Free Malware Removal Forum

[Atrax]

Hi,
I think my computer is infected somehow. When I open IE, periodically (without warning) browsers with ads will popup. Sometimes when I enter a site, I am redirected to another, different site. Also, my computer runs slowly, and it sometimes has trouble shutting down. (I get the "End Now" prompt on explorer.exe.)

Anyway, yeah, I have no idea what's wrong. I have McAfee and I installed Super AntiSpyware, to no avail.

Here's my hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:55 PM, on 8/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.occ.treas.gov/jobs/entry-level.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517141948.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [oqltpucl] C:\Documents and Settings\Declan Gunn\Local Settings\Application Data\uhymriyqs\rtacoeotssd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLSVC - Unknown owner - C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe

--
End of file - 10617 bytes

[DFW]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the forum and wait for help.

Hi Atrax and welcome..

I'm DFW and I am going to try and help you with your Malware problem. Please observe the following points and rules while we work:

• The fixes are specific to your problem and should only be used for this issue on this machine!.
• The clean up process can take time. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Some of the Logs we ask for can take some time to Analise, so please be patient.

Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.




Download and Run RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open.
• Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post back with both rsit logs

[Atrax]

Here's log.txt:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Declan Gunn at 2010-08-11 00:11:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 199 GB (70%) free of 286 GB
Total RAM: 1023 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:55 AM, on 8/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Declan Gunn\Desktop\RSIT.exe
C:\Program Files\trend micro\Declan Gunn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.occ.treas.gov/jobs/entry-level.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517141948.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [oqltpucl] C:\Documents and Settings\Declan Gunn\Local Settings\Application Data\uhymriyqs\rtacoeotssd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLSVC - Unknown owner - C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe

--
End of file - 10425 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100517141948.dll [2010-04-27 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-06 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-07-29 270336]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-19 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26 180224]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-12-22 67752]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-03-23 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-17 767312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"oqltpucl"=C:\Documents and Settings\Declan Gunn\Local Settings\Application Data\uhymriyqs\rtacoeotssd.exe []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-19 2403568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Wireless Connection Manager.lnk - C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-24 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-11 00:11:37 ----D---- C:\rsit
2010-08-11 00:11:37 ----D---- C:\Program Files\trend micro
2010-08-08 17:12:34 ----D---- C:\Program Files\HiJackThis
2010-08-02 00:21:01 ----D---- C:\Documents and Settings\Declan Gunn\Application Data\WTablet
2010-08-02 00:20:30 ----A---- C:\WINDOWS\system32\drivers\wacomvhid.sys
2010-08-02 00:20:30 ----A---- C:\WINDOWS\system32\drivers\wacommousefilter.sys
2010-08-02 00:20:29 ----D---- C:\WINDOWS\system32\WTablet
2010-08-02 00:20:28 ----N---- C:\WINDOWS\system32\Wintab32.dll
2010-08-02 00:20:28 ----N---- C:\WINDOWS\system32\Tablet.exe
2010-08-02 00:20:25 ----D---- C:\Program Files\Tablet
2010-08-02 00:18:52 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-07-30 00:16:29 ----D---- C:\Documents and Settings\Declan Gunn\Application Data\SUPERAntiSpyware.com
2010-07-30 00:16:29 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 00:16:19 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-25 17:20:16 ----A---- C:\LOG52.tmp
2010-07-14 13:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 17:00:46 ----A---- C:\foo.txt

