Solved Virus/Malware Win32:Bamital-x

G

Gremmy

Posts: 45   +0
Managed to get this virus on my computer somehow, seems to be hijacking my browser and redirecting me to random websites.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4461

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

22/08/2010 12:37:36
mbam-log-2010-08-22 (12-37-36).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 394515
Time elapsed: 1 hour(s), 19 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-22 14:16:10
Windows 6.0.6002 Service Pack 2
Running: z9g1iwmt.exe; Driver: C:\Users\Theo\AppData\Local\Temp\pxldipog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8F0FB88E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8F0FB0EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8F0FADCE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8F0FC938]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8F0FAED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8F0FAFC2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8F0FBBBC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8F0FB3F4]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8F0FB526]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8F0FABFC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8F0FBB04]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8F0FB70C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8F1AAB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8F1AA9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8F1AAAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1A9 822FA90C 4 Bytes [8E, B8, 0F, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D9 822FA93C 4 Bytes [EC, B0, 0F, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1E9 822FA94C 4 Bytes [CE, AD, 0F, 8F]
.text ntkrnlpa.exe!KeSetEvent + 215 822FA978 4 Bytes [38, C9, 0F, 8F]
.text ntkrnlpa.exe!KeSetEvent + 2D5 822FAA38 4 Bytes [D8, AE, 0F, 8F]
.text ...
PAGE ntkrnlpa.exe!ZwLoadDriver 823B9DF0 7 Bytes JMP 8F1AAAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8242528F 5 Bytes JMP 8F1A65B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 8247E063 5 Bytes JMP 8F1A7F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8247F905 7 Bytes JMP 8F1AA9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 824DF90A 7 Bytes JMP 8F1AABA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1856] kernel32.dll!CreateProcessInternalW 75AD53DF 5 Bytes JMP 0047874A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3304] ntdll.dll!LdrLoadDll 77239390 5 Bytes JMP 00D313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!closesocket 7673330C 5 Bytes JMP 0005660B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!recv 7673343A 5 Bytes JMP 000563C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!WSASend 76734496 5 Bytes JMP 00056477
.text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!send 7673659B 5 Bytes JMP 0005634D
.text C:\Program Files\Mozilla Firefox\firefox.exe[3304] WS2_32.dll!WSARecv 76738400 5 Bytes JMP 00056511
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3800] USER32.dll!TrackPopupMenu 76A114F3 5 Bytes JMP 66F7721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[600] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[600] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-03-17.01) - NTFSx86
Run by Theo at 14:16:19.96 on 22/08/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.1765 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Theo\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
StartupFolder: c:\users\theo\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\theo\appdata\roaming\mozilla\firefox\profiles\q15h6s1j.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\theo\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\theo\appdata\roaming\mozilla\firefox\profiles\q15h6s1j.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-1-10 21728]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-21 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-8-21 142592]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-7-4 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-21 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-21 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-21 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-4 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-5 22904]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-21 21:17:41 0 d-----w- C:\$RECYCLE.BIN
2010-08-21 17:33:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-21 17:33:36 0 d-----w- c:\users\theo\appdata\roaming\Spyware Terminator
2010-08-21 17:33:35 0 d-----w- c:\programdata\Spyware Terminator
2010-08-21 17:33:35 0 d-----w- c:\program files\Spyware Terminator
2010-08-21 17:23:38 0 d---a-w- c:\programdata\TEMP
2010-08-21 15:43:42 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-21 15:42:51 38848 ----a-w- c:\windows\avastSS.scr
2010-08-21 14:48:25 691 ----a-w- c:\users\theo\appdata\roaming\GetValue.vbs
2010-08-21 14:48:25 35 ----a-w- c:\users\theo\appdata\roaming\SetValue.bat
2010-08-21 13:56:01 0 d-----w- c:\programdata\Alwil Software
2010-08-20 23:24:43 0 d-----w- C:\$RECYCLE(0).BIN
2010-08-20 23:11:15 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-08-20 22:55:26 5 ----a-w- C:\zrpt.xml
2010-08-19 14:07:41 0 d-----w- c:\program files\common files\DivX Shared
2010-08-19 14:06:58 0 d-----w- c:\program files\DivX
2010-08-19 14:06:42 0 d-----w- c:\programdata\DivX
2010-08-18 16:59:58 0 d-----w- c:\users\theo\appdata\roaming\ProfitUI Reborn Updater
2010-08-12 23:44:58 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 23:44:45 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 23:44:44 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 23:44:40 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 23:44:38 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 23:44:38 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 23:44:36 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-05 14:05:04 98816 ----a-w- c:\windows\sed.exe
2010-08-05 14:05:04 77312 ----a-w- c:\windows\MBR.exe
2010-08-05 14:05:04 256512 ----a-w- c:\windows\PEV.exe
2010-08-05 14:05:04 161792 ----a-w- c:\windows\SWREG.exe

