Antimalware Go

[Super48]

I am having trouble with the gmer, when i run it, along the bottom it seems to be stuck at system32/hal.dll


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avg" not found!
Deletion of driver "avg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AvgAdminServer" not found!
Deletion of driver "AvgAdminServer" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSErHrw7a" not found!
Deletion of driver "AVGIDSErHrw7a" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSErHrvta" not found!
Deletion of driver "AVGIDSErHrvta" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSErHrvtx" not found!
Deletion of driver "AVGIDSErHrvtx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSErHrxpx" not found!
Deletion of driver "AVGIDSErHrxpx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSDriverw7a" not found!
Deletion of driver "AVGIDSDriverw7a" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSFilterw7a" not found!
Deletion of driver "AVGIDSFilterw7a" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSDriverw7x" not found!
Deletion of driver "AVGIDSDriverw7x" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSFilterw7x" not found!
Deletion of driver "AVGIDSFilterw7x" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSShimw7x" not found!
Deletion of driver "AVGIDSShimw7x" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSDrivervta" not found!
Deletion of driver "AVGIDSDrivervta" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSErHrw7x" not found!
Deletion of driver "AVGIDSErHrw7x" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSSHIMXPX" not found!
Deletion of driver "AVGIDSSHIMXPX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSERHRXPX" not found!
Deletion of driver "AVGIDSERHRXPX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSDRIVERXPX" not found!
Deletion of driver "AVGIDSDRIVERXPX" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgwd" not found!
Deletion of driver "avgwd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVG Security Toolbar Service" not found!
Deletion of driver "AVG Security Toolbar Service" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avg9emc" not found!
Deletion of driver "avg9emc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avg9wd" not found!
Deletion of driver "avg9wd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgtdix" not found!
Deletion of driver "avgtdix" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgtdia" not found!
Deletion of driver "avgtdia" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgrkx86" not found!
Deletion of driver "avgrkx86" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgrkx64" not found!
Deletion of driver "avgrkx64" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgmfx86" not found!
Deletion of driver "avgmfx86" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgmfx64" not found!
Deletion of driver "avgmfx64" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgldx86" not found!
Deletion of driver "avgldx86" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgldx64" not found!
Deletion of driver "avgldx64" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSShim" not found!
Deletion of driver "AVGIDSShim" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSfilter" not found!
Deletion of driver "AVGIDSfilter" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSEH" not found!
Deletion of driver "AVGIDSEH" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSDriver" not found!
Deletion of driver "AVGIDSDriver" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgfwdx" not found!
Deletion of driver "avgfwdx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgfwda" not found!
Deletion of driver "avgfwda" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgfwd6x" not found!
Deletion of driver "avgfwd6x" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgfwd6a" not found!
Deletion of driver "avgfwd6a" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AvgWFPx" not found!
Deletion of driver "AvgWFPx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AvgWFPa" not found!
Deletion of driver "AvgWFPa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgfws8" not found!
Deletion of driver "avgfws8" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\avgfws9" not found!
Deletion of driver "avgfws9" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Servic es\AVGIDSFiltervta" not found!
Deletion of driver "AVGIDSFiltervta" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}" deleted successfully.

Error: folder "D:\Program Files\AVG" not found!
Deletion of folder "D:\Program Files\AVG" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "D:\Documents and Settings\user\Application Data\AVG10" not found!
Deletion of folder "D:\Documents and Settings\user\Application Data\AVG10" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows|RequireSignedAppInit_DLL s" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07171A C2-0D2A-427d-BCE5-B6C2D6C7058B}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07171A C2-0D2A-427d-BCE5-B6C2D6C7058B}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07 171AC2-0D2A-427d-BCE5-B6C2D6C7058B}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07 171AC2-0D2A-427d-BCE5-B6C2D6C7058B}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

[Super48]

REGLOOKS logfile - version 0.988
Scan started: Sat 03/05/2011 21:55:39.18

--- INFORMATION ---

Manufacturer: P4M80P - Model: AWRDACPI
Operating System: Microsoft Windows XP Professional -- 5.1.2600 -- Service Pack 2 --
Install Date: 10/12/2006 6:27:27 PM
Last Boot: 3/5/2011 7:27:17 PM
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz

Work Station
Bootmode: Normal boot
Total RAM: 1982 MB (free 1403 MB - 70%)

Computername: USER-2561BA0F00
Domain: MSHOME
User: user (Administrator account)

Local Disk: C:\ - NTFS - 19 GB (free 2 GB)
Local Disk: D:\ - NTFS - 18 GB (free 7 GB)
CD \ DVD Drive: E:\
CD \ DVD Drive: F:\

Bootdevice: \Device\HarddiskVolume1
Systemdrive: D:
Windowsdirectory: D:\WINDOWS
Systemdirectory: D:\WINDOWS\system32


Internet Explorer Version: 8.0.6001.18702

Windows update:

Antivirus Program: AVG Internet Security 2011 10.0 [Enabled - Updated]
Firewall: AVG Firewall 10.0 [Not Enabled]


DEP: ONN - DEP is enabled for a limited number of binaries, the kernel, and all Windows-based services


--- System Restore Points ---

No System Restore Points available.


