,43,ac,a2,aa,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-28 16:20
ComboFix-quarantined-files.txt 2009-07-28 20:20
ComboFix2.txt 2009-07-28 19:40
ComboFix3.txt 2009-07-28 19:25
ComboFix4.txt 2009-07-20 16:09

Pre-Run: 14,950,658,048 bytes free
Post-Run: 14,927,486,976 bytes free

279 --- E O F --- 2009-07-20 02:31
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby Axephilic » July 30th, 2009, 3:57 pm

Hi there,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\System32\Drivers\az72h81b.SYS
c:\docume~1\user\LOCALS~1\Temp\OHWHZKYOXF.exe 
c:\windows\system32\DRIVERS\60732369.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OHWHZKYOXF"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56513:TCP"=-
"56513:UDP"=-
Driver::
is-G23MVdrv
OHWHZKYOXF


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind 
    *proquota.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please include:
  1. ComboFix log
  2. Kaspersky report
  3. SystemLook log
  4. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby outerdrake » August 2nd, 2009, 12:49 am

ComboFix 09-07-28.01 - user 07/31/2009 19:49.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.552 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080915-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {4D2E25A0-79E5-401A-8AB8-17A795089D69}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"c:\docume~1\user\LOCALS~1\Temp\OHWHZKYOXF.exe"
"c:\windows\system32\DRIVERS\60732369.sys"
"c:\windows\System32\Drivers\az72h81b.SYS"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-G23MVDRV
-------\Legacy_OHWHZKYOXF
-------\Service_is-G23MVdrv
-------\Service_OHWHZKYOXF


((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
.