======List of files/folders modified in the last 1 months======

2010-08-11 00:11:54 ----D---- C:\WINDOWS\Prefetch
2010-08-11 00:11:41 ----D---- C:\WINDOWS\Temp
2010-08-11 00:11:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-11 00:11:37 ----RD---- C:\Program Files
2010-08-11 00:02:18 ----D---- C:\WINDOWS
2010-08-10 16:24:35 ----D---- C:\WINDOWS\system32
2010-08-10 13:54:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-08 17:12:40 ----SHD---- C:\WINDOWS\Installer
2010-08-08 17:12:35 ----SD---- C:\Documents and Settings\Declan Gunn\Application Data\Microsoft
2010-08-06 02:31:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-03 17:21:12 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2010-08-02 03:45:24 ----A---- C:\WINDOWS\win.ini
2010-08-02 00:20:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-02 00:20:40 ----D---- C:\WINDOWS\system32\drivers
2010-08-02 00:20:37 ----HD---- C:\WINDOWS\inf
2010-08-01 01:07:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-31 16:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2010-07-30 04:05:07 ----D---- C:\WINDOWS\Debug
2010-07-28 16:28:38 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-28 13:49:27 ----D---- C:\WINDOWS\system32\en-US
2010-07-25 17:22:55 ----D---- C:\Documents and Settings\Declan Gunn\Application Data\U3
2010-07-15 01:44:41 ----D---- C:\Documents and Settings\Declan Gunn\Application Data\Macromedia
2010-07-15 01:44:32 ----D---- C:\WINDOWS\system32\Macromed
2010-07-14 13:58:46 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-04-27 385880]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-11 98432]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-12 20640]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-04-27 82952]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-04-01 21361]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control; C:\WINDOWS\system32\DRIVERS\wlndis50.sys [2008-02-27 20480]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-24 1478656]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-04-27 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-04-27 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-04-27 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-04-27 312616]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-04-27 88480]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2009-08-05 588032]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-10 393088]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-04-27 88480]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-04-27 83496]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-24 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 FlipShare Service;FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [2010-05-14 455944]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-07-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2005-07-07 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-06 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-01-05 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-07-29 118843]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-07-29 61503]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2007-03-30 1189424]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-26 520192]
S2 WLSVC;WLSVC; C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe [2009-02-11 167936]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-01 655624]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]

-----------------EOF-----------------

[Atrax]

And here's info.txt (had to split into 2 replies)

info.txt logfile of random's system information tool 1.08 2010-08-11 00:12:00

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx MPEG-4 5.0.3 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Amazon MP3 Downloader 1.0.10-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{AB303F84-0D57-4F50-9C44-44706180505D}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon MP Navigator EX 3.0-->"C:\Program Files\Canon\MP Navigator EX 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 3.0\uninst.ini
Canon MP250 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series
Canon MP250 series User Registration-->C:\Program Files\Canon\IJEREG\MP250 series\UNINST.EXE
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Corel Painter Essentials 3-->C:\Program Files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF} C:\DOCUME~1\DECLAN~1\LOCALS~1\Temp\PainterEssentials3.log
Corel Painter Essentials 3-->MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
D-Link DWA-130 Wireless N USB Adapter-->C:\Program Files\InstallShield Installation Information\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\setup.exe -runfromtemp -l0x0009 -removeonly
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
ExtractNow-->"C:\Program Files\ExtractNow\unins000.exe"
FlipShare-->MsiExec.exe /X{B1C0D829-FE30-059E-E93F-CDC7A48235C0}
GRE POWERPREP-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ETS\PPGRE.ISU"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
K-Lite Mega Codec Pack 4.7.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
MaxBlast 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
McAfee Internet Security-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OpenOffice.org 3.1-->MsiExec.exe /I{BF704893-173F-4884-97D7-8FEEB78971BF}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Rosetta Stone Version 3-->MsiExec.exe /X{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Serif DrawPlus SE-->MsiExec.exe /X{9E01A4BB-C2CB-45C6-9905-716B6899A7D1}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Tablet-->C:\Program Files\Tablet\Remove.exe /u
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

[Atrax]

...for some reason, i can't display the rest of this. my internet gives me a "internet cannot display this page" message.

[DFW]

Hi Atrax

Code: Select all

...for some reason, i can't display the rest of this. my internet gives me a "internet cannot display this page" message.

Could be the infection, will keep a eye on it, I got all the information that was asked for, thanks.