--- SIGCHECK ---

D:\WINDOWS\explorer.exe -- [1032192] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\appmgmts.dll -- [167936] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\browser.dll -- [77312] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\comres.dll -- [792064] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\comctl32.dll -- [611328] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\cryptsvc.dll -- [60416] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\ctfmon.exe -- [15360] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\es.dll -- [243200] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\eventlog.dll -- [55808] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\ias.dll NOT found
D:\WINDOWS\system32\imm32.dll -- [110080] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\kernel32.dll -- [983552] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\linkinfo.dll -- [18944] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\lpk.dll -- [22016] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\lsass.exe -- [13312] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\mfc40u.dll -- [924432] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\msgsvc.dll -- [33792] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\mshtml.dll -- [5937152] -- [03/08/2009 04:41 AM] -- sigcheck OK
D:\WINDOWS\system32\mspmsnsv.dll -- [25088] -- [01/28/2005 01:44 PM] -- sigcheck OK
D:\WINDOWS\system32\mswsock.dll -- [245248] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\netlogon.dll -- [407040] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\netman.dll -- [198144] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\ntkrnlpa.exe -- [2056832] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\ntmssvc.dll -- [435200] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\ntoskrnl.exe -- [2180992] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\pchsvc.dll NOT found
D:\WINDOWS\system32\powrprof.dll -- [17408] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\qmgr.dll -- [382464] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\rasauto.dll -- [89088] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\regsvc.dll -- [59904] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\rpcss.dll -- [399360] -- [09/20/2006 03:40 AM] -- sigcheck OK
D:\WINDOWS\system32\scecli.dll -- [180224] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\schedsvc.dll -- [190976] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\services.exe -- [108032] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\sfc.dll -- [5120] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\sfcfiles.dll -- [1580544] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\spoolsv.exe -- [57856] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\srsvc.dll -- [170496] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\ssdpsrv.dll -- [71680] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\svchost.exe -- [14336] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\tapisrv.dll -- [246272] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\termsrv.dll -- [295424] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\upnphost.dll -- [185344] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\user32.dll -- [577024] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\userinit.exe -- [24576] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\wininet.dll -- [914944] -- [03/08/2009 04:34 AM] -- sigcheck OK
D:\WINDOWS\system32\winlogon.exe -- [502272] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\ws2_32.dll -- [82944] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\wscntfy.exe -- [13824] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\wuauclt.exe -- [53472] -- [08/06/2009 07:24 PM] -- sigcheck OK
D:\WINDOWS\system32\xmlprov.dll -- [129536] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\acpiec.sys -- [11648] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\aec.sys -- [142464] -- [08/03/2004 09:39 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\asyncmac.sys -- [14336] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\atapi.sys -- [95360] -- [01/17/2010 02:11 AM] -- sigcheck OK
D:\WINDOWS\system32\drivers\beep.sys -- [4224] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\classpnp.sys -- [49664] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\disk.sys -- [36352] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\iaStor.sys NOT found
D:\WINDOWS\system32\drivers\ip6fw.sys -- [29056] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\kbdclass.sys -- [24576] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\ndis.sys -- [182912] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\ntfs.sys -- [574592] -- [08/03/2004 05:07 PM] -- sigcheck OK
D:\WINDOWS\system32\drivers\tcpip.sys -- [359040] -- [08/03/2004 05:07 PM] -- sigcheck OK


--- SSODL regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\shell32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: D:\WINDOWS\system32\webcheck.dll -- [236544] -- [03/08/2009 04:34 AM]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?]


--- STS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" -- File: %SystemRoot%\system32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" -- File: %SystemRoot%\system32\browseui.dll -- [?]


--- USERINIT regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="D:\\WINDOWS\\system32\\userinit.ex e,"
File: D:\WINDOWS\system32\userinit.exe -- [24576] -- [08/03/2004 05:07 PM]


--- SHELL regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: D:\WINDOWS\Explorer.exe -- [1032192] -- [08/03/2004 05:07 PM]


--- SYSTEM regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


--- APPINIT_DLLS regkey ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


--- NOTIFY regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: D:\WINDOWS\system32\crypt32.dll -- [597504] -- [08/03/2004 05:07 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: D:\WINDOWS\system32\cryptnet.dll -- [63488] -- [08/03/2004 05:07 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: D:\WINDOWS\system32\cscdll.dll -- [101888] -- [08/03/2004 05:07 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: D:\WINDOWS\system32\sclgntfy.dll -- [20992] -- [08/03/2004 05:07 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: D:\WINDOWS\system32\WlNotify.dll -- [92672] -- [08/03/2004 05:07 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: D:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/03/2004 05:07 PM]


--- RUN / LOAD regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"Run"=""
"Load"=""
[Windows\Load]


--- SHELLEXECUTEHOOKS regkey ---

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]


--- HKLM AUTORUN regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKCU AUTORUN regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKLM\RUN regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer" -- File: VTTimer.exe -- [?]
"VTTrayp" -- File: VTtrayp.exe -- [?]
"SoundMan" -- File: SOUNDMAN.EXE -- [?]
"WinampAgent" -- File -- "D:\Program Files\Winamp\winampa.exe" -- [X]
"YBrowser" -- File D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe -- [57344] -- [12/09/2003 01:02 PM]
"SolidWorks_CheckForUpdates" -- File: "D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler -- [?]
"Adobe Reader Speed Launcher" -- File "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" -- [35760] -- [09/23/2010 04:47 AM]
"Adobe ARM" -- File "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [932288] -- [09/20/2010 11:07 PM]
"QuickTime Task" -- File: "D:\Program Files\QuickTime\QTTask.exe" -atboottime -- [?]
"iTunesHelper" -- File "D:\Program Files\iTunes\iTunesHelper.exe" -- [421160] -- [11/17/2010 08:59 PM]
"SunJavaUpdateSched" -- File "D:\Program Files\Common Files\Java\Java Update\jusched.exe" -- [249064] -- [10/29/2010 02:49 PM]


--- HKLM\RUNONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
no runonce values found


--- HKLM\RUNONCEEX regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]
no runonceex values found


--- HKLM\RUNSERVICES regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
key not found


--- HKLM\RUNSERVICESONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]
no runservicesonce values found


--- HKCU\RUN regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Aim" -- File: "D:\Program Files\AIM\aim.exe" /d locale=en-US -- [?]