2009-07-30 05:09 . 2009-07-30 05:09 -------- d-----w- c:\program files\YafaRay
2009-07-30 04:24 . 2009-07-30 04:24 -------- d-----w- c:\documents and settings\user\Application Data\Blender Foundation
2009-07-30 04:24 . 2009-07-30 04:24 -------- d-----w- c:\program files\Blender Foundation
2009-07-28 19:51 . 2009-07-28 20:05 -------- d-s---w- C:\ComboFix
2009-07-28 16:02 . 2009-07-28 16:02 -------- d-----w- C:\rsit
2009-07-27 02:25 . 2009-07-27 02:25 -------- d-----w- c:\program files\rksupport
2009-07-27 02:21 . 2009-07-27 02:31 -------- d-----w- C:\TEMP
2009-07-27 02:21 . 2009-07-27 02:26 -------- d-----w- c:\temp\SP4RK
2009-07-25 15:12 . 2009-07-25 15:12 -------- d-----w- C:\Python26
2009-07-24 14:46 . 2009-07-24 14:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-23 18:20 . 2009-07-23 18:20 -------- d-----w- c:\program files\TABLET
2009-07-22 14:49 . 2009-07-22 14:58 -------- d-----w- c:\program files\Registry Easy
2009-07-22 12:27 . 2009-07-23 17:08 352160 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-22 12:24 . 2009-07-22 12:24 -------- d-----w- c:\program files\COMODO
2009-07-21 21:18 . 2008-07-08 12:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-07-21 20:49 . 2009-07-21 20:52 -------- d-----w- c:\windows\NV10361632.TMP
2009-07-19 18:54 . 2009-07-22 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-07-19 18:54 . 2009-07-22 12:24 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-19 18:54 . 2009-07-22 12:24 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-19 18:54 . 2009-07-22 12:24 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-19 18:54 . 2009-07-22 12:24 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-19 17:10 . 2009-07-19 17:13 -------- d-----w- c:\windows\Symbols
2009-07-19 13:44 . 2009-07-19 13:44 -------- d-----w- C:\log
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\scripting
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\l2schemas
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\en
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\bits
2009-07-19 13:15 . 2009-07-19 13:22 -------- d-----w- c:\windows\ServicePackFiles
2009-07-19 09:08 . 2009-07-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-19 00:23 . 2009-07-19 00:23 -------- d-----w- c:\program files\Trend Micro
2009-07-17 20:01 . 2009-07-17 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-17 13:01 . 2009-07-17 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-07-13 17:29 . 2009-07-19 17:20 43632672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-13 17:25 . 2009-07-13 18:24 -------- d-----w- c:\program files\Enigma Software Group
2009-07-12 03:49 . 2009-07-17 21:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2009-07-12 00:53 . 2009-07-12 16:00 -------- d-----w- c:\documents and settings\user\Application Data\Reg Tool
2009-07-10 14:51 . 2009-07-12 16:02 -------- d-----w- c:\program files\Reg Tool
2009-07-10 12:36 . 2009-07-10 12:36 74412 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-10 09:49 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2009-07-10 09:49 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2009-07-10 09:49 . 2008-04-13 18:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2009-07-10 09:49 . 2008-04-13 18:36 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-07-10 09:47 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-10 09:43 . 2004-08-04 02:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-07-10 07:24 . 2009-07-10 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-10 07:24 . 2009-07-10 07:24 -------- d-----w- c:\program files\NOS
2009-07-09 19:24 . 2009-07-09 19:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-09 18:44 . 2009-07-09 18:44 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-07-09 18:41 . 2009-07-09 18:41 -------- d-sh--w- c:\documents and settings\user\IETldCache
2009-07-09 18:38 . 2009-07-09 18:38 -------- d-----w- c:\windows\ie8updates
2009-07-09 18:37 . 2009-07-09 18:37 -------- dc-h--w- c:\windows\ie8
2009-07-09 18:35 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 18:35 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 18:35 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 03:44 . 2009-07-31 23:48 -------- d-----w- c:\windows\system32\CatRoot2
2009-07-09 03:16 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 03:16 . 2009-07-19 12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:16 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 02:56 . 2009-07-30 22:30 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-07-08 15:59 . 2009-07-09 02:05 224 ---ha-w- c:\windows\winshell.dat
2009-07-08 15:58 . 2009-07-09 03:13 -------- d-----w- c:\program files\Dachshund Software
2009-07-07 21:29 . 2009-07-07 21:29 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-07-07 21:29 . 2009-07-07 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 00:00 . 2008-05-06 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-24 03:51 . 2008-05-22 03:57 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-24 03:47 . 2008-08-27 15:21 -------- d-----w- c:\program files\Conduit
2009-07-24 03:47 . 2008-08-14 18:13 -------- d-----w- c:\program files\Google
2009-07-24 03:47 . 2008-04-03 08:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 02:50 . 2008-04-04 05:06 -------- d-----w- c:\program files\NCH Software
2009-07-24 02:49 . 2008-05-06 20:58 -------- d-----w- c:\program files\WebShot
2009-07-24 02:43 . 2008-04-04 04:58 -------- d-----w- c:\program files\DivX
2009-07-23 21:32 . 2008-05-05 02:44 -------- d-----w- c:\program files\Microsoft GIF Animator
2009-07-22 17:09 . 2008-06-08 13:56 -------- d-----w- c:\documents and settings\user\Application Data\Any Video Converter
2009-07-19 21:52 . 2008-04-03 08:54 95160 -c--a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 17:20 . 2009-07-13 17:29 512396 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-19 13:24 . 2008-04-03 08:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-16 03:42 . 2008-04-03 01:15 98304 ----a-w- c:\windows\DUMPb6bd.tmp
2009-07-12 01:38 . 2008-09-07 02:18 -------- d-----w- c:\program files\SopCast
2009-07-10 12:36 . 2008-06-10 12:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2009-07-09 17:04 . 2008-07-20 16:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-09 03:50 . 2008-09-19 02:47 -------- d-----w- c:\documents and settings\ALex OFaithful\Application Data\MEGAUPLOADTOOLBAR
2009-07-09 02:31 . 2008-07-18 02:49 -------- d-----w- c:\program files\Autodesk
2009-07-08 21:11 . 2008-05-17 19:08 -------- d-----w- c:\program files\LimeWire
2009-07-07 21:10 . 2008-09-16 20:43 -------- d-----w- c:\program files\Error Expert
2009-07-07 21:10 . 2008-04-07 17:17 -------- d-----w- c:\program files\FLV Player
2009-07-07 15:45 . 2009-05-14 15:26 -------- d-----w- c:\program files\Winamp
2009-07-07 14:10 . 2008-06-08 15:28 -------- d-----w- c:\program files\Easy TV Free
2009-07-07 14:10 . 2008-04-06 22:05 -------- d-----w- c:\program files\Windows Live Toolbar
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 03:20 . 2009-07-01 03:20 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-28 13:26 . 2008-06-10 20:45 -------- d-----w- c:\program files\Common Files\DAZ
2009-06-21 00:30 . 2009-06-21 00:30 -------- d-----w- c:\program files\Common Files\fwc
2009-06-21 00:30 . 2009-04-18 04:47 -------- d-----w- c:\program files\Fake Webcam
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 04:37 . 2008-04-06 21:49 -------- d-----w- c:\program files\Windows Live
2009-06-10 04:37 . 2009-06-10 04:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-10 04:36 . 2009-06-10 04:36 -------- d-----w- c:\program files\Microsoft
2009-06-10 04:36 . 2009-06-10 04:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 04:05 . 2009-06-10 04:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-07 03:59 . 2008-05-17 19:17 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 03:22 . 2008-04-24 20:39 -------- d-----w- c:\documents and settings\user\Application Data\Image Zone Express
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-28_19.21.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
- 2007-08-13 23:54 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
- 2008-04-02 20:10 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-02 20:10 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-07-30 07:04 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-30 07:04 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-30 07:04 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2007-08-13 23:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-02 20:10 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-02 20:10 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-07-30 07:00 . 2009-07-30 07:00 248832 c:\windows\Installer\a809e6.msi
+ 2009-07-30 07:04 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-30 07:04 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-30 07:04 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-30 07:04 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-30 07:04 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-30 07:04 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-30 07:04 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-30 07:04 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-30 07:04 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-02 20:10 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-07-30 07:04 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-30 07:04 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-30 07:04 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2007-08-13 23:54 . 2009-07-19 22:48 11067392 c:\windows\system32\ieframe.dll
+ 2008-04-02 20:10 . 2009-07-19 22:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-07-30 07:04 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-17 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2008-12-25 184320]
"WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3 (0x3)
"SNAC"=2 (0x2)
"AVGIDSWatcher"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2009 6:39 PM 24652]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/7/2007 1:16 PM 18944]
S2 gupdate1c9e220e3157f3c;Google Update Service (gupdate1c9e220e3157f3c);c:\program files\Google\Update\GoogleUpdate.exe [5/31/2009 2:52 PM 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/10/2009 3:24 AM 66056]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [11/28/2002 9:23 PM 39048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1B.tmp --> c:\windows\system32\1B.tmp [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [4/23/2007 11:28 AM 10752]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S4 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys --> c:\windows\system32\Drivers\avgrkx86.sys [?]
S4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S4 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys --> c:\windows\system32\DRIVERS\CDAVFS.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 18:51]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 18:51]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-12 12:28]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-12 12:28]