If you have run SUPERAntiSpyware I would like to have a look at it's log please, if not don't worry.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please attach the Scan Log results to your next reply




Open up Hijackthis
Click on do a system scan only.
Place a checkmark next to these lines(if still present)

O4 - HKCU\..\Run: [oqltpucl] C:\Documents and Settings\Declan Gunn\Local Settings\Application Data\uhymriyqs\rtacoeotssd.exe


Then close all windows except Hijackthis and click Fix Checked, then reboot




Next

Disable CD Emulator(s)
We need to use powerful tools to check out your system.
*If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since CD Emulators use a hidden driver which can be seen as a rootkit and can interfere with investigative tools or cause other problems, we need to remove or disable them until disinfection is completed.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.




Gmer
Download GMER Rootkit Scanner from here.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.




PLease post back with

SUPERAntiSpyware Log (if ran)
Gmer Log

[Atrax]

Did what you asked. Here are my logs:

SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/08/2010 at 04:34 PM

Application Version : 4.41.1000

Core Rules Database Version : 5317
Trace Rules Database Version: 3129

Scan type : Complete Scan
Total Scan Time : 00:33:29

Memory items scanned : 723
Memory threats detected : 0
Registry items scanned : 6246
Registry threats detected : 0
File items scanned : 21030
File threats detected : 51

Adware.Tracking Cookie
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@serving-sys[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@ad.yieldmanager[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@advertise[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@revsci[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@tacoda[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@advertising[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@adbrite[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@invitemedia[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@content.yieldmanager[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@interclick[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@questionmarket[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@pointroll[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@cracked[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@www.cracked[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@bs.serving-sys[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@dmtracker[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@a1.interclick[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@imrworldwide[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@edgeadx[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@ads.pointroll[1].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@atdmt[2].txt
C:\Documents and Settings\Declan Gunn\Cookies\declan_gunn@content.yieldmanager[3].txt
secure-us.imrworldwide.com [ C:\Documents and Settings\Declan Gunn\Application Data\Macromedia\Flash Player\#SharedObjects\QF3QK2PF ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NZDFD8ME ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\NZDFD8ME ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.gossipcenter[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@oasn04.247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt

[Atrax]

And here is the Gmer.txt:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-12 02:16:33
Windows 5.1.2600 Service Pack 3
Running: 8tqi0jw2.exe; Driver: C:\DOCUME~1\DECLAN~1\LOCALS~1\Temp\ufldapod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE26D620]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF732FDB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF732FDC4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF732FDF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF732FE46]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF732FD9C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF732FD74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF732FD88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF732FDDA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF732FE1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF732FE06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF732FE5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF732FE30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86DC5EC5

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LV7U9MOE\igoogle_logo[1].png 2917 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LV7U9MOE\urchin[1].js 22678 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LV7U9MOE\bottom[1].png 153 bytes
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

[DFW]

Hi Atrax, well done..



Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please go here and download ERUNT.
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe





Please Download TDSSKiller.zip and save it on your desktop.

Right click on the download and extract (unzip) its contents to your Desktop.
Double-click the TDSSKiller Folder on your desktop.
From within the newly created tdsskiller folder move TDSSKiller.exe to the desktop and delete the tdsskiller folder.
Important!: Run this fix once and once only.
Double click the TDSSKiller icon on you're desktop then click Start scan.
A box will appear saying System scan completed.
If any Malicious objects are found click Cure > Continue > Reboot now.
A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
To find the log click Start > Computer > C:.
Please post the contents of that log in your next reply.



Next

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  

  For instructions on how to disable your security programs, please see this topic below
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

• Double click combofix.exe & follow the prompts.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  Click on Yes, to continue scanning for malware.
• When finished, it will produce a log. Please save that log to post in your next reply
• Re-enable all the programs that were disabled during the running of ComboFix..

Please post back with

TDSSKiller Log
Combofix Log
And a description of how your system is now.