--- HKCU\RUNONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
no runonce values found


--- HKCU\RUNONCEEX regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx]
no runonceex values found


--- HKCU\RUNSERVICES regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]
no runservices values found


--- HKCU\RUNSERVICESONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]
no runservicesonce values found


--- HKU\.DEFAULT\Run regkeys - Default user ---

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
no run values found


--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found


--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKU\S-1-5-20\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKLM\Explorer\Run regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run]
no run values found


--- HKCU\Explorer\Run regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run]
no run values found


--- Image File Execution regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found


--- BROWSER HELPER OBJECTS regkeys ---

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
-- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll -- [1205560] -- [03/22/2010 11:51 PM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
-- File: D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll -- [75200] -- [09/22/2010 06:04 PM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
-- File: D:\Program Files\Java\jre6\bin\jp2ssv.dll -- [41760] -- [03/04/2011 10:16 PM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
-- File: D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll -- [79648] -- [03/04/2011 10:16 PM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
-- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll -- [158520] -- [03/22/2010 11:51 PM]

[Super48]

--- TOOLBAR regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll -- [1205560] -- [03/22/2010 11:51 PM]


--- HKLM\URLSEARCHHOOKS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found


--- HKCU\URLSEARCHHOOKS regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: D:\WINDOWS\system32\ieframe.dll -- [11063808] -- [03/08/2009 04:39 AM]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll -- [1205560] -- [03/22/2010 11:51 PM]


--- SRCEENSAVER regkey ---

[HKEY_CURRENT_USER\Control Panel\Desktop]
scrnsave.exe value not found


--- ALTERNATESHELL regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot]
File: D:\WINDOWS\system32\cmd.exe -- [388608] -- [08/03/2004 05:07 PM]


--- SECURITYPROVIDERS regkey ---

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: D:\WINDOWS\system32\msapsspc.dll -- [86016] -- [08/03/2004 05:07 PM]
File: D:\WINDOWS\system32\schannel.dll -- [144896] -- [08/03/2004 05:07 PM]
File: D:\WINDOWS\system32\digest.dll -- [68608] -- [08/03/2004 05:07 PM]
File: D:\WINDOWS\system32\msnsspc.dll -- [290816] -- [08/03/2004 05:07 PM]


--- Active Setup\Installed Components regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: D:\WINDOWS\system32\ieudinit.exe -- [36864] -- [03/08/2009 04:32 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
-- File: "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0430454D-47EA-11D6-AD58-00010333D0AD}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1803B9EF-9905-4F34-AFC4-05D1BAB28801}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{231B1C6E-F934-42A2-92B6-C2FEFEC24276}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{34C70B70-8FFF-4179-A2EB-0819FFA38126}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{362A5D5E-1BF6-4CA7-87B4-B6686F3C1BEF}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3B85F91B-93D4-D9F4-169D-4B42544ECA65}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4DAEE2D4-A471-42AC-97A2-4C2A79C77648}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4EC8E993-32C1-47F5-A07A-5B0574655AD4}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5AD5FC59-CC80-698E-E291-E4A0389AAFD2}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{75A1F9FF-DC5E-9F56-9301-2994CF977385}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81EB8B7D-1E2B-D6F2-949A-65B878177282}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{83A51245-6564-B827-EA47-6EBAFBE108B2}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: D:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: D:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- File: D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{924C1588-90C3-4910-B6CA-D57A1C0418FE}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{944D7BBB-EA1D-43EB-B49F-F517CF2B6C9D}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A33CDC24-5A55-8E74-22DF-ED45E2B60C9D}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CDD230C6-496C-30BD-7040-EDC063304E0F}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CE734E0A-D6D3-4A92-AF9F-499BE87A025C}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4686B28-47A3-4BE9-3FC4-993235964480}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F53CE5EC-1CD8-41EB-A220-F8EA247E3A06}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F6E296E0-BCCA-0F90-E755-F32F44DC0B6F}]
-- filepath not found


--- Services regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\abp480n5]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\adpu160m]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aec]
-- File: system32\drivers\aec.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aic78u2]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aic78xx]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\amsint]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc3350p]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc3550]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aspnet_state]
-- File: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\as pnet_state.exe -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\atapi]
-- File: system32\DRIVERS\atapi.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\audstub]
-- File: system32\DRIVERS\audstub.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\CoordinatorServiceHost]
-- File: "D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe" -- [83240] -- [03/19/2009 11:31 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i2omgmt]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i2omp]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i8042prt]
-- File: system32\DRIVERS\i8042prt.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\idsvc]
-- File: "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\infocard.exe" -- [881664] -- [07/29/2008 06:24 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\inetaccs]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ini910u]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\intelppm]
-- File: system32\DRIVERS\intelppm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\iPod Service]
-- File: "D:\Program Files\iPod\bin\iPodService.exe" -- [820008] -- [11/17/2010 08:58 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\isapnp]
-- File: system32\DRIVERS\isapnp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\JavaQuickStarterService]
-- File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Mkd2kfNt]
-- File: system32\drivers\Mkd2kfNt.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Mkd2Nadr]
-- File: system32\drivers\Mkd2Nadr.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetTcpPortSharing]
-- File: "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\SMSvcHost.exe" -- [132096] -- [07/29/2008 06:16 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\npkcrypt]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Remote Solver for Flow Simulation 2009]
-- File: D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- [214312] -- [02/05/2009 05:12 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ultra]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\upnphost]
-- File: %SystemRoot%\system32\svchost.exe -k LocalService -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbehci]
-- File: system32\DRIVERS\usbehci.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbhub]
-- File: system32\DRIVERS\usbhub.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbuhci]
-- File: system32\DRIVERS\usbuhci.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\VXD]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{5D4F1DB5-B768-421B-99C6-A98AA06D1D1F}]
-- filepath not found