2009-07-29 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-07-22 15:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

creating catchme.sys error: The process cannot access the file because it is being used by another process.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 19:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet024\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,a9,8a,f0,dc,57,b0,43,ac,a2,aa,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,a9,8a,f0,dc,57,b0,43,ac,a2,aa,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\windows\system32\msdtc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\IcdSptSv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msiexec.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\tlntsvr.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\drivers\WTSrv.exe
c:\program files\Windows Live\installer\WLSetupSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\WISPTIS.EXE
.
**************************************************************************
.
Completion time: 2009-08-01 20:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-01 00:06
ComboFix2.txt 2009-07-28 20:20
ComboFix3.txt 2009-07-28 19:40
ComboFix4.txt 2009-07-28 19:25
ComboFix5.txt 2009-07-31 23:48

Pre-Run: 15,020,490,752 bytes free
Post-Run: 15,253,299,200 bytes free

370 --- E O F --- 2009-07-30 07:05








--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, August 2, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, August 01, 2009 22:28:33
Records in database: 2570997
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 119169
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:58:46


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Program Files\Zumie\zopt.exe.vir Infected: not-a-virus:AdWare.Win32.OneStep.flv 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IFQ9WW89\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

The selected area was scanned.
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby outerdrake » August 2nd, 2009, 12:51 am

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 00:37 on 02/08/2009 by user (Administrator - Elevation successful)

========== filefind ==========

Searching for "*proquota.exe"
C:\WINDOWS\ServicePackFiles\i386\proquota.exe ------ 50176 bytes [09:47 10/07/2009] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --a--- 50176 bytes [12:09 22/09/2008] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