[Atrax]

Ok, here's the TDSSKiller log:

2010/08/13 00:30:36.0656 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/13 00:30:36.0656 ================================================================================
2010/08/13 00:30:36.0656 SystemInfo:
2010/08/13 00:30:36.0656
2010/08/13 00:30:36.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/13 00:30:36.0656 Product type: Workstation
2010/08/13 00:30:36.0656 ComputerName: PHRIXUS
2010/08/13 00:30:36.0656 UserName: Declan Gunn
2010/08/13 00:30:36.0656 Windows directory: C:\WINDOWS
2010/08/13 00:30:36.0656 System windows directory: C:\WINDOWS
2010/08/13 00:30:36.0656 Processor architecture: Intel x86
2010/08/13 00:30:36.0656 Number of processors: 1
2010/08/13 00:30:36.0656 Page size: 0x1000
2010/08/13 00:30:36.0656 Boot type: Normal boot
2010/08/13 00:30:36.0656 ================================================================================
2010/08/13 00:30:36.0843 Initialize success
2010/08/13 00:30:44.0468 ================================================================================
2010/08/13 00:30:44.0468 Scan started
2010/08/13 00:30:44.0468 Mode: Manual;
2010/08/13 00:30:44.0468 ================================================================================
2010/08/13 00:30:44.0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/13 00:30:45.0031 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/13 00:30:45.0125 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/08/13 00:30:45.0328 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/08/13 00:30:45.0500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/13 00:30:45.0578 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/08/13 00:30:45.0687 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/13 00:30:45.0890 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/08/13 00:30:45.0968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/13 00:30:46.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/13 00:30:46.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/13 00:30:46.0359 ati2mtag (9bbefce3d18cf3c6eaf4f13920f75200) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/08/13 00:30:46.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/13 00:30:46.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/13 00:30:46.0750 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/13 00:30:46.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/13 00:30:46.0937 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/13 00:30:46.0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/13 00:30:47.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/13 00:30:47.0109 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys
2010/08/13 00:30:47.0390 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/13 00:30:47.0453 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/13 00:30:47.0546 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/13 00:30:47.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/13 00:30:47.0734 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/13 00:30:47.0796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/13 00:30:47.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/13 00:30:47.0906 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/13 00:30:48.0000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/13 00:30:48.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/13 00:30:48.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/13 00:30:48.0156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/13 00:30:48.0187 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/13 00:30:48.0250 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/13 00:30:48.0343 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/13 00:30:48.0421 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/08/13 00:30:48.0640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/13 00:30:48.0734 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/13 00:30:48.0859 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/13 00:30:48.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/13 00:30:49.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/13 00:30:49.0125 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/13 00:30:49.0187 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/13 00:30:49.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/13 00:30:49.0296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/13 00:30:49.0375 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/13 00:30:49.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/13 00:30:49.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/13 00:30:49.0531 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/13 00:30:49.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/13 00:30:49.0718 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/13 00:30:49.0890 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/08/13 00:30:50.0015 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/08/13 00:30:50.0171 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/08/13 00:30:50.0281 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/08/13 00:30:50.0406 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/08/13 00:30:50.0515 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/08/13 00:30:50.0578 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/08/13 00:30:50.0609 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/08/13 00:30:50.0765 mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/08/13 00:30:50.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/13 00:30:50.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/13 00:30:51.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/13 00:30:51.0109 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/13 00:30:51.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/13 00:30:51.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/13 00:30:51.0281 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/13 00:30:51.0343 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/13 00:30:51.0406 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/13 00:30:51.0515 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/13 00:30:51.0562 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/13 00:30:51.0625 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/13 00:30:51.0687 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/08/13 00:30:51.0765 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/13 00:30:51.0812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/13 00:30:51.