==================== Find3M ====================

2010-08-22 12:23:39 8050 ----a-w- c:\users\theo\appdata\roaming\wklnhst.dat
2010-08-22 08:27:39 36821 ----a-w- c:\programdata\nvModes.dat
2010-07-04 17:55:05 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-04 17:55:05 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-04 17:54:57 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:16:20 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-07 23:57:00 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 23:57:00 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4967528 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-06-07 23:57:00 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-07 23:57:00 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 16:48:04 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:48:04 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:48:04 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:48:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-05-27 20:08:17 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-03 00:00:40 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2004-06-02 00:47:51 1774540 ----a-w- c:\program files\Picture 005.jpg
2010-05-01 15:35:14 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-04 18:37:59 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:16:31.39 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 04/07/2009 11:49:41
System Uptime: 22/08/2010 09:27:10 (5 hours ago)

Motherboard: Dell Inc. | | 0N826N
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2331/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 353.099 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.719 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 149 GiB total, 23.14 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Advanced Combat Tracker (remove only)
avast! Free Antivirus
Betfair Poker
BitComet 1.16
CCleaner
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Dell Dock
Dell Edoc Viewer
Dell Support Center (Support Software)
DivX Setup
EQ2MAP Updater 1.2.4
Facebook Plug-In
Garena
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 13
Junk Mail filter update
Magic ISO Maker v5.5 (build 0276)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mohawk Voice 1.1
Mozilla Firefox (3.6.8)
MSVCRT
NETGEAR WG111v2 wireless USB 2.0 adapter
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
ProfitUI Reborn Updater
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Spyware Terminator
Steam
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VLC media player 1.0.3
Warcraft III
Warcraft III: All Products
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver

==== Event Viewer Messages From Past Week ========

22/08/2010 09:25:57, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
21/08/2010 22:16:21, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21/08/2010 19:28:31, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:19:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr sp_rsdrv2 tdx Wanarpv6
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/08/2010 19:19:23, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
21/08/2010 19:18:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
21/08/2010 19:18:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/08/2010 19:18:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
21/08/2010 19:18:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
21/08/2010 19:18:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
21/08/2010 19:18:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/08/2010 19:17:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21/08/2010 18:36:51, Error: Service Control Manager [7034] - The SCM_Service service terminated unexpectedly. It has done this 1 time(s).
21/08/2010 15:45:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Wanarpv6
21/08/2010 14:22:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
21/08/2010 14:08:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
21/08/2010 13:34:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
20/08/2010 23:57:46, Error: EventLog [6008] - The previous system shutdown at 23:55:37 on 20/08/2010 was unexpected.
19/08/2010 16:07:16, Error: EventLog [6008] - The previous system shutdown at 16:06:08 on 19/08/2010 was unexpected.
16/08/2010 16:31:42, Error: PlugPlayManager [12] - The device 'Maxtor 6V160E0 ATA Device' (IDE\DiskMaxtor_6V160E0__________________________VA111630\5&9bbbd79&0&1.0.0) disappeared from the system without first being prepared for removal.
16/08/2010 16:31:41, Error: disk [15] - The device, \Device\Harddisk1\DR1, is not ready for access yet.
15/08/2010 19:12:40, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 000FB5CD5F8C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
 
Gremmy, there is something you need to be aware of. This is a very busy forum. Your last log was only posted 37 minutes ago and although the problem may be "driving you nuts", it makes me a bit nuts that you are bumping a thread only 3 minutes later!