-=End Of File=-






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:35 AM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IcdSptSv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-57989841-484061587-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ALex OFaithful')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e220e3157f3c) (gupdate1c9e220e3157f3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 10651 bytes
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby Axephilic » August 3rd, 2009, 3:24 pm

Hello,

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IFQ9WW89\ac[1].htm
FCopy::
C:\WINDOWS\ServicePackFiles\i386\proquota.exe | c:\windows\system32\proquota.exe


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include:
  1. ComboFix log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby outerdrake » August 3rd, 2009, 5:05 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:37 PM, on 8/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\IcdSptSv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-57989841-484061587-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ALex OFaithful')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e220e3157f3c) (gupdate1c9e220e3157f3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 9321 bytes






ComboFix 09-08-03.03 - user 08/03/2009 16:39.7.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.527 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080915-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {4D2E25A0-79E5-401A-8AB8-17A795089D69}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Favorites\MASECA En la cocina con las estrellas .URL

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 20:39 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-03 20:39 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-01 15:41 . 2009-08-01 15:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-01 15:41 . 2009-08-01 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-01 15:41 . 2009-08-01 15:41 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-30 05:09 . 2009-07-30 05:09 -------- d-----w- c:\program files\YafaRay
2009-07-30 04:24 . 2009-07-30 04:24 -------- d-----w- c:\documents and settings\user\Application Data\Blender Foundation
2009-07-30 04:24 . 2009-07-30 04:24 -------- d-----w- c:\program files\Blender Foundation
2009-07-28 19:51 . 2009-07-28 20:05 -------- d-s---w- C:\ComboFix
2009-07-28 16:02 . 2009-07-28 16:02 -------- d-----w- C:\rsit
2009-07-27 02:25 . 2009-07-27 02:25 -------- d-----w- c:\program files\rksupport
2009-07-27 02:21 . 2009-07-27 02:31 -------- d-----w- C:\TEMP
2009-07-27 02:21 . 2009-07-27 02:26 -------- d-----w- c:\temp\SP4RK
2009-07-25 15:12 . 2009-07-25 15:12 -------- d-----w- C:\Python26
2009-07-24 14:46 . 2009-07-24 14:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-23 18:20 . 2009-07-23 18:20 -------- d-----w- c:\program files\TABLET
2009-07-22 14:49 . 2009-07-22 14:58 -------- d-----w- c:\program files\Registry Easy
2009-07-22 12:27 . 2009-07-23 17:08 352160 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-22 12:24 . 2009-07-22 12:24 -------- d-----w- c:\program files\COMODO
2009-07-21 21:18 . 2008-07-08 12:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-07-21 20:49 . 2009-07-21 20:52 -------- d-----w- c:\windows\NV10361632.TMP
2009-07-19 18:54 . 2009-07-22 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-07-19 18:54 . 2009-07-22 12:24 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-19 18:54 . 2009-07-22 12:24 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-19 18:54 . 2009-07-22 12:24 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-19 18:54 . 2009-07-22 12:24 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-19 17:10 . 2009-07-19 17:13 -------- d-----w- c:\windows\Symbols
2009-07-19 13:44 . 2009-07-19 13:44 -------- d-----w- C:\log
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\scripting
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\l2schemas
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\en
2009-07-19 13:21 . 2009-07-19 13:21 -------- d-----w- c:\windows\system32\bits
2009-07-19 13:15 . 2009-07-19 13:22 -------- d-----w- c:\windows\ServicePackFiles
2009-07-19 09:08 . 2009-07-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-19 00:23 . 2009-07-19 00:23 -------- d-----w- c:\program files\Trend Micro
2009-07-17 20:01 . 2009-07-17 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-17 13:01 . 2009-07-17 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-07-13 17:29 . 2009-07-19 17:20 43632672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-13 17:25 . 2009-07-13 18:24 -------- d-----w- c:\program files\Enigma Software Group
2009-07-12 03:49 . 2009-08-01 01:54 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2009-07-12 00:53 . 2009-07-12 16:00 -------- d-----w- c:\documents and settings\user\Application Data\Reg Tool
2009-07-10 14:51 . 2009-07-12 16:02 -------- d-----w- c:\program files\Reg Tool
2009-07-10 12:36 . 2009-07-10 12:36 74412 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-10 09:49 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2009-07-10 09:49 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2009-07-10 09:49 . 2008-04-14 00:11 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2009-07-10 09:49 . 2008-04-13 18:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2009-07-10 09:49 . 2008-04-13 18:36 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-07-10 09:47 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-10 09:43 . 2004-08-04 02:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-07-10 07:24 . 2009-07-10 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-10 07:24 . 2009-07-10 07:24 -------- d-----w- c:\program files\NOS
2009-07-09 19:24 . 2009-07-09 19:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-09 18:44 . 2009-07-09 18:44 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-07-09 18:41 . 2009-07-09 18:41 -------- d-sh--w- c:\documents and settings\user\IETldCache
2009-07-09 18:38 . 2009-07-09 18:38 -------- d-----w- c:\windows\ie8updates