--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal
no unknown services found


--- SAFEBOOT Network SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network
DnsCache
{1a3e09be-1e45-494b-9174-d7385b45bbf5}


--- BOOTEXECUTE regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager]
"BootExecute"= autocheck autochk *\0\0


--- PENDINGFILERENAMEOPERATIONS regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager]
"PendingFileRenameOperations"= \??\D:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.ex e\0\0\??\D:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\0 \0\??\D:\DOCUME~1\user\LOCALS~1\Temp\nsk110B.tmp\c Service.dll\0\0\??\D:\DOCUME~1\user\LOCALS~1\Temp\ nsk110B.tmp\NSIS_SkinCrafter_Plugin.dll\0\0\??\D:\ DOCUME~1\user\LOCALS~1\Temp\nsk110B.tmp\SkinCrafte r.dll\0\0\??\D:\DOCUME~1\user\LOCALS~1\Temp\nsk110 B.tmp\\0\0\??\D:\DOCUME~1\user\LOCALS~1\Temp\_iu14 D2N.tmp\0\0\0


--- WOW-CMDLINE regkeys ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


--- NETSVCS regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0WmdmPmSN


--- DNS SERVER regkeys ---

no "NameServer" values found


--- HKCU SEARCHSCOPE ---

DefaultScope= {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
URL REG_SZ http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{16d8854a-0316-617f-da9e-df084c1364b6}
URL REG_SZ http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF

HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
URL REG_SZ http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=&src=crm&q={searchTe rms}&locale=

HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
URL REG_SZ http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7SHCN_en

HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{ebd3e3d6-df57-498e-9252-f58a253255fb}
URL REG_SZ http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20101252,6901, 0,8,0



--- HKLM SEARCHSCOPE ---

DefaultScope= {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
URL REG_SZ http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }


--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


--- STARTUP FOLDERS ---

D:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini -- [84] -- [10/12/2006 05:24 PM]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -- [84] -- [10/12/2006 05:24 PM]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -- [1730] -- [10/13/2006 03:26 PM]


--- TASK SCHEDULER JOBS ---

D:\WINDOWS\tasks\AppleSoftwareUpdate.job -- [284] -- [12/28/2010 04:49 PM]


Scan completed: Sat 03/05/2011 21:56:26.60
FINISHED

[Jintan]

Got some bites with that:

Driver "{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}" deleted successfully.

This should have failed, had there actually been no value to replace:

Quote:

Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.

New info showing in Reglooks now. The Gmer problem may be tied into new activity now that part of the unseen malware has been removed.

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"Run"=""
"Load"=""

Quote:

[Windows\Load]

I passed over this earlier, but it refers to an NVIDIA network monitor function, though I am not seeing any NVIDIA parts in the logs yet:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network
DnsCache
{1a3e09be-1e45-494b-9174-d7385b45bbf5}


Run Gmer Non-MS files style please, and post that log.


Also delete any existing copies, and click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. Real late where I am, so I will follow up with you here tomorrow.

[Super48]