This is Sunday morning and there are others ahead of you. I will check your logs as soon as I can.

It look like you have the hidden files and folders showing. This is not safe, so please check and re-hide:
  • Open the Control Panel> go to Folder Options
  • Select the View tab.
  • Scroll down to Hidden files and folders.
  • Check 'Do not show hidden files and folders.
  • Check Hide protected operating system files (Recommended).
  • Click Apply> OK
  • Close Folder Options.
  • Reboot the computer.
You can run the following 2 scans while I'm checking these logs:

Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply. Split the report into 2 replies if needed.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=======================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
ComboFix 10-08-21.06 - Theo 22/08/2010 15:47:02.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.2215 [GMT 1:00]
Running from: c:\users\Theo\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 14:52 . 2010-08-22 14:54 -------- d-----w- c:\users\Theo\AppData\Local\temp
2010-08-22 14:52 . 2010-08-22 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-21 17:33 . 2010-08-21 17:35 -------- d-----w- c:\users\Theo\AppData\Roaming\Spyware Terminator
2010-08-21 17:33 . 2010-08-21 17:33 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-08-21 17:33 . 2010-08-21 17:33 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-08-21 17:33 . 2010-08-21 17:33 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-21 17:33 . 2010-08-22 03:29 -------- d-----w- c:\program files\Spyware Terminator
2010-08-21 17:33 . 2010-08-22 03:26 -------- d-----w- c:\programdata\Spyware Terminator
2010-08-21 15:43 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-21 15:43 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-21 15:43 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-21 15:43 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-21 15:43 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-21 15:42 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-21 15:42 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-21 14:48 . 2010-08-21 14:52 35 ----a-w- c:\users\Theo\AppData\Roaming\SetValue.bat
2010-08-21 13:56 . 2010-08-21 13:56 -------- d-----w- c:\programdata\Alwil Software
2010-08-21 13:56 . 2010-08-21 13:56 -------- d-----w- c:\program files\Alwil Software
2010-08-21 13:35 . 2010-08-21 14:29 -------- d-----w- c:\users\Theo\AppData\Local\Temp(149)
2010-08-21 12:41 . 2010-08-21 13:22 -------- d-----w- c:\users\Theo\AppData\Local\Temp(148)
2010-08-20 23:24 . 2010-08-21 22:31 -------- d-----w- C:\$RECYCLE(0).BIN
2010-08-20 23:11 . 2009-04-11 04:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-08-19 14:58 . 2010-08-19 16:25 -------- d-----w- c:\users\Theo\AppData\Local\ixiejwtcn
2010-08-19 14:58 . 2010-08-19 16:25 -------- d-----w- c:\users\Theo\AppData\Local\rxcfjetjl
2010-08-19 14:07 . 2010-08-19 14:07 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-19 14:07 . 2010-08-19 14:07 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-08-19 14:07 . 2010-08-19 14:07 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-08-19 14:07 . 2010-08-19 14:07 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-08-19 14:07 . 2010-08-19 14:07 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-19 14:07 . 2010-08-19 14:07 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-19 14:07 . 2010-08-19 14:07 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-08-19 14:07 . 2010-08-21 23:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-19 14:07 . 2010-08-19 14:07 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-08-19 14:06 . 2010-08-21 23:41 -------- d-----w- c:\program files\DivX
2010-08-19 14:06 . 2010-08-19 14:09 -------- d-----w- c:\programdata\DivX
2010-08-18 16:59 . 2010-08-21 23:41 -------- d-----w- c:\users\Theo\AppData\Roaming\ProfitUI Reborn Updater
2010-08-12 23:44 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 23:44 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 23:44 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 23:44 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 23:44 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 23:44 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 23:44 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-08 16:21 . 2010-08-21 23:38 -------- d-----w- c:\users\Theo\AppData\Local\Progvo_Software
2010-08-04 23:57 . 2010-08-05 00:10 -------- d-----w- c:\users\Theo\AppData\Local\osouudblj

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 14:54 . 2007-01-01 00:12 36821 ----a-w- c:\programdata\nvModes.dat
2010-08-22 14:53 . 2007-01-01 00:10 -------- d-----w- c:\programdata\NVIDIA
2010-08-22 14:35 . 2010-06-29 12:53 8204 ----a-w- c:\users\Theo\AppData\Roaming\wklnhst.dat
2010-08-22 14:30 . 2010-04-22 18:16 -------- d-----w- c:\users\Theo\AppData\Roaming\Advanced Combat Tracker
2010-08-22 13:35 . 2009-12-26 20:36 -------- d-----w- c:\users\Theo\AppData\Roaming\vlc
2010-08-21 23:41 . 2010-04-13 15:12 -------- d-----w- c:\users\Theo\AppData\Roaming\Ventrilo
2010-08-21 23:41 . 2010-02-27 16:24 -------- d-----w- c:\program files\EQ2MAP Updater
2010-08-21 23:41 . 2009-12-26 19:52 -------- d-----w- c:\program files\Steam
2010-08-21 23:41 . 2009-07-04 09:02 -------- d-----w- c:\program files\Microsoft Works
2010-08-21 23:41 . 2009-12-26 19:52 -------- d-----w- c:\program files\Common Files\Steam
2010-08-21 23:41 . 2009-07-04 09:04 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-21 23:37 . 2010-04-27 23:42 -------- d-----w- c:\program files\Mohawk Voice
2010-08-21 14:52 . 2010-08-21 14:48 691 ----a-w- c:\users\Theo\AppData\Roaming\GetValue.vbs
2010-08-20 23:49 . 2009-12-26 23:31 117760 ----a-w- c:\users\Theo\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-20 22:55 . 2010-02-03 02:09 -------- d-----w- c:\users\Theo\AppData\Roaming\Irce
2010-08-19 23:31 . 2010-08-19 14:08 -------- d-----w- c:\users\Theo\AppData\Roaming\DivX
2010-08-16 09:03 . 2010-03-17 05:59 -------- d-----w- c:\users\Theo\AppData\Roaming\Mieb
2010-08-16 01:37 . 2010-06-12 20:21 -------- d-----w- c:\users\Theo\AppData\Roaming\Elgi
2010-08-13 17:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-05 02:33 . 2010-05-19 22:45 -------- d-----w- c:\users\Theo\AppData\Roaming\Cyzuy
2010-08-05 00:18 . 2010-02-27 17:33 1356 ----a-w- c:\users\Theo\AppData\Local\d3d9caps.dat
2010-08-04 23:57 . 2010-02-13 09:00 -------- d-----w- c:\users\Theo\AppData\Roaming\Imam
2010-07-04 17:56 . 2009-12-26 23:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-04 17:56 . 2007-01-01 00:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-04 17:55 . 2010-07-04 17:55 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-07-04 03:45 . 2010-07-04 03:45 -------- d-----w- c:\programdata\TVU Networks
2010-06-29 12:53 . 2010-06-29 12:53 -------- d-----w- c:\users\Theo\AppData\Roaming\Template
2010-06-26 07:59 . 2009-12-26 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 06:05 . 2010-08-12 23:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 23:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 23:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 23:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 02:02 . 2010-06-26 02:02 -------- d-----w- c:\program files\Microsoft.NET
2010-06-21 18:17 . 2010-06-21 18:17 50354 ----a-w- c:\users\Theo\AppData\Roaming\Facebook\uninstall.exe
2010-06-21 13:37 . 2010-08-12 23:45 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:16 . 2010-08-12 23:45 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-09 23:01 . 2007-11-14 01:00 45648 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Theo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-07 23:57 . 2010-07-04 17:53 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2010-07-04 17:53 4967528 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-06-07 23:57 . 2010-07-04 17:53 10888168 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-06-07 23:57 . 2010-07-04 17:53 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2010-07-04 17:53 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2010-07-04 17:53 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2010-07-04 17:53 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-07 23:57 . 2010-07-04 17:53 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-07 23:57 . 2010-07-04 17:53 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2010-07-04 17:53 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 23:57 . 2007-01-01 00:08 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 23:57 . 2007-01-01 00:08 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 16:48 . 2010-06-07 16:48 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:48 . 2010-06-07 16:48 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:48 . 2010-06-07 16:48 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:48 . 2010-06-07 16:48 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-05-27 20:08 . 2010-08-12 23:45 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-11 14:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 14:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2004-06-02 00:47 . 2009-02-28 19:25 1774540 ----a-w- c:\program files\Picture 005.jpg
2009-07-04 18:37 . 2009-04-11 17:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2009-04-11 . 83DE263963AC17119702EEB3E07464CA . 2923520 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-26 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6609440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-13 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-13 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-13 141848]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-29 206064]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-08-21 2176512]

c:\users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-12-27 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2010-1-10 1261568]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Theo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2010-08-21 17:33 2176512 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-08-21 17:33 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-26 22:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):08,dc,b6,40,3a,8b,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 135664]
R3 GarenaPEngine;GarenaPEngine;c:\users\Theo\AppData\Local\Temp\ZWM8A94.tmp [x]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-11-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-11-23 74480]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-08-21 142592]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-13 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 15:18]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 15:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Theo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
 
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 15:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Theo\AppData\Local\Temp\ZWM8A94.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-08-22 15:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-22 14:58
ComboFix2.txt 2010-08-21 21:22
ComboFix3.txt 2010-08-21 13:03
ComboFix4.txt 2010-08-21 12:46
ComboFix5.txt 2010-08-22 14:45

Pre-Run: 379,108,188,160 bytes free
Post-Run: 379,057,115,136 bytes free

- - End Of File - - 7C91C9BEEFFB50BA8EBC136941639A57
 
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a9e16ef999d75b42a189f38a3f8a45bc
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-22 04:09:50
# local_time=2010-08-22 05:09:50 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 20096977 20096977 0 0
# compatibility_mode=768 16777215 100 0 90372 90372 0 0
# compatibility_mode=5892 16776573 100 100 55237 120022061 0 0
# compatibility_mode=7937 16777213 100 100 41580 7657533 0 0
# compatibility_mode=8192 67108863 100 0 138 138 0 0
# scanned=280098
# found=3
# cleaned=0
# scan_time=4056
C:\Qoobox\Quarantine\C\Users\Theo\AppData\Roaming\Uhum\sodi.exe.vir a variant of Win32/Kryptik.FTQ trojan 00000000000000000000000000000000 I
C:\Windows\System32\hlp.dat Win32/Bamital.DT trojan 00000000000000000000000000000000 I
F:\Downloads\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_123a_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe probably a variant of Win32/IRCBot.EEUKPVI trojan 00000000000000000000000000000000 I
 
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    :Processes	

:Files  
C:\Windows\System32\hlp.dat 
F:\Downloads\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_123a_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Warcraft III Reign Of Chaos Keygen.exe is a pirated program. It will have to be uninstalled if you want to continue support. I recommend you do that because you still have some entries to be removed and identified..

Why are there multiple runs of Combofix?
ComboFix2.txt 2010-08-21 21:22
ComboFix3.txt 2010-08-21 13:03
ComboFix4.txt 2010-08-21 12:46
ComboFix5.txt 2010-08-22 14:45
 
All processes killed
========== PROCESSES ==========
========== FILES ==========
File move failed. C:\Windows\System32\hlp.dat scheduled to be moved on reboot.
File/Folder F:\Downloads\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_123a_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Theo
->Temp folder emptied: 140096 bytes
->Temporary Internet Files folder emptied: 143024 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50609940 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08222010_193003

Files moved on Reboot...
File move failed. C:\Windows\System32\hlp.dat scheduled to be moved on reboot.
File C:\Windows\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

I uninstalled Warcraft III Reign Of Chaos Keygen.exe and followed your instructions.

There are multiple runs of Combofix due to me asking for help yesterday on another forum but the problem was never fixed. =(

Again, thanks for taking your time out Bobbye.. much appreciated
 
Gremmy, do you have any idea what the following app data folders are for? I've included the date they were created:
2010-08-19 16:25 > c:\users\Theo\AppData\Local\ixiejwtcn
2010-08-19 16:25 > c:\users\Theo\AppData\Local\rxcfjetjl
2010-08-05 00:10 > c:\users\Theo\AppData\Local\osouudblj

I have some script set up for you to run in Combofix, But I cannot identify these folders.

It also appears that there is a problem with dependencies not running for some of the Services. Have you disabled or changed the Startup Type for any Services recently?
 
I do not recognise those folders whatsoever. However, I did recently disable start up for msn messenger by typing "msconfig" in the run section, within the last 2-3 days in fact.

Many thanks Bobbye
 
You're welcome. But before I move these files, I'd like you to submit for identification:

Suspicious file(s) to scan: > browse or upload:

c:\users\Theo\AppData\Local\ixiejwtcn

c:\users\Theo\AppData\Local\rxcfjetjl

Browse to or upload each of the above, one at a time, then scan. Use any one of the sites below.

http://www.virustotal.com/
http://virusscan.jotti.org/en
http://www.virscan.org/

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

I have some script set up for you to run. As soon as I see the logs from the online ID, I'll know whether to add it.
 
Can't seem to upload any of those folders as they're both empty? That or i'm doing something wrong?
 
Okay, off they go!
Please run this Custom CFScript


  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
KillAll::
File::

Folder::
C:\zrpt.xml
c:\users\Theo\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\users\Theo\AppData\Local\Temp(149)
c:\users\Theo\AppData\Local\Temp(148)
c:\users\Theo\AppData\Local\ixiejwtcn
c:\users\Theo\AppData\Local\rxcfjetjl
c:\users\Theo\AppData\Local\osouudblj

Registry::

Driver::
aswSP
aswFsBlk
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Download the HijackThis Installer HERE and save to the desktop:
  1. Double-click on HJTInstall.exe to run the program.
  2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Accept the license agreement by clicking the "I Accept" button.
  4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  5. Click "Save log" to save the log file and then the log will open in notepad.
  6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Note: You continue to put the system at risk for using BitComet for downloading.
 
When I ran combofix and it had finished scanning it gave me the msg it needed to restart, the computer seemed to freeze at "logging off" point for quite some time. I had to manually turn the computer off then back on again. It still produced the combofix log however.

I'll uninstall BitComet whilst awaiting your reply, many thanks Bobbye
 

Attachments

  • combofix.txt
    22.9 KB · Views: 1
  • hijackthis.log
    6.5 KB · Views: 2
Sorry about the missing HijackThis link- you're right- it isn't in the thread any more!

Download the HijackThis Installer HERE and save to the desktop:
  1. Double-click on HJTInstall.exe to run the program.
  2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Accept the license agreement by clicking the "I Accept" button.
  4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  5. Click "Save log" to save the log file and then the log will open in notepad.
  6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Eset log is clean. How is the system running now?
 
Seems to be running much, much better... I randomly googled a couple of keywords and it did NOT re-direct me. As requested

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:00:44, on 26/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\Explorer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Sony\Station\Station Launcher\LaunchPad2\StationLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\EverQuest II\EverQuest2.exe
C:\Program Files\Sony\EverQuest II\EQ2VoiceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6518 bytes
 

Similar threads

Bob O'Donnell
Google's Pixel 9 series stands out by bringing practical AI to your pocket
Replies
3
Views
704
p51d007
p51d007
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
4K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
8K
Broni
Broni

Latest posts

Back