2009-07-09 18:37 . 2009-07-09 18:37 -------- dc-h--w- c:\windows\ie8
2009-07-09 18:35 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 18:35 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 18:35 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 03:44 . 2009-08-03 20:38 -------- d-----w- c:\windows\system32\CatRoot2
2009-07-09 03:16 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 03:16 . 2009-07-19 12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 03:16 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 02:56 . 2009-08-02 07:43 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-07-08 15:59 . 2009-07-09 02:05 224 ---ha-w- c:\windows\winshell.dat
2009-07-08 15:58 . 2009-07-09 03:13 -------- d-----w- c:\program files\Dachshund Software
2009-07-07 21:29 . 2009-07-07 21:29 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-07-07 21:29 . 2009-07-07 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 20:36 . 2008-05-06 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-01 15:41 . 2008-05-17 19:14 -------- d-----w- c:\program files\Java
2009-07-24 03:51 . 2008-05-22 03:57 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-24 03:47 . 2008-08-27 15:21 -------- d-----w- c:\program files\Conduit
2009-07-24 03:47 . 2008-08-14 18:13 -------- d-----w- c:\program files\Google
2009-07-24 03:47 . 2008-04-03 08:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 02:50 . 2008-04-04 05:06 -------- d-----w- c:\program files\NCH Software
2009-07-24 02:49 . 2008-05-06 20:58 -------- d-----w- c:\program files\WebShot
2009-07-24 02:43 . 2008-04-04 04:58 -------- d-----w- c:\program files\DivX
2009-07-23 21:32 . 2008-05-05 02:44 -------- d-----w- c:\program files\Microsoft GIF Animator
2009-07-22 17:09 . 2008-06-08 13:56 -------- d-----w- c:\documents and settings\user\Application Data\Any Video Converter
2009-07-19 21:52 . 2008-04-03 08:54 95160 -c--a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 17:20 . 2009-07-13 17:29 512396 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-19 13:24 . 2008-04-03 08:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-16 03:42 . 2008-04-03 01:15 98304 ----a-w- c:\windows\DUMPb6bd.tmp
2009-07-12 01:38 . 2008-09-07 02:18 -------- d-----w- c:\program files\SopCast
2009-07-10 12:36 . 2008-06-10 12:41 -------- d-----w- c:\documents and settings\user\Application Data\Apple Computer
2009-07-09 17:04 . 2008-07-20 16:15 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-09 03:50 . 2008-09-19 02:47 -------- d-----w- c:\documents and settings\ALex OFaithful\Application Data\MEGAUPLOADTOOLBAR
2009-07-09 02:31 . 2008-07-18 02:49 -------- d-----w- c:\program files\Autodesk
2009-07-08 21:11 . 2008-05-17 19:08 -------- d-----w- c:\program files\LimeWire
2009-07-07 21:10 . 2008-09-16 20:43 -------- d-----w- c:\program files\Error Expert
2009-07-07 21:10 . 2008-04-07 17:17 -------- d-----w- c:\program files\FLV Player
2009-07-07 15:45 . 2009-05-14 15:26 -------- d-----w- c:\program files\Winamp
2009-07-07 14:10 . 2008-06-08 15:28 -------- d-----w- c:\program files\Easy TV Free
2009-07-07 14:10 . 2008-04-06 22:05 -------- d-----w- c:\program files\Windows Live Toolbar
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 03:20 . 2009-07-01 03:20 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-28 13:26 . 2008-06-10 20:45 -------- d-----w- c:\program files\Common Files\DAZ
2009-06-21 00:30 . 2009-06-21 00:30 -------- d-----w- c:\program files\Common Files\fwc
2009-06-21 00:30 . 2009-04-18 04:47 -------- d-----w- c:\program files\Fake Webcam
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 04:37 . 2008-04-06 21:49 -------- d-----w- c:\program files\Windows Live
2009-06-10 04:37 . 2009-06-10 04:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-10 04:36 . 2009-06-10 04:36 -------- d-----w- c:\program files\Microsoft
2009-06-10 04:36 . 2009-06-10 04:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 04:05 . 2009-06-10 04:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-07 03:59 . 2008-05-17 19:17 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-01_00.00.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-03 20:22 . 2009-08-03 20:22 16384 c:\windows\temp\Perflib_Perfdata_730.dat
+ 2009-08-01 15:41 . 2009-08-01 15:41 148888 c:\windows\system32\javaws.exe
+ 2009-08-01 15:41 . 2009-08-01 15:41 144792 c:\windows\system32\javaw.exe
+ 2009-08-01 15:41 . 2009-08-01 15:41 144792 c:\windows\system32\java.exe
+ 2009-08-01 15:41 . 2009-08-01 15:41 536576 c:\windows\Installer\22920d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-17 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2008-12-25 184320]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-01 148888]
"WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3 (0x3)
"SNAC"=2 (0x2)
"AVGIDSWatcher"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\e frontier\\Poser 7\\Poser.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/28/2009 6:39 PM 24652]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [6/7/2007 1:16 PM 18944]
S2 gupdate1c9e220e3157f3c;Google Update Service (gupdate1c9e220e3157f3c);c:\program files\Google\Update\GoogleUpdate.exe [5/31/2009 2:52 PM 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/10/2009 3:24 AM 66056]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [11/28/2002 9:23 PM 39048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1B.tmp --> c:\windows\system32\1B.tmp [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [4/23/2007 11:28 AM 10752]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S4 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys --> c:\windows\system32\Drivers\avgrkx86.sys [?]
S4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S4 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys --> c:\windows\system32\DRIVERS\CDAVFS.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 18:51]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-31 18:51]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-12 12:28]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-484061587-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-12 12:28]