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/13 00:30:51.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/13 00:30:51.0937 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/13 00:30:52.0000 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/13 00:30:52.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/13 00:30:52.0156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/13 00:30:52.0218 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/13 00:30:52.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/13 00:30:52.0312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/13 00:30:52.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/13 00:30:52.0453 nvata (11d1ad7e946538e02f9ef6a6e1792061) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/08/13 00:30:52.0500 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/08/13 00:30:52.0578 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/08/13 00:30:52.0703 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/13 00:30:52.0781 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/13 00:30:52.0828 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/13 00:30:52.0875 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/13 00:30:52.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/13 00:30:52.0968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/13 00:30:53.0015 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/13 00:30:53.0109 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/13 00:30:53.0171 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/13 00:30:53.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/13 00:30:53.0453 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/13 00:30:53.0515 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/13 00:30:53.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/13 00:30:53.0625 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/13 00:30:53.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/13 00:30:53.0953 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/13 00:30:54.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/13 00:30:54.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/13 00:30:54.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/13 00:30:54.0125 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/13 00:30:54.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/13 00:30:54.0250 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/13 00:30:54.0375 RTL8192su (7bfdf13721f0366212ab8e94361a05bd) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
2010/08/13 00:30:54.0625 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/13 00:30:54.0640 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/13 00:30:54.0781 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2010/08/13 00:30:54.0890 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/08/13 00:30:55.0015 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/13 00:30:55.0093 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
2010/08/13 00:30:55.0203 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/13 00:30:55.0234 Serial (a8f7364ce3a876f48940f87746c8dd3b) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/13 00:30:55.0234 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: a8f7364ce3a876f48940f87746c8dd3b, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7
2010/08/13 00:30:55.0250 Serial - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/13 00:30:55.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/13 00:30:55.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/13 00:30:55.0406 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/13 00:30:55.0484 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/13 00:30:55.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/13 00:30:55.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/13 00:30:55.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/13 00:30:55.0921 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/13 00:30:55.0984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/13 00:30:56.0062 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/13 00:30:56.0109 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/13 00:30:56.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/13 00:30:56.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/13 00:30:56.0359 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/13 00:30:56.0390 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/13 00:30:56.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/13 00:30:56.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/13 00:30:56.0500 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/13 00:30:56.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/13 00:30:56.0609 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/13 00:30:56.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/13 00:30:56.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/13 00:30:56.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/13 00:30:56.0906 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2010/08/13 00:30:57.0015 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2010/08/13 00:30:57.0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/13 00:30:57.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/13 00:30:57.0359 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
2010/08/13 00:30:57.0500 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/13 00:30:57.0562 ================================================================================
2010/08/13 00:30:57.0562 Scan finished
2010/08/13 00:30:57.0562 ================================================================================
2010/08/13 00:30:57.0562 Detected object count: 1
2010/08/13 00:31:18.0765 Serial (a8f7364ce3a876f48940f87746c8dd3b) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/13 00:31:18.0765 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: a8f7364ce3a876f48940f87746c8dd3b, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7
2010/08/13 00:31:19.0015 Backup copy found, using it..
2010/08/13 00:31:19.0015 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured after reboot
2010/08/13 00:31:19.0015 Rootkit.Win32.TDSS.tdl3(Serial) - User select action: Cure
2010/08/13 00:31:23.0312 Deinitialize success

[Atrax]

And here's my Combolog:

ComboFix 10-08-12.02 - Declan Gunn 08/13/2010 0:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.641 [GMT -7:00]
Running from: c:\documents and settings\Declan Gunn\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG1B.tmp
C:\LOG25.tmp
C:\LOG28.tmp
C:\LOG4C.tmp
C:\LOG52.tmp
C:\LOG72.tmp
C:\LOGF.tmp

.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-12 22:58 . 2010-08-12 22:59 -------- d-----w- c:\program files\ERUNT
2010-08-12 10:34 . 2008-04-13 18:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-08-12 10:34 . 2008-04-13 18:40 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-08-11 07:11 . 2010-08-11 07:12 -------- d-----w- C:\rsit
2010-08-11 07:11 . 2010-08-11 07:11 -------- d-----w- c:\program files\trend micro
2010-08-09 00:12 . 2010-08-09 00:12 388096 ----a-r- c:\documents and settings\Declan Gunn\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-06 07:43 . 2010-08-06 07:43 503808 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\msvcp71.dll
2010-08-06 07:43 . 2010-08-06 07:43 499712 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\jmc.dll
2010-08-06 07:43 . 2010-08-06 07:43 348160 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\msvcr71.dll
2010-08-06 07:43 . 2010-08-06 07:43 61440 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4948468c-n\decora-sse.dll
2010-08-06 07:43 . 2010-08-06 07:43 12800 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4948468c-n\decora-d3d.dll
2010-08-02 22:43 . 2010-08-02 22:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-08-02 07:21 . 2010-08-13 07:33 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\WTablet
2010-08-02 07:20 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-08-02 07:20 . 2007-02-16 18:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-08-02 07:20 . 2010-08-02 07:20 -------- d-----w- c:\windows\system32\WTablet
2010-08-02 07:20 . 2007-03-31 01:06 1189424 ------w- c:\windows\system32\Tablet.exe
2010-08-02 07:20 . 2007-03-31 00:38 124464 ------w- c:\windows\system32\Wintab32.dll
2010-08-02 07:20 . 2010-08-02 07:20 -------- d-----w- c:\program files\Tablet
2010-08-02 07:18 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-02 07:18 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-30 07:16 . 2010-08-05 00:12 63488 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 07:16 . 2010-07-30 07:16 52224 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 07:16 . 2010-08-05 00:12 117760 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-26 07:25 . 2010-07-26 07:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bdglnnbms
2010-07-26 07:25 . 2010-08-13 00:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-22 09:01 . 2010-07-22 09:01 -------- d-----w- c:\documents and settings\Declan Gunn\Local Settings\Application Data\uhymriyqs
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\documents and settings\Declan Gunn\Local Settings\Application Data\Ahead
2010-07-14 20:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 07:32 . 2004-08-04 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2010-08-12 23:09 . 2010-04-02 02:01 1 ----a-w- c:\documents and settings\Declan Gunn\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 00:21 . 2010-04-01 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-07-31 23:56 . 2010-04-11 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-26 00:22 . 2010-04-19 02:53 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\U3
2010-07-11 21:11 . 2010-07-11 21:11 -------- d-----w- c:\program files\3ivx
2010-07-11 21:11 . 2010-07-11 21:11 -------- d-----w- c:\program files\Flip Video
2010-07-11 21:10 . 2010-07-11 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-06-25 20:22 . 2010-06-25 20:22 -------- d-----w- c:\program files\ETS
2010-06-14 14:31 . 2010-04-01 07:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-28 07:43 . 2010-05-28 07:43 503808 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\msvcp71.dll
2010-05-28 07:43 . 2010-05-28 07:43 499712 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\jmc.dll
2010-05-28 07:43 . 2010-05-28 07:43 348160 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\msvcr71.dll
2010-05-28 07:43 . 2010-05-28 07:43 61440 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5bf42a0f-n\decora-sse.dll
2010-05-28 07:43 . 2010-05-28 07:43 12800 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5bf42a0f-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-30 270336]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2010-4-1 505152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/14/2010 7:14 PM 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [4/1/2010 12:34 PM 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/14/2010 7:14 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/14/2010 7:14 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/14/2010 7:14 PM 88480]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [4/1/2010 12:34 PM 588032]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/14/2010 7:14 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/14/2010 7:14 PM 83496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 00:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1436)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1492)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-08-13 01:01:34
ComboFix-quarantined-files.txt 2010-08-13 08:01

Pre-Run: 208,944,451,584 bytes free
Post-Run: 209,234,268,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CE3490AC88C41EF6089E33DE5899F412

[Atrax]

As far as how my system is, it's too early to be sure, but I think it's running a lot better.

It seems to run a little faster. As far as the random popups and redirections, it's too soon to tell I guess, but I haven't had one yet.

Thank you for all your help thus far!

[DFW]

Hi Atrax, a little way to go, but things should be improving now.




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE), and save it to your desktop
http://cds.sun.com/is-bin/INTERSHOP.enf ... s-i586.exe
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.




Run Combofix Script
Stop all your monitoring programs (Antivirus/Antispyware, Firewalls, Guards and Shields) as they could easily interfere with ComboFix.

For instructions on how to disable your security programs, please see this topic below
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

• Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  Code: Select all

   
  DirLook::
  c:\documents and settings\NetworkService\Local Settings\Application Data\bdglnnbms
  
  Folder:: 
  c:\documents and settings\Declan Gunn\Local Settings\Application Data\uhymriyqs
  

  
  
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.




Next
TFC(Temp File Cleaner)

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.




Next
Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

Next
Run RSIT

Please note there will be only one log this time.

• RUN random's system information tool by doulbe clicking on (RSIT)on your desktop
• Click Continue at the disclaimer screen.
• Once it has finished, one log will open.
• Please post the contents into next reply

Please post back with

Combofix Log
Online Scam Log
RSIT Log

[Atrax]

Ok, just finished running those programs.

Here's my combofix log:

ComboFix 10-08-12.03 - Declan Gunn 08/13/2010 17:37:46.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.490 [GMT -7:00]
Running from: c:\documents and settings\Declan Gunn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Declan Gunn\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Declan Gunn\Local Settings\Application Data\uhymriyqs

.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 00:28 . 2010-08-14 00:28 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 00:27 . 2010-08-14 00:27 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-12 22:58 . 2010-08-12 22:59 -------- d-----w- c:\program files\ERUNT
2010-08-12 10:34 . 2008-04-13 18:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-08-12 10:34 . 2008-04-13 18:40 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2010-08-11 07:11 . 2010-08-11 07:12 -------- d-----w- C:\rsit
2010-08-11 07:11 . 2010-08-11 07:11 -------- d-----w- c:\program files\trend micro
2010-08-09 00:12 . 2010-08-09 00:12 388096 ----a-r- c:\documents and settings\Declan Gunn\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-06 07:43 . 2010-08-06 07:43 503808 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\msvcp71.dll
2010-08-06 07:43 . 2010-08-06 07:43 499712 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\jmc.dll
2010-08-06 07:43 . 2010-08-06 07:43 348160 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7429a6af-n\msvcr71.dll
2010-08-06 07:43 . 2010-08-06 07:43 61440 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4948468c-n\decora-sse.dll
2010-08-06 07:43 . 2010-08-06 07:43 12800 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4948468c-n\decora-d3d.dll
2010-08-02 22:43 . 2010-08-02 22:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-08-02 07:21 . 2010-08-14 00:26 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\WTablet
2010-08-02 07:20 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-08-02 07:20 . 2007-02-16 18:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-08-02 07:20 . 2010-08-02 07:20 -------- d-----w- c:\windows\system32\WTablet
2010-08-02 07:20 . 2007-03-31 01:06 1189424 ------w- c:\windows\system32\Tablet.exe
2010-08-02 07:20 . 2007-03-31 00:38 124464 ------w- c:\windows\system32\Wintab32.dll
2010-08-02 07:20 . 2010-08-02 07:20 -------- d-----w- c:\program files\Tablet
2010-08-02 07:18 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-02 07:18 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-30 07:16 . 2010-08-05 00:12 63488 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 07:16 . 2010-07-30 07:16 52224 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 07:16 . 2010-08-05 00:12 117760 ----a-w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\SUPERAntiSpyware.com
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-30 07:16 . 2010-07-30 07:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-26 07:25 . 2010-07-26 07:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bdglnnbms
2010-07-26 07:25 . 2010-08-13 00:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 16:46 . 2010-07-21 16:46 -------- d-----w- c:\documents and settings\Declan Gunn\Local Settings\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 07:32 . 2004-08-04 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2010-08-12 23:09 . 2010-04-02 02:01 1 ----a-w- c:\documents and settings\Declan Gunn\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-04 00:21 . 2010-04-01 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-07-31 23:56 . 2010-04-11 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-26 00:22 . 2010-04-19 02:53 -------- d-----w- c:\documents and settings\Declan Gunn\Application Data\U3
2010-07-11 21:11 . 2010-07-11 21:11 -------- d-----w- c:\program files\3ivx
2010-07-11 21:11 . 2010-07-11 21:11 -------- d-----w- c:\program files\Flip Video
2010-07-11 21:10 . 2010-07-11 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-06-25 20:22 . 2010-06-25 20:22 -------- d-----w- c:\program files\ETS
2010-06-14 14:31 . 2010-04-01 07:01 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-28 07:43 . 2010-05-28 07:43 503808 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\msvcp71.dll
2010-05-28 07:43 . 2010-05-28 07:43 499712 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\jmc.dll
2010-05-28 07:43 . 2010-05-28 07:43 348160 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4673a8b5-n\msvcr71.dll
2010-05-28 07:43 . 2010-05-28 07:43 61440 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5bf42a0f-n\decora-sse.dll
2010-05-28 07:43 . 2010-05-28 07:43 12800 ----a-w- c:\documents and settings\Declan Gunn\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5bf42a0f-n\decora-d3d.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\NetworkService\Local Settings\Application Data\bdglnnbms ----



((((((((((((((((((((((((((((( SnapShot@2010-08-13_07.58.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-14 00:27 . 2010-08-14 00:27 16384 c:\windows\Temp\Perflib_Perfdata_990.dat
+ 2010-04-01 07:06 . 2010-08-13 10:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-01 07:06 . 2010-08-12 23:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-01 07:06 . 2010-08-13 10:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-01 07:06 . 2010-08-12 23:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-01 07:06 . 2010-08-12 23:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-13 10:17 . 2010-08-13 10:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-08-14 00:27 . 2010-08-14 00:27 153376 c:\windows\system32\javaws.exe
- 2010-04-07 06:08 . 2010-04-07 06:08 153376 c:\windows\system32\javaws.exe
+ 2010-08-14 00:27 . 2010-08-14 00:27 145184 c:\windows\system32\javaw.exe
- 2010-04-07 06:08 . 2010-04-07 06:08 145184 c:\windows\system32\javaw.exe
+ 2010-08-14 00:27 . 2010-08-14 00:27 145184 c:\windows\system32\java.exe
- 2010-04-07 06:08 . 2010-04-07 06:08 145184 c:\windows\system32\java.exe
+ 2010-08-14 00:28 . 2010-08-14 00:28 180224 c:\windows\Installer\15f0b.msi
+ 2010-08-14 00:27 . 2010-08-14 00:27 677376 c:\windows\Installer\15f06.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-07-30 270336]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2010-4-1 505152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/14/2010 7:14 PM 82952]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/1/2010 12:11 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/14/2010 7:13 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/14/2010 7:13 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/14/2010 7:14 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/14/2010 7:14 PM 141792]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [4/1/2010 12:34 PM 20480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/14/2010 7:14 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/14/2010 7:14 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/14/2010 7:14 PM 88480]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [4/1/2010 12:34 PM 588032]
S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [4/1/2010 12:34 PM 167936]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/14/2010 7:14 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/14/2010 7:14 PM 83496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.occ.treas.gov/jobs/entry-level.htm
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 17:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1436)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1492)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(4860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-08-13 17:46:25
ComboFix-quarantined-files.txt 2010-08-14 00:46
ComboFix2.txt 2010-08-13 08:01

Pre-Run: 208,941,395,968 bytes free
Post-Run: 208,969,093,120 bytes free

- - End Of File - - E121BF9F604723A363B2B6D91149E631

[Atrax]

The online scan revealed No Threats, but here's the log anyway:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 14, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 14, 2010 13:48:54
Records in database: 4132581
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 155814
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:46:08

No threats found. Scanned area is clean.

Selected area has been scanned.