2011/03/06 00:34:52.0437 3660 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/06 00:34:52.0703 3660 ================================================== ==============================
2011/03/06 00:34:52.0703 3660 SystemInfo:
2011/03/06 00:34:52.0703 3660
2011/03/06 00:34:52.0703 3660 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/06 00:34:52.0703 3660 Product type: Workstation
2011/03/06 00:34:52.0703 3660 ComputerName: USER-2561BA0F00
2011/03/06 00:34:52.0703 3660 UserName: user
2011/03/06 00:34:52.0703 3660 Windows directory: D:\WINDOWS
2011/03/06 00:34:52.0703 3660 System windows directory: D:\WINDOWS
2011/03/06 00:34:52.0703 3660 Processor architecture: Intel x86
2011/03/06 00:34:52.0703 3660 Number of processors: 1
2011/03/06 00:34:52.0703 3660 Page size: 0x1000
2011/03/06 00:34:52.0703 3660 Boot type: Normal boot
2011/03/06 00:34:52.0703 3660 ================================================== ==============================
2011/03/06 00:34:53.0015 3660 Initialize success
2011/03/06 00:34:55.0406 0208 ================================================== ==============================
2011/03/06 00:34:55.0406 0208 Scan started
2011/03/06 00:34:55.0406 0208 Mode: Manual;
2011/03/06 00:34:55.0406 0208 ================================================== ==============================
2011/03/06 00:34:57.0218 0208 ACPI (a10c7534f7223f4a73a948967d00e69b) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/06 00:34:57.0453 0208 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/06 00:34:58.0093 0208 aec (841f385c6cfaf66b58fbd898722bb4f0) D:\WINDOWS\system32\drivers\aec.sys
2011/03/06 00:34:58.0453 0208 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) D:\WINDOWS\System32\drivers\afd.sys
2011/03/06 00:34:59.0437 0208 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) D:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/03/06 00:34:59.0968 0208 ALCXWDM (3af2bf7df2aff16a44e604ddce1cb256) D:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/03/06 00:35:01.0234 0208 AsyncMac (02000abf34af4c218c35d257024807d6) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/06 00:35:01.0468 0208 atapi (cdfe4411a69c224bd1d11b2da92dac51) D:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/06 00:35:02.0015 0208 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/06 00:35:02.0250 0208 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/06 00:35:02.0484 0208 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/03/06 00:35:02.0875 0208 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/06 00:35:03.0265 0208 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/06 00:35:03.0500 0208 Cdfs (cd7d5152df32b47f4e36f710b35aae02) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/06 00:35:03.0734 0208 Cdrom (af9c19b3100fe010496b1a27181fbf72) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/06 00:35:05.0062 0208 Disk (00ca44e4534865f8a3b64f7c0984bff0) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/06 00:35:05.0531 0208 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) D:\WINDOWS\system32\drivers\dmboot.sys
2011/03/06 00:35:05.0921 0208 dmio (f5e7b358a732d09f4bcf2824b88b9e28) D:\WINDOWS\system32\drivers\dmio.sys
2011/03/06 00:35:06.0140 0208 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/03/06 00:35:06.0390 0208 DMusic (a6f881284ac1150e37d9ae47ff601267) D:\WINDOWS\system32\drivers\DMusic.sys
2011/03/06 00:35:06.0765 0208 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/06 00:35:07.0343 0208 Fastfat (3117f595e9615e04f05a54fc15a03b20) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/06 00:35:07.0578 0208 Fdc (ced2e8396a8838e59d8fd529c680e02c) D:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/06 00:35:07.0812 0208 FETNDIS (e9648254056bce81a85380c0c3647dc4) D:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/03/06 00:35:08.0171 0208 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) D:\WINDOWS\system32\drivers\Fips.sys
2011/03/06 00:35:08.0390 0208 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) D:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/06 00:35:08.0656 0208 FltMgr (157754f0df355a9e0a6f54721914f9c6) D:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/06 00:35:09.0000 0208 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/06 00:35:09.0234 0208 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/06 00:35:09.0437 0208 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/06 00:35:09.0671 0208 Gpc (c0f1d4a21de5a415df8170616703debf) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/06 00:35:10.0015 0208 hidusb (1de6783b918f540149aa69943bdfeba8) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/06 00:35:10.0500 0208 HTTP (c19b522a9ae0bbc3293397f3055e80a1) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/06 00:35:11.0234 0208 i8042prt (5502b58eef7486ee6f93f3f164dcb808) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/06 00:35:11.0453 0208 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/06 00:35:12.0171 0208 intelppm (279fb78702454dff2bb445f238c048d2) D:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/06 00:35:12.0406 0208 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/06 00:35:12.0640 0208 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/06 00:35:12.0875 0208 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/06 00:35:13.0281 0208 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/06 00:35:13.0546 0208 IPSec (64537aa5c003a6afeee1df819062d0d1) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/06 00:35:13.0765 0208 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/06 00:35:14.0000 0208 isapnp (e504f706ccb699c2596e9a3da1596e87) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/06 00:35:14.0375 0208 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/06 00:35:14.0640 0208 kmixer (d93cad07c5683db066b0b2d2d3790ead) D:\WINDOWS\system32\drivers\kmixer.sys
2011/03/06 00:35:14.0890 0208 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/06 00:35:15.0484 0208 Mkd2kfNt (844fff67d9d70d4457135e5b3cfc2906) D:\WINDOWS\system32\drivers\Mkd2kfNt.sys
2011/03/06 00:35:15.0718 0208 Mkd2Nadr (0716efda4769995c67a3450fcd36e47e) D:\WINDOWS\system32\drivers\Mkd2Nadr.sys
2011/03/06 00:35:15.0937 0208 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/06 00:35:16.0281 0208 Modem (6fc6f9d7acc36dca9b914565a3aeda05) D:\WINDOWS\system32\drivers\Modem.sys
2011/03/06 00:35:16.0500 0208 Mouclass (34e1f0031153e491910e12551400192c) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/06 00:35:16.0718 0208 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/06 00:35:16.0921 0208 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/06 00:35:17.0500 0208 MRxDAV (46edcc8f2db2f322c24f48785cb46366) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/06 00:35:17.0859 0208 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/06 00:35:18.0062 0208 Msfs (561b3a4333ca2dbdba28b5b956822519) D:\WINDOWS\system32\drivers\Msfs.sys
2011/03/06 00:35:18.0406 0208 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/06 00:35:18.0625 0208 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/06 00:35:18.0812 0208 MSPQM (1988a33ff19242576c3d0ef9ce785da7) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/06 00:35:19.0015 0208 mssmbios (469541f8bfd2b32659d5d463a6714bce) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/06 00:35:19.0421 0208 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) D:\WINDOWS\system32\drivers\Mup.sys
2011/03/06 00:35:19.0671 0208 NDIS (558635d3af1c7546d26067d5d9b6959e) D:\WINDOWS\system32\drivers\NDIS.sys
2011/03/06 00:35:19.0875 0208 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/06 00:35:20.0078 0208 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/06 00:35:20.0421 0208 NdisWan (0b90e255a9490166ab368cd55a529893) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/06 00:35:20.0640 0208 NDProxy (59fc3fb44d2669bc144fd87826bb571f) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/06 00:35:20.0859 0208 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/06 00:35:21.0125 0208 NetBT (0c80e410cd2f47134407ee7dd19cc86b) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/06 00:35:21.0515 0208 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) D:\WINDOWS\system32\drivers\Npfs.sys
2011/03/06 00:35:22.0078 0208 Ntfs (b78be402c3f63dd55521f73876951cdd) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/06 00:35:22.0421 0208 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/03/06 00:35:22.0687 0208 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/06 00:35:22.0906 0208 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/06 00:35:23.0140 0208 Parport (29744eb4ce659dfe3b4122deb45bc478) D:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/06 00:35:23.0500 0208 PartMgr (3334430c29dc338092f79c38ef7b4cd0) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/06 00:35:23.0703 0208 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/06 00:35:23.0937 0208 PCI (8086d9979234b603ad5bc2f5d890b234) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/06 00:35:24.0421 0208 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/06 00:35:24.0687 0208 Pcmcia (82a087207decec8456fbe8537947d579) D:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/06 00:35:26.0093 0208 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/06 00:35:26.0453 0208 PSched (48671f327553dcf1d27f6197f622a668) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/06 00:35:26.0656 0208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/06 00:35:26.0890 0208 PxHelp20 (153d02480a0a2f45785522e814c634b6) D:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/06 00:35:28.0109 0208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/06 00:35:28.0343 0208 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/06 00:35:28.0687 0208 RasPppoe (7306eeed8895454cbed4669be9f79faa) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/06 00:35:28.0906 0208 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/06 00:35:29.0187 0208 Rdbss (29d66245adba878fff574cd66abd2884) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/06 00:35:29.0500 0208 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/06 00:35:29.0781 0208 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) D:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/06 00:35:30.0046 0208 RDPWD (d4f5643d7714ef499ae9527fdcd50894) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/06 00:35:30.0281 0208 redbook (b31b4588e4086d8d84adbf9845c2402b) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/06 00:35:30.0593 0208 Secdrv (d26e26ea516450af9d072635c60387f4) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/06 00:35:30.0828 0208 serenum (a2d868aeeff612e70e213c451a70cafb) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/06 00:35:31.0093 0208 Serial (cd9404d115a00d249f70a371b46d5a26) D:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/06 00:35:31.0343 0208 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/06 00:35:31.0953 0208 splitter (8e186b8f23295d1e42c573b82b80d548) D:\WINDOWS\system32\drivers\splitter.sys
2011/03/06 00:35:32.0203 0208 sr (e41b6d037d6cd08461470af04500dc24) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/06 00:35:32.0515 0208 Srv (20b7e396720353e4117d64d9dcb926ca) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/06 00:35:32.0765 0208 swenum (03c1bae4766e2450219d20b993d6e046) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/06 00:35:33.0000 0208 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) D:\WINDOWS\system32\drivers\swmidi.sys
2011/03/06 00:35:34.0015 0208 sysaudio (650ad082d46bac0e64c9c0e0928492fd) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/06 00:35:34.0343 0208 Tcpip (9f4b36614a0fc234525ba224957de55c) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/06 00:35:34.0609 0208 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/06 00:35:34.0828 0208 TDTCP (ed0580af02502d00ad8c4c066b156be9) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/06 00:35:35.0046 0208 TermDD (a540a99c281d933f3d69d55e48727f47) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/06 00:35:35.0656 0208 uagp35 (49c805d42d75eddc9b6a7130999c9054) D:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/03/06 00:35:35.0890 0208 Udfs (12f70256f140cd7d52c58c7048fde657) D:\WINDOWS\system32\drivers\Udfs.sys
2011/03/06 00:35:36.0359 0208 Update (aff2e5045961bbc0a602bb6f95eb1345) D:\WINDOWS\system32\DRIVERS\update.sys
2011/03/06 00:35:36.0578 0208 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) D:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/06 00:35:36.0796 0208 usbehci (15e993ba2f6946b2bfbbfcd30398621e) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/06 00:35:37.0000 0208 usbhub (c72f40947f92cea56a8fb532edf025f1) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/06 00:35:37.0203 0208 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/06 00:35:37.0406 0208 usbuhci (f8fd1400092e23c8f2f31406ef06167b) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/06 00:35:37.0640 0208 VgaSave (8a60edd72b4ea5aea8202daf0e427925) D:\WINDOWS\System32\drivers\vga.sys
2011/03/06 00:35:37.0953 0208 viagfx (bcb2353661cb74a28c2e3e08ccfdff12) D:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/03/06 00:35:38.0171 0208 ViaIde (59cb1338ad3654417bea49636457f65d) D:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/06 00:35:38.0406 0208 VolSnap (ee4660083deba849ff6c485d944b379b) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/06 00:35:38.0687 0208 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/06 00:35:39.0109 0208 wdmaud (2797f33ebf50466020c430ee4f037933) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/06 00:35:39.0406 0208 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) D:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/06 00:35:39.0703 0208 ================================================== ==============================
2011/03/06 00:35:39.0703 0208 Scan finished
2011/03/06 00:35:39.0703 0208 ================================================== ==============================
2011/03/06 00:35:43.0812 3656 Deinitialize success

[Super48]

I dont know whats going on with gmer, earlier it got stuck on the initial scan. Now i try it and it worked.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-06 00:48:23
Windows 5.1.2600 Service Pack 2
Running: 5g69fen6.exe; Driver: D:\DOCUME~1\user\LOCALS~1\Temp\afpoypod.sys


---- Modules - GMER 1.0.15 ----

Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F798B000-F798D000 (8192 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7647000-F7651000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\vtmini.sys (VIA/S3G Miniport Driver/Copyright (C) VIA/S3 Graphics Co, Ltd.) B9AD1000-B9B0B000 (237568 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F780F000-F7815000 (24576 bytes)
Module \SystemRoot\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) B99E4000-B9A77000 (602112 bytes)
Module \SystemRoot\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura Ltd) B9960000-B99C0000 (393216 bytes)
Module \SystemRoot\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) F773F000-F7746000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) B6F5A000-B6F5F000 (20480 bytes)
Module \SystemRoot\System32\vtdisp.dll (VIA/S3G Graphics Driver/VIA/S3 Graphics Co, Ltd.) BF9D3000-BFD29000 (3497984 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \??\D:\DOCUME~1\user\LOCALS~1\Temp\afpoypod.sys (GMER) AAC66000-AAC7E000 (98304 bytes)

---- Processes - GMER 1.0.15 ----

Process D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 364
Library D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 0x00400000
Library D:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (Apple System Log/Apple, Inc.) 0x10000000
Library D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll (Apple Mobile Device Service/Apple Inc.) 0x00600000
Library D:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00640000
Library D:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00720000
Library D:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00730000
Library D:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00760000
Library D:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00780000
Library D:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00890000
Library D:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000

Process D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 428
Library D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000

Process D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 484
Library D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000

Process D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) 540
Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) 0x00400000
Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\FwProxy.dll (Proxy Dynamic Link Library/Mentor Graphics Corporation) 0x10000000
Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\Fwconst.dll (FWConst/Mentor Graphics Corporation) 0x006D0000
Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NIKPlatformClientInterfacesImpl. dll (FWConst/Mentor Graphics Corporation) 0x00810000
Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NGP_Utils.dll (NGP_Utils/Mentor Graphics Corporation) 0x00980000
Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NGP_System.dll (NGP_System/Mentor Graphics Corporation) 0x009D0000
Library D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\NIKEvalExpressions.dll (NIKEvalExpressions DLL/Mentor Graphics Corporation) 0x00A10000

Process D:\Documents and Settings\user\Desktop\5g69fen6.exe 672
Library D:\Documents and Settings\user\Desktop\5g69fen6.exe 0x00400000

Process D:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 944
Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1036
Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

Process D:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1520
Library D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library D:\Program Files\WinRAR\rarext.dll 0x00F20000
Library D:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x015B0000

Process D:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1604
Library D:\WINDOWS\system32\hpzlnt04.dll (HP) 0x10000000
Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpi pelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000

Process D:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) 1768
Library D:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) 0x00400000

Process D:\WINDOWS\system32\VTtrayp.exe (s3contrl (32-bit)/S3 Graphics Co., Ltd.) 1776
Library D:\WINDOWS\system32\VTtrayp.exe (s3contrl (32-bit)/S3 Graphics Co., Ltd.) 0x00400000
Library D:\WINDOWS\system32\VTDisply.dll (S3 multi-chip display switch utility (32-bit)/S3 Graphics Co., Ltd.) 0x6BB00000
Library D:\WINDOWS\system32\VTGamma2.dll (S3Gamma Plus (32-bit)/S3 Graphics Co., Ltd.) 0x6BE00000
Library D:\WINDOWS\system32\VTInfo2.dll (S3 Graphics Display Adapter Information Utility (32-bit)/S3 Graphics Co., Ltd.) 0x6C000000
Library D:\WINDOWS\system32\VTOvrlay.dll (S3ColorPus/S3Overlay Utility/S3 Graphics Co., Ltd.) 0x6C200000

Process D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 1784
Library D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 0x00400000

Process D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (YBrwIcon/Yahoo!, Inc.) 1796
Library D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (YBrwIcon/Yahoo!, Inc.) 0x00400000
Library D:\Program Files\Yahoo!\browser\YBrwRes.dll (YBrwRes/Yahoo!, Inc.) 0x20000000
Library D:\Program Files\Yahoo!\browser\YCommonPS.dll 0x10000000

Process D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (sldIM/Dassault Systèmes SolidWorks Corp.) 1804
Library D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (sldIM/Dassault Systèmes SolidWorks Corp.) 0x00400000
Library D:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\lang\english\sldIMResu.dll (sldIMresu/Dassault Systèmes SolidWorks Corp.) 0x10000000

Process D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/Adobe Systems Incorporated) 1848
Library D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/Adobe Systems Incorporated) 0x00400000

Process D:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 1868
Library D:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.) 0x00400000
Library D:\Program Files\iTunes\iTunesHelper.dll (iTunesHelper DLL/Apple Inc.) 0x10000000
Library D:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x008E0000
Library D:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x009C0000
Library D:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x009D0000
Library D:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00A00000
Library D:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others) 0x00A20000
Library D:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others) 0x00B30000
Library D:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others) 0x4AD00000
Library D:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (Apple System Log/Apple, Inc.) 0x00C30000
Library D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTune sHelperLocalized.DLL (iTunesHelper Resource Library/Apple Inc.) 0x01160000
Library D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.D LL (iTunesHelper Resource Library/Apple Inc.) 0x01190000
Library D:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000
Library D:\Program Files\QuickTime\QTSystem\QTCF.dll (QuickTime CoreFoundation/Apple Inc.) 0x686A0000
Library D:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL (CFNetwork/Apple, Inc.) 0x01930000
Library D:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x019E0000
Library D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 0x01A60000
Library D:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x07CA0000

Process D:\Program Files\Common Files\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.) 1876
Library D:\Program Files\Common Files\Java\Java Update\jusched.exe (Java(TM) Update Scheduler/Sun Microsystems, Inc.) 0x00400000

Process D:\PROGRA~1\Yahoo!\browser\ycommon.exe (YCommon Exe Module/Yahoo!, Inc.) 1952
Library D:\PROGRA~1\Yahoo!\browser\ycommon.exe (YCommon Exe Module/Yahoo!, Inc.) 0x00400000
Library D:\PROGRA~1\Yahoo!\browser\YCommon.Dll (YCommon/Yahoo!, inc.) 0x64000000
Library D:\Program Files\Yahoo!\browser\YCommonPS.dll 0x10000000
Library D:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x010C0000

Process D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 2352
Library D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) 0x00400000
Library D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPod ServiceLocalized.DLL (iPodService Resource Library (32-bit)/Apple Inc.) 0x10000000
Library D:\Program Files\iPod\bin\iPodService.Resources\iPodService.D LL (iPodService Resource Library (32-bit)/Apple Inc.) 0x008D0000

Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 3044
Library D:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x6F290000

---- Services - GMER 1.0.15 ----

Service D:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura Ltd) [MANUAL] ALCXSENS
Service D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM
Service D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
Service D:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service D:\ComboFix\catchme.sys [MANUAL] catchme
Service D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe (DTSCoordinator/Dassault Systèmes SolidWorks Corp.) [MANUAL] CoordinatorServiceHost
Service

[Super48]

[MANUAL] EagleNT
Service D:\WINDOWS\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETNDIS
Service D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Macrovision Europe Ltd.) [MANUAL] FLEXnet Licensing Service
Service D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service D:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service D:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service D:\WINDOWS\system32\drivers\Mkd2kfNt.sys (MyKeyDefense Keyboard Filter Driver/AhnLab, Inc.) [MANUAL] Mkd2kfNt
Service D:\WINDOWS\system32\drivers\Mkd2Nadr.sys (MyKeyDefense USB Keyboard Filter Driver/AhnLab, Inc.) [MANUAL] Mkd2Nadr
Service MSDTC Bridge 3.0.0.0
Service [MANUAL] npkcrypt
Service D:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service D:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (StandAloneSlv Module/Mentor Graphics Corporation) [AUTO] Remote Solver for Flow Simulation 2009
Service D:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service SMSvcHost 3.0.0.0
Service D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (System Level Service Utility/SolidWorks) [MANUAL] SolidWorks Licensing Service
Service D:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service D:\WINDOWS\system32\DRIVERS\vtmini.sys (VIA/S3G Miniport Driver/Copyright (C) VIA/S3 Graphics Co, Ltd.) [MANUAL] viagfx
Service D:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service Windows Workflow Foundation 3.0.0.0

---- EOF - GMER 1.0.15 ----

[Super48]

Is it ok if I uninstall solidworks, it is 3+ gb. Somethings when i run gmer it won't get pass the first scan. When it did, I tried scanning normally and that gets stuck.

[Jintan]

Do you feel that program is causing problems right now? The logs show some AVG security center listings we need to remove. The system also has copy protection programs from both AhnLab (MyKeyDefense) and nProtect (KeyCrypt). The AhnLab FAQ here indicates known conflicts between those two programs. I don't see a handy uninstaller for either, so we may improve things by taking out their drivers. Do you know what software (especially games, like Maple Story) may have installed those?

[Super48]

Im pretty sure the nprotect is from the game gunbound. I uninstalled that game a long time ago. I never play maple story before. The ahnlab, I have no clue about that.

[Jintan]

The only way I know to remove those drivers is brute force, and it takes this work away from the current track locating/removing the rootkit infection. Let's hold off on those for the moment.

Click here to download Bobbi Flekman's Regsearch.zip to your desktop. Then unzip that, and click on the regsearch.exe to run the tool. In the display panel, copy and paste the following into the upper box:

1a3e09be-1e45-494b-9174-d7385b45bbf5

Then click Okay. Once the scan completes a textbox will open - copy/paste those contents back here please (the RegSearch.txt log can also be found in the same location as the regsearch.exe file you clicked).

(I did a web search for one log item, and the search took me here ).

[Super48]

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 3/7/2011 7:51:58 AM for strings:
; '1a3e09be-1e45-494b-9174-d7385b45bbf5'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

; End Of The Log...

[Jintan]

No indication those serve any real purpose, and don't match your current graphics (S3) either. I overlooked one other check we need to do, to then remove the incorrect value info.

Code:

@ECHO OFF
if exist Regsearch1.txt del /q Regsearch1.txt
regedit /e Regsearch1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows"
Notepad Regsearch1.txt

Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text (inside the Code box) into the open Notepad text box, then save this to your desktop as "cfgcheck.bat"

Be sure to include the "" quotes in the name. Then click on cfgcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.

[Super48]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"DebugOptions"="2048"
"Documents"=""
"DosPrint"="no"
"NetMessage"="no"
"NullPort"="None"
"Programs"="com exe bat pif cmd"
"Run"=""
"Load"=""
"Device"="hp deskjet 940c,winspool,LPT1:"

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load]

[Jintan]

The Reglooks reference windows\load referred to the actual Load subkey, which is a little-used startup location. And not picked up by scans unless something is out of the norm with it.