2009-07-29 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-07-22 15:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 16:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet024\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,a9,8a,f0,dc,57,b0,43,ac,a2,aa,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,a9,8a,f0,dc,57,b0,43,ac,a2,aa,\
.
Completion time: 2009-08-03 16:51
ComboFix-quarantined-files.txt 2009-08-03 20:50
ComboFix2.txt 2009-08-01 00:06
ComboFix3.txt 2009-07-28 20:20
ComboFix4.txt 2009-07-28 19:40
ComboFix5.txt 2009-08-03 20:38

Pre-Run: 15,680,143,360 bytes free
Post-Run: 15,907,041,280 bytes free

281 --- E O F --- 2009-07-30 07:05
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby Axephilic » August 4th, 2009, 4:40 pm

Hi there,

Mutiple Anti-Viruses
You are operating your computer with multiple Anti Virus programs:
CyberDefender Internet Security
AVG Internet Security
avast! antivirus 4.8.1229


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please Uninstall all but one of them using Control Panel, Add/Remove Programs.

In your next reply, please include:
  1. How is your computer running now?
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby outerdrake » August 4th, 2009, 8:01 pm

It seems to be working fine so far (no crash lately, had it left on for more than 6-7 hours. :cheers:


About the anti virus softwares. i uninstall those programs weeks ago, don't know why they still are enabled?

One thing that i notice about this file.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IFQ9WW89\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

I clicked the html ac[1] and some of the recent airline websites i visited appeared. After clicking any of the web links i see a broken link page with "avxp 2008 net scanner" in the search bar. how do i remove that?






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:42 PM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\IcdSptSv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Blender Foundation\Blender\blender.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-57989841-484061587-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ALex OFaithful')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9e220e3157f3c) (gupdate1c9e220e3157f3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 9865 bytes
outerdrake
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 8:29 pm

Re: Antivirus agent pro/Spooldr.sys/BSod

Unread postby Axephilic » August 5th, 2009, 1:46 pm

I clicked the html ac[1] and some of the recent airline websites i visited appeared. After clicking any of the web links i see a broken link page with "avxp 2008 net scanner" in the search bar. how do i remove that?

I'm not sure what you mean by this.

I would like to see one more scan, please.

Please Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware