stubborn malware

[Temmu]

hi, if you'd look at this, i'd appreciate it.  thanks!

symptoms: slow, can't hit internet with chrome or ie 8

i have already run:
* chkdsk c: /f /r - which fixed some stuff
* kaspersky 2010 boot rescue cd (scans from cd) w/updated defs
* avira 2011 boot rescue cd (scans from cd) w/updated defs
* malwarebytes 1.50.1.1100 w/updated defs - only found 1 thing
* flush.bat which resets winsock, dnscache, hosts file, ip configuration
* ie 8, options, advanced tab, reset settings
* uninstalled countless games and crapware from add/remove programs in cp

afterwards, disabled all items in startup of msconfig

"security checkup" results
Results of screen317's Security Check version 0.99.8 
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled! 
Webroot AntiVirus with Spy Sweeper 
McAfee Security Scan Plus   
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware   
HijackThis 2.0.2   
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10.0.32.18 
Adobe Reader 8.1.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

root repeal drivers
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/02/08 21:06
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP2
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80604000   Size: 286720   File Visible: -   Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8223C000   Size: 3903488   File Visible: -   Signed: -
Status: -

Name: Afc.sys
Image Path: C:\Windows\system32\drivers\Afc.sys
Address: 0x8A5CA000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8C74E000   Size: 294912   File Visible: -   Signed: -
Status: -

Name: amdk8.sys
Image Path: C:\Windows\system32\DRIVERS\amdk8.sys
Address: 0x8A00E000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82DA4000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82DAC000   Size: 122880   File Visible: -   Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x82D1C000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8C1EE000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8041E000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x99D02000   Size: 102400   File Visible: -   Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x948E0000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9AB7D000   Size: 90112   File Visible: -   Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8A5D2000   Size: 98304   File Visible: -   Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x80467000   Size: 917504   File Visible: -   Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x807CD000   Size: 135168   File Visible: -   Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80426000   Size: 266240   File Visible: -   Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x82D19000   Size: 10496   File Visible: -   Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8CACA000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x82DF1000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8CA72000   Size: 94208   File Visible: -   Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x807BC000   Size: 69632   File Visible: -   Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8A19F000   Size: 151552   File Visible: -   Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8CAD7000   Size: 40960   File Visible: No   Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8CAE1000   Size: 106496   File Visible: No   Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8CAFB000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8B123000   Size: 659456   File Visible: -   Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x82FD5000   Size: 159744   File Visible: -   Signed: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0x99C50000   Size: 163840   File Visible: -   Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x807AC000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8077A000   Size: 204800   File Visible: -   Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8C1DE000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8C709000   Size: 110592   File Visible: -   Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8A5EA000   Size: 21120   File Visible: -   Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82209000   Size: 208896   File Visible: -   Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8A101000   Size: 577536   File Visible: -   Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8CAA9000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8A9F4000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8CAA0000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8A509000   Size: 737280   File Visible: -   Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8A406000   Size: 1060864   File Visible: -   Signed: -
Status: -

Name: HSXHWBS2.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWBS2.sys
Address: 0x8A08D000   Size: 303104   File Visible: -   Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x99C78000   Size: 446464   File Visible: -   Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8A990000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8CAB9000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80406000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8A0D7000   Size: 172032   File Visible: -   Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x82E04000   Size: 462848   File Visible: -   Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8CBE7000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8CB14000   Size: 110592   File Visible: -   Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0x9AA56000   Size: 12672   File Visible: -   Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8A5BD000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8CB05000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8A99B000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8CAC2000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82D94000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x99D1B000   Size: 86016   File Visible: -   Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x99D30000   Size: 135168   File Visible: -   Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x99D51000   Size: 126976   File Visible: -   Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x99D70000   Size: 233472   File Visible: -   Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x99DA9000   Size: 98304   File Visible: -   Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8A1C4000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x80653000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8B1D0000   Size: 192512   File Visible: -   Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\DRIVERS\msrpc.sys
Address: 0x806D3000   Size: 176128   File Visible: -   Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8A9A8000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x82FC6000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: NDIS.SYS
Image Path: C:\Windows\system32\DRIVERS\NDIS.SYS
Address: 0x82C03000   Size: 1093632   File Visible: -   Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8A91A000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x99C33000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8A925000   Size: 143360   File Visible: -   Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8A18E000   Size: 69632   File Visible: -   Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8CA0B000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8C796000   Size: 204800   File Visible: -   Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\DRIVERS\NETIO.SYS
Address: 0x806FE000   Size: 241664   File Visible: -   Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8C608000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8CA68000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x82E75000   Size: 1114112   File Visible: -   Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8223C000   Size: 3903488   File Visible: -   Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8C1E7000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8AA01000   Size: 7476704   File Visible: -   Signed: -
Status: -

Name: nvmfdx32.sys
Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Address: 0x8A808000   Size: 1025152   File Visible: -   Signed: -
Status: -

Name: nvstor.sys
Image Path: C:\Windows\system32\drivers\nvstor.sys
Address: 0x82DCA000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: nvstor32.sys
Image Path: C:\Windows\system32\DRIVERS\nvstor32.sys
Address: 0x82DD7000   Size: 106496   File Visible: -   Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x99C09000   Size: 172032   File Visible: -   Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8C7DF000   Size: 90112   File Visible: -   Signed: -
Status: -

Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8A01E000   Size: 98304   File Visible: -   Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80682000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0x9AA4F000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x8065B000   Size: 159744   File Visible: -   Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x82D7F000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x82D86000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9AA5A000   Size: 909312   File Visible: -   Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8223C000   Size: 3903488   File Visible: -   Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8C1B1000   Size: 184320   File Visible: -   Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8040D000   Size: 69632   File Visible: -   Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8C616000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8A903000   Size: 94208   File Visible: -   Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8A948000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8A957000   Size: 81920   File Visible: -   Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8A96B000   Size: 86016   File Visible: -   Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8223C000   Size: 3903488   File Visible: -   Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8CA2C000   Size: 245760   File Visible: -   Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8C1F5000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8A800000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9AB93000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x99C3D000   Size: 77824   File Visible: -   Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8C003000   Size: 1759296   File Visible: -   Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9AB38000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8C73A000   Size: 81920   File Visible: -   Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x82FBE000   Size: 32768   File Visible: -   Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8CB37000   Size: 720896   File Visible: -   Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9AA01000   Size: 319488   File Visible: -   Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x99DC1000   Size: 163840   File Visible: -   Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x99CE5000   Size: 118784   File Visible: -   Signed: -
Status: -

Name: ssfs0bbc.sys
Image Path: C:\Windows\system32\DRIVERS\ssfs0bbc.sys
Address: 0x8069A000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: sshrmd.sys
Image Path: C:\Windows\system32\DRIVERS\sshrmd.sys
Address: 0x80691000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: ssidrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssidrv.sys
Address: 0x806A5000   Size: 188416   File Visible: -   Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\drivers\storport.sys
Address: 0x80739000   Size: 266240   File Visible: -   Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8A9A6000   Size: 4992   File Visible: -   Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8C61F000   Size: 958464   File Visible: -   Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9AB42000   Size: 49152   File Visible: -   Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x82D0E000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8C724000   Size: 90112   File Visible: -   Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8A980000   Size: 65536   File Visible: -   Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x948C0000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8A005000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x805F4000   Size: 45056   File Visible: -   Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8A9B2000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8CA89000   Size: 94208   File Visible: -   Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8C7DD000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8A07E000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8A9BF000   Size: 217088   File Visible: -   Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8A036000   Size: 40960   File Visible: -   Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8A040000   Size: 253952   File Visible: -   Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8C7C8000   Size: 86016   File Visible: -   Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8A5F0000   Size: 49152   File Visible: -   Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8A1D7000   Size: 135168   File Visible: -   Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x82D26000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82D35000   Size: 303104   File Visible: -   Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x82F85000   Size: 233472   File Visible: -   Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8CA19000   Size: 77824   File Visible: -   Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8B1C4000   Size: 49152   File Visible: -   Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80547000   Size: 507904   File Visible: -   Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x805C3000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x946A0000   Size: 2109440   File Visible: -   Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x946A0000   Size: 2109440   File Visible: -   Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x8064A000   Size: 36864   File Visible: -   Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8223C000   Size: 3903488   File Visible: -   Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9AB63000   Size: 73728   File Visible: -   Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9AB4E000   Size: 83328   File Visible: -   Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0x9AB75000   Size: 32768   File Visible: -   Signed: -
Status: -

root repeal processes
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/02/08 21:06
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP2
==================================================

Processes
-------------------
Path: System
PID: 4   Status: Locked to the Windows API!

Path: C:\Windows\explorer.exe
PID: 200   Status: -

Path: C:\Windows\System32\smss.exe
PID: 424   Status: -

Path: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PID: 464   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 468   Status: -

Path: C:\Windows\System32\csrss.exe
PID: 504   Status: -

Path: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 508   Status: -

Path: C:\Windows\System32\wininit.exe
PID: 556   Status: -

Path: C:\Windows\System32\csrss.exe
PID: 568   Status: -

Path: C:\Windows\System32\services.exe
PID: 600   Status: -

Path: C:\Windows\System32\lsass.exe
PID: 616   Status: -

Path: C:\Windows\System32\lsm.exe
PID: 628   Status: -

Path: C:\Windows\System32\winlogon.exe
PID: 724   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 812   Status: -

Path: C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PID: 860   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 892   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 928   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 984   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1024   Status: -

Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PID: 1084   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1100   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1120   Status: -

Path: C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PID: 1236   Status: -

Path: C:\Windows\System32\audiodg.exe
PID: 1248   Status: Locked to the Windows API!

Path: C:\Windows\System32\svchost.exe
PID: 1272   Status: -

Path: C:\Windows\System32\SLsvc.exe
PID: 1288   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1332   Status: -

Path: C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
PID: 1364   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1480   Status: -

Path: C:\Windows\System32\spoolsv.exe
PID: 1704   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1728   Status: -

Path: C:\Windows\System32\SearchFilterHost.exe
PID: 1772   Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 1880   Status: -

Path: C:\Windows\System32\SearchIndexer.exe
PID: 1968   Status: -

Path: C:\Windows\System32\svchost.exe
PID: 1972   Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1992   Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2024   Status: -

Path: C:\Windows\System32\drivers\XAudio.exe
PID: 2052   Status: -

Path: C:\Windows\System32\dwm.exe
PID: 2060   Status: -

Path: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PID: 2084   Status: -

Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PID: 2092   Status: -

Path: C:\Windows\System32\WUDFHost.exe
PID: 2164   Status: -

Path: C:\Windows\System32\taskeng.exe
PID: 2780   Status: -

Path: C:\Windows\System32\SearchProtocolHost.exe
PID: 2800   Status: -

Path: J:\NewFolder\RootRepeal.exe
PID: 2920   Status: -

Path: C:\Windows\System32\wbem\unsecapp.exe
PID: 3324   Status: -

Path: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 4004   Status: -

root repeal ssdt
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/02/08 21:06
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP2
==================================================

SSDT
-------------------
#: 000   Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001   Function Name: NtAccessCheck
Status: Not hooked

#: 002   Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003   Function Name: NtAccessCheckByType
Status: Not hooked

#: 004   Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005   Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006   Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007   Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008   Function Name: NtAddAtom
Status: Not hooked

#: 009   Function Name: NtAddBootEntry
Status: Not hooked

#: 010   Function Name: NtAddDriverEntry
Status: Not hooked

#: 011   Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 012   Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 013   Function Name: NtAlertResumeThread
Status: Not hooked

#: 014   Function Name: NtAlertThread
Status: Not hooked

#: 015   Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 016   Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 017   Function Name: NtAllocateUuids
Status: Not hooked

#: 018   Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x848cdaf8

#: 019   Function Name: NtAlpcAcceptConnectPort
Status: Not hooked

#: 020   Function Name: NtAlpcCancelMessage
Status: Not hooked

#: 021   Function Name: NtAlpcConnectPort
Status: Not hooked

#: 022   Function Name: NtAlpcCreatePort
Status: Not hooked

#: 023   Function Name: NtAlpcCreatePortSection
Status: Not hooked

#: 024   Function Name: NtAlpcCreateResourceReserve
Status: Not hooked

#: 025   Function Name: NtAlpcCreateSectionView
Status: Not hooked

#: 026   Function Name: NtAlpcCreateSecurityContext
Status: Not hooked

#: 027   Function Name: NtAlpcDeletePortSection
Status: Not hooked

#: 028   Function Name: NtAlpcDeleteResourceReserve
Status: Not hooked

#: 029   Function Name: NtAlpcDeleteSectionView
Status: Not hooked

#: 030   Function Name: NtAlpcDeleteSecurityContext
Status: Not hooked

#: 031   Function Name: NtAlpcDisconnectPort
Status: Not hooked

#: 032   Function Name: NtAlpcImpersonateClientOfPort
Status: Not hooked

#: 033   Function Name: NtAlpcOpenSenderProcess
Status: Not hooked

#: 034   Function Name: NtAlpcOpenSenderThread
Status: Not hooked

#: 035   Function Name: NtAlpcQueryInformation
Status: Not hooked

#: 036   Function Name: NtAlpcQueryInformationMessage
Status: Not hooked

#: 037   Function Name: NtAlpcRevokeSecurityContext
Status: Not hooked

#: 038   Function Name: NtAlpcSendWaitReceivePort
Status: Not hooked

#: 039   Function Name: NtAlpcSetInformation
Status: Not hooked

#: 040   Function Name: NtApphelpCacheControl
Status: Not hooked

#: 041   Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 042   Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 043   Function Name: NtCallbackReturn
Status: Not hooked

#: 044   Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 045   Function Name: NtCancelIoFile
Status: Not hooked

#: 046   Function Name: NtCancelTimer
Status: Not hooked

#: 047   Function Name: NtClearEvent
Status: Not hooked

#: 048   Function Name: NtClose
Status: Not hooked

#: 049   Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 050   Function Name: NtCompactKeys
Status: Not hooked

#: 051   Function Name: NtCompareTokens
Status: Not hooked

#: 052   Function Name: NtCompleteConnectPort
Status: Not hooked

#: 053   Function Name: NtCompressKey
Status: Not hooked

#: 054   Function Name: NtConnectPort
Status: Not hooked

#: 055   Function Name: NtContinue
Status: Not hooked

#: 056   Function Name: NtCreateDebugObject
Status: Not hooked

#: 057   Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 058   Function Name: NtCreateEvent
Status: Not hooked

#: 059   Function Name: NtCreateEventPair
Status: Not hooked

#: 060   Function Name: NtCreateFile
Status: Not hooked

#: 061   Function Name: NtCreateIoCompletion
Status: Not hooked

#: 062   Function Name: NtCreateJobObject
Status: Not hooked

#: 063   Function Name: NtCreateJobSet
Status: Not hooked

#: 064   Function Name: NtCreateKey
Status: Not hooked

#: 065   Function Name: NtCreateKeyTransacted
Status: Not hooked

#: 066   Function Name: NtCreateMailslotFile
Status: Not hooked

#: 067   Function Name: NtCreateMutant
Status: Not hooked

#: 068   Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 069   Function Name: NtCreatePrivateNamespace
Status: Not hooked

#: 070   Function Name: NtCreatePagingFile
Status: Not hooked

#: 071   Function Name: NtCreatePort
Status: Not hooked

#: 072   Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x83e6a620

#: 073   Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x848cdfa8

#: 074   Function Name: NtCreateProfile
Status: Not hooked

#: 075   Function Name: NtCreateSection
Status: Not hooked

#: 076   Function Name: NtCreateSemaphore
Status: Not hooked

#: 077   Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 078   Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x848cddc8

#: 079   Function Name: NtCreateTimer
Status: Not hooked

#: 080   Function Name: NtCreateToken
Status: Not hooked

#: 081   Function Name: NtCreateTransaction
Status: Not hooked

#: 082   Function Name: NtOpenTransaction
Status: Not hooked

#: 083   Function Name: NtQueryInformationTransaction
Status: Not hooked

#: 084   Function Name: NtQueryInformationTransactionManager
Status: Not hooked

#: 085   Function Name: NtPrePrepareEnlistment
Status: Not hooked

#: 086   Function Name: NtPrepareEnlistment
Status: Not hooked

#: 087   Function Name: NtCommitEnlistment
Status: Not hooked

#: 088   Function Name: NtReadOnlyEnlistment
Status: Not hooked

#: 089   Function Name: NtRollbackComplete
Status: Not hooked

#: 090   Function Name: NtRollbackEnlistment
Status: Not hooked

#: 091   Function Name: NtCommitTransaction
Status: Not hooked

#: 092   Function Name: NtRollbackTransaction
Status: Not hooked

#: 093   Function Name: NtPrePrepareComplete
Status: Not hooked

#: 094   Function Name: NtPrepareComplete
Status: Not hooked

#: 095   Function Name: NtCommitComplete
Status: Not hooked

#: 096   Function Name: NtSinglePhaseReject
Status: Not hooked

#: 097   Function Name: NtSetInformationTransaction
Status: Not hooked

#: 098   Function Name: NtSetInformationTransactionManager
Status: Not hooked

#: 099   Function Name: NtSetInformationResourceManager
Status: Not hooked

#: 100   Function Name: NtCreateTransactionManager
Status: Not hooked

#: 101   Function Name: NtOpenTransactionManager
Status: Not hooked

#: 102   Function Name: NtRenameTransactionManager
Status: Not hooked

#: 103   Function Name: NtRollforwardTransactionManager
Status: Not hooked

#: 104   Function Name: NtRecoverEnlistment
Status: Not hooked

#: 105   Function Name: NtRecoverResourceManager
Status: Not hooked

#: 106   Function Name: NtRecoverTransactionManager
Status: Not hooked

#: 107   Function Name: NtCreateResourceManager
Status: Not hooked

#: 108   Function Name: NtOpenResourceManager
Status: Not hooked

#: 109   Function Name: NtGetNotificationResourceManager
Status: Not hooked

#: 110   Function Name: NtQueryInformationResourceManager
Status: Not hooked

#: 111   Function Name: NtCreateEnlistment
Status: Not hooked

#: 112   Function Name: NtOpenEnlistment
Status: Not hooked

#: 113   Function Name: NtSetInformationEnlistment
Status: Not hooked

#: 114   Function Name: NtQueryInformationEnlistment
Status: Not hooked

#: 115   Function Name: NtCreateWaitablePort
Status: Not hooked

#: 116   Function Name: NtDebugActiveProcess
Status: Not hooked

#: 117   Function Name: NtDebugContinue
Status: Not hooked

#: 118   Function Name: NtDelayExecution
Status: Not hooked

#: 119   Function Name: NtDeleteAtom
Status: Not hooked

#: 120   Function Name: NtDeleteBootEntry
Status: Not hooked

#: 121   Function Name: NtDeleteDriverEntry
Status: Not hooked

#: 122   Function Name: NtDeleteFile
Status: Not hooked

#: 123   Function Name: NtDeleteKey
Status: Not hooked

#: 124   Function Name: NtDeletePrivateNamespace
Status: Not hooked

#: 125   Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 126   Function Name: NtDeleteValueKey
Status: Not hooked

#: 127   Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 128   Function Name: NtDisplayString
Status: Not hooked

#: 129   Function Name: NtDuplicateObject
Status: Not hooked

#: 130   Function Name: NtDuplicateToken
Status: Not hooked

#: 131   Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 132   Function Name: NtEnumerateDriverEntries
Status: Not hooked

#: 133   Function Name: NtEnumerateKey
Status: Not hooked

#: 134   Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 135   Function Name: NtEnumerateTransactionObject
Status: Not hooked

#: 136   Function Name: NtEnumerateValueKey
Status: Not hooked

#: 137   Function Name: NtExtendSection
Status: Not hooked

#: 138   Function Name: NtFilterToken
Status: Not hooked

#: 139   Function Name: NtFindAtom
Status: Not hooked

#: 140   Function Name: NtFlushBuffersFile
Status: Not hooked

#: 141   Function Name: NtFlushInstructionCache
Status: Not hooked

#: 142   Function Name: NtFlushKey
Status: Not hooked

#: 143   Function Name: NtFlushProcessWriteBuffers
Status: Not hooked

#: 144   Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 145   Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 146   Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 147   Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 148   Function Name: NtFreezeRegistry
Status: Not hooked

#: 149   Function Name: NtFreezeTransactions
Status: Not hooked

#: 150   Function Name: NtFsControlFile
Status: Not hooked

#: 151   Function Name: NtGetContextThread
Status: Not hooked

#: 152   Function Name: NtGetDevicePowerState
Status: Not hooked

#: 153   Function Name: NtGetNlsSectionPtr
Status: Not hooked

#: 154   Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 155   Function Name: NtGetWriteWatch
Status: Not hooked

#: 156   Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 157   Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 158   Function Name: NtImpersonateThread
Status: Not hooked

#: 159   Function Name: NtInitializeNlsFiles
Status: Not hooked

#: 160   Function Name: NtInitializeRegistry
Status: Not hooked

#: 161   Function Name: NtInitiatePowerAction
Status: Not hooked

#: 162   Function Name: NtIsProcessInJob
Status: Not hooked

#: 163   Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 164   Function Name: NtListenPort
Status: Not hooked

#: 165   Function Name: NtLoadDriver
Status: Not hooked

#: 166   Function Name: NtLoadKey
Status: Not hooked

#: 167   Function Name: NtLoadKey2
Status: Not hooked

#: 168   Function Name: NtLoadKeyEx
Status: Not hooked

#: 169   Function Name: NtLockFile
Status: Not hooked

#: 170   Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 171   Function Name: NtLockRegistryKey
Status: Not hooked

#: 172   Function Name: NtLockVirtualMemory
Status: Not hooked

#: 173   Function Name: NtMakePermanentObject
Status: Not hooked

#: 174   Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 175   Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 176   Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 177   Function Name: NtMapViewOfSection
Status: Not hooked

#: 178   Function Name: NtModifyBootEntry
Status: Not hooked

#: 179   Function Name: NtModifyDriverEntry
Status: Not hooked

#: 180   Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 181   Function Name: NtNotifyChangeKey
Status: Not hooked

#: 182   Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 183   Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 184   Function Name: NtOpenEvent
Status: Not hooked

#: 185   Function Name: NtOpenEventPair
Status: Not hooked

#: 186   Function Name: NtOpenFile
Status: Not hooked

#: 187   Function Name: NtOpenIoCompletion
Status: Not hooked

#: 188   Function Name: NtOpenJobObject
Status: Not hooked

#: 189   Function Name: NtOpenKey
Status: Not hooked

#: 190   Function Name: NtOpenKeyTransacted
Status: Not hooked

#: 191   Function Name: NtOpenMutant
Status: Not hooked

#: 192   Function Name: NtOpenPrivateNamespace
Status: Not hooked

#: 193   Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 194   Function Name: NtOpenProcess
Status: Not hooked

#: 195   Function Name: NtOpenProcessToken
Status: Not hooked

#: 196   Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 197   Function Name: NtOpenSection
Status: Not hooked

#: 198   Function Name: NtOpenSemaphore
Status: Not hooked

#: 199   Function Name: NtOpenSession
Status: Not hooked

#: 200   Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 201   Function Name: NtOpenThread
Status: Not hooked

#: 202   Function Name: NtOpenThreadToken
Status: Not hooked

#: 203   Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 204   Function Name: NtOpenTimer
Status: Not hooked

#: 205   Function Name: NtPlugPlayControl
Status: Not hooked

#: 206   Function Name: NtPowerInformation
Status: Not hooked

#: 207   Function Name: NtPrivilegeCheck
Status: Not hooked

#: 208   Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 209   Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 210   Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 211   Function Name: NtPulseEvent
Status: Not hooked

#: 212   Function Name: NtQueryAttributesFile
Status: Not hooked

#: 213   Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 214   Function Name: NtQueryBootOptions
Status: Not hooked

#: 215   Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 216   Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 217   Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 218   Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 219   Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 220   Function Name: NtQueryDriverEntryOrder
Status: Not hooked

#: 221   Function Name: NtQueryEaFile
Status: Not hooked

#: 222   Function Name: NtQueryEvent
Status: Not hooked

#: 223   Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 224   Function Name: NtQueryInformationAtom
Status: Not hooked

#: 225   Function Name: NtQueryInformationFile
Status: Not hooked

#: 226   Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 227   Function Name: NtQueryInformationPort
Status: Not hooked

#: 228   Function Name: NtQueryInformationProcess
Status: Not hooked

#: 229   Function Name: NtQueryInformationThread
Status: Not hooked

#: 230   Function Name: NtQueryInformationToken
Status: Not hooked

#: 231   Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 232   Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 233   Function Name: NtQueryIoCompletion
Status: Not hooked

#: 234   Function Name: NtQueryKey
Status: Not hooked

#: 235   Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 236   Function Name: NtQueryMutant
Status: Not hooked

#: 237   Function Name: NtQueryObject
Status: Not hooked

#: 238   Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 239   Function Name: NtQueryOpenSubKeysEx
Status: Not hooked

#: 240   Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 241   Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 242   Function Name: NtQuerySection
Status: Not hooked

#: 243   Function Name: NtQuerySecurityObject
Status: Not hooked

#: 244   Function Name: NtQuerySemaphore
Status: Not hooked

#: 245   Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 246   Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 247   Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 248   Function Name: NtQuerySystemInformation
Status: Not hooked

#: 249   Function Name: NtQuerySystemTime
Status: Not hooked

#: 250   Function Name: NtQueryTimer
Status: Not hooked

#: 251   Function Name: NtQueryTimerResolution
Status: Not hooked

#: 252   Function Name: NtQueryValueKey
Status: Not hooked

#: 253   Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 254   Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 255   Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x848cdb70

#: 256   Function Name: NtRaiseException
Status: Not hooked

#: 257   Function Name: NtRaiseHardError
Status: Not hooked

#: 258   Function Name: NtReadFile
Status: Not hooked

#: 259   Function Name: NtReadFileScatter
Status: Not hooked

#: 260   Function Name: NtReadRequestData
Status: Not hooked

#: 261   Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x848cda08

#: 262   Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 263   Function Name: NtReleaseMutant
Status: Not hooked

#: 264   Function Name: NtReleaseSemaphore
Status: Not hooked

#: 265   Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 266   Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 267   Function Name: NtRenameKey
Status: Not hooked

#: 268   Function Name: NtReplaceKey
Status: Not hooked

#: 269   Function Name: NtReplacePartitionUnit
Status: Not hooked

#: 270   Function Name: NtReplyPort
Status: Not hooked

#: 271   Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 272   Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 273   Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 274   Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 275   Function Name: NtRequestPort
Status: Not hooked

#: 276   Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 277   Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 278   Function Name: NtResetEvent
Status: Not hooked

#: 279   Function Name: NtResetWriteWatch
Status: Not hooked

#: 280   Function Name: NtRestoreKey
Status: Not hooked

#: 281   Function Name: NtResumeProcess
Status: Not hooked

#: 282   Function Name: NtResumeThread
Status: Not hooked

#: 283   Function Name: NtSaveKey
Status: Not hooked

#: 284   Function Name: NtSaveKeyEx
Status: Not hooked

#: 285   Function Name: NtSaveMergedKeys
Status: Not hooked

#: 286   Function Name: NtSecureConnectPort
Status: Not hooked

#: 287   Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 288   Function Name: NtSetBootOptions
Status: Not hooked

#: 289   Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x848cdc60

#: 290   Function Name: NtSetDebugFilterState
Status: Not hooked

#: 291   Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 292   Function Name: NtSetDefaultLocale
Status: Not hooked

#: 293   Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 294   Function Name: NtSetDriverEntryOrder
Status: Not hooked

#: 295   Function Name: NtSetEaFile
Status: Not hooked

#: 296   Function Name: NtSetEvent
Status: Not hooked

#: 297   Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 298   Function Name: NtSetHighEventPair
Status: Not hooked

#: 299   Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 300   Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 301   Function Name: NtSetInformationFile
Status: Not hooked

#: 302   Function Name: NtSetInformationJobObject
Status: Not hooked

#: 303   Function Name: NtSetInformationKey
Status: Not hooked

#: 304   Function Name: NtSetInformationObject
Status: Not hooked

#: 305   Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x848cdeb8

#: 306   Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x848cdcd8

#: 307   Function Name: NtSetInformationToken
Status: Not hooked

#: 308   Function Name: NtSetIntervalProfile
Status: Not hooked

#: 309   Function Name: NtSetIoCompletion
Status: Not hooked

#: 310   Function Name: NtSetLdtEntries
Status: Not hooked

#: 311   Function Name: NtSetLowEventPair
Status: Not hooked

#: 312   Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 313   Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 314   Function Name: NtSetSecurityObject
Status: Not hooked

#: 315   Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 316   Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 317   Function Name: NtSetSystemInformation
Status: Not hooked

#: 318   Function Name: NtSetSystemPowerState
Status: Not hooked

#: 319   Function Name: NtSetSystemTime
Status: Not hooked

#: 320   Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 321   Function Name: NtSetTimer
Status: Not hooked

#: 322   Function Name: NtSetTimerResolution
Status: Not hooked

#: 323   Function Name: NtSetUuidSeed
Status: Not hooked

#: 324   Function Name: NtSetValueKey
Status: Not hooked

#: 325   Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 326   Function Name: NtShutdownSystem
Status: Not hooked

#: 327   Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 328   Function Name: NtStartProfile
Status: Not hooked

#: 329   Function Name: NtStopProfile
Status: Not hooked

#: 330   Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x848cde40

#: 331   Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x848cdbe8

#: 332   Function Name: NtSystemDebugControl
Status: Not hooked

#: 333   Function Name: NtTerminateJobObject
Status: Not hooked

#: 334   Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x848cdf30

#: 335   Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x848cdd50

#: 336   Function Name: NtTestAlert
Status: Not hooked

#: 337   Function Name: NtThawRegistry
Status: Not hooked

#: 338   Function Name: NtThawTransactions
Status: Not hooked

#: 339   Function Name: NtTraceEvent
Status: Not hooked

#: 340   Function Name: NtTraceControl
Status: Not hooked

#: 341   Function Name: NtTranslateFilePath
Status: Not hooked

#: 342   Function Name: NtUnloadDriver
Status: Not hooked

#: 343   Function Name: NtUnloadKey
Status: Not hooked

#: 344   Function Name: NtUnloadKey2
Status: Not hooked

#: 345   Function Name: NtUnloadKeyEx
Status: Not hooked

#: 346   Function Name: NtUnlockFile
Status: Not hooked

#: 347   Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 348   Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 349   Function Name: NtVdmControl
Status: Not hooked

#: 350   Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 351   Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 352   Function Name: NtWaitForSingleObject
Status: Not hooked

#: 353   Function Name: NtWaitHighEventPair
Status: Not hooked

#: 354   Function Name: NtWaitLowEventPair
Status: Not hooked

#: 355   Function Name: NtWriteFile
Status: Not hooked

#: 356   Function Name: NtWriteFileGather
Status: Not hooked

#: 357   Function Name: NtWriteRequestData
Status: Not hooked

#: 358   Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x848cda80

#: 359   Function Name: NtYieldExecution
Status: Not hooked

#: 360   Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 361   Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 362   Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 363   Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 364   Function Name: NtQueryPortInformationProcess
Status: Not hooked

#: 365   Function Name: NtGetCurrentProcessorNumber
Status: Not hooked

#: 366   Function Name: NtWaitForMultipleObjects32
Status: Not hooked

#: 367   Function Name: NtGetNextProcess
Status: Not hooked

#: 368   Function Name: NtGetNextThread
Status: Not hooked

#: 369   Function Name: NtCancelIoFileEx
Status: Not hooked

#: 370   Function Name: NtCancelSynchronousIoFile
Status: Not hooked

#: 371   Function Name: NtRemoveIoCompletionEx
Status: Not hooked

#: 372   Function Name: NtRegisterProtocolAddressInformation
Status: Not hooked

#: 373   Function Name: NtPropagationComplete
Status: Not hooked

#: 374   Function Name: NtPropagationFailed
Status: Not hooked

#: 375   Function Name: NtCreateWorkerFactory
Status: Not hooked

#: 376   Function Name: NtReleaseWorkerFactoryWorker
Status: Not hooked

#: 377   Function Name: NtWaitForWorkViaWorkerFactory
Status: Not hooked

#: 378   Function Name: NtSetInformationWorkerFactory
Status: Not hooked

#: 379   Function Name: NtQueryInformationWorkerFactory
Status: Not hooked

#: 380   Function Name: NtWorkerFactoryWorkerReady
Status: Not hooked

#: 381   Function Name: NtShutdownWorkerFactory
Status: Not hooked

#: 382   Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x848cd918

#: 383   Function Name: NtCreateUserProcess
Status: Hooked by "<unknown>" at address 0x848cd990

#: 384   Function Name: NtQueryLicenseValue
Status: Not hooked

#: 385   Function Name: NtMapCMFModule
Status: Not hooked

#: 386   Function Name: NtIsUILanguageComitted
Status: Not hooked

#: 387   Function Name: NtFlushInstallUILanguage
Status: Not hooked

#: 388   Function Name: NtGetMUIRegistryInfo
Status: Not hooked

#: 389   Function Name: NtAcquireCMFViewOwnership
Status: Not hooked

#: 390   Function Name: NtReleaseCMFViewOwnership
Status: Not hooked

root repeal hidden services
does not complete the scan!

rsit log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Taormina at 2011-02-08 20:27:31
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 178 GB (78%) free of 229 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:46 PM, on 2/8/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
J:\RSIT.exe
C:\Program Files\trend micro\Taormina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Li

[Temmu]

obviously ran out of space - again:

rsit log


Logfile of random's system information tool 1.06 (written by random/random)
Run by Taormina at 2011-02-08 20:27:31
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 178 GB (78%) free of 229 GB
Total RAM: 894 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:46 PM, on 2/8/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
J:\RSIT.exe
C:\Program Files\trend micro\Taormina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6036 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Taormina.job
C:\Windows\tasks\User_Feed_Synchronization-{A69D11DF-C5CE-43EA-BB51-AD1D766F08EF}.job
C:\Windows\tasks\wrSpySweeper_L0216702BBA51487CBAECEA3CA665B82A.job
C:\Windows\tasks\wrSpySweeper_LEC5FEA63B1534AD49A406B78701F1CB7.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-09 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23 160056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe /atstartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\nino nindo\iTunesHelper.exe [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-04-06 8429568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-04-06 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-04-06 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-04-04 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-29 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe /atstartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Taormina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\Users\Taormina\Desktop\LimeWire\LimeWire.exe -startup []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d663642-c82e-11dd-af2a-0040ca9e900d}]
shell\Auto\command - Microsoft.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Microsoft.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e91ee01-3462-11df-8a15-0040ca9e900d}]
shell\AutoRun\command - "J:\Install FreeAgent Tools.exe" /run


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-02-08 14:37:16 ----A---- C:\TDSSKiller.2.4.12.0_08.02.2011_14.37.16_log.txt
2011-02-08 14:12:42 ----D---- C:\ProgramData\McAfee Security Scan
2011-02-08 14:12:31 ----D---- C:\Program Files\McAfee Security Scan
2011-02-07 20:37:28 ----SHD---- C:\Config.Msi
2011-02-07 19:15:02 ----D---- C:\Windows\en
2011-02-07 19:06:13 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-02-07 19:06:13 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-02-07 19:06:12 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-02-07 19:04:49 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-04 13:53:06 ----AD---- C:\Kaspersky Rescue Disk 10.0
2011-01-12 02:38:36 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 02:38:20 ----A---- C:\Windows\system32\sdclt.exe
2010-12-19 16:38:09 ----D---- C:\Users\Taormina\AppData\Roaming\OpenCandy
2010-12-16 16:32:49 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 16:32:48 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 16:32:47 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 16:32:47 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 16:32:47 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 16:32:25 ----A---- C:\Windows\system32\consent.exe
2010-12-16 16:32:16 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 16:32:16 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 16:32:15 ----A---- C:\Windows\system32\fontsub.dll
2010-12-16 16:32:02 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 16:32:01 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 16:32:00 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 16:31:57 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 16:31:56 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-16 16:31:54 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 16:31:54 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 16:31:54 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 16:31:53 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-16 16:31:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 16:31:51 ----A---- C:\Windows\system32\occache.dll
2010-12-16 16:31:51 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-16 16:31:51 ----A---- C:\Windows\system32\ieui.dll
2010-12-16 16:31:51 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 16:31:50 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 16:31:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-16 16:31:49 ----A---- C:\Windows\system32\iesetup.dll
2010-12-16 16:31:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-16 16:31:48 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-16 16:31:47 ----A---- C:\Windows\system32\iernonce.dll
2010-12-16 16:31:46 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-16 16:28:41 ----A---- C:\Windows\system32\tzres.dll
2010-12-03 21:11:39 ----A---- C:\Windows\system32\webservices.dll

======List of files/folders modified in the last 3 months======

2011-02-08 20:27:45 ----D---- C:\Windows\Temp
2011-02-08 20:27:42 ----D---- C:\Windows\Prefetch
2011-02-08 20:27:33 ----D---- C:\Program Files\trend micro
2011-02-08 20:01:52 ----HD---- C:\Windows\inf
2011-02-08 20:01:52 ----D---- C:\Windows\System32
2011-02-08 20:01:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-08 14:37:16 ----D---- C:\Windows\system32\drivers
2011-02-08 14:12:42 ----HD---- C:\ProgramData
2011-02-08 14:12:31 ----RD---- C:\Program Files
2011-02-08 14:12:28 ----D---- C:\ProgramData\McAfee
2011-02-08 14:12:18 ----D---- C:\hosts
2011-02-08 11:39:42 ----SHD---- C:\System Volume Information
2011-02-08 08:03:37 ----A---- C:\Windows\ntbtlog.txt
2011-02-07 20:44:29 ----SHD---- C:\Windows\Installer
2011-02-07 19:32:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-07 19:25:43 ----D---- C:\Windows\system32\Tasks
2011-02-07 19:25:42 ----D---- C:\Windows\Tasks
2011-02-07 19:17:49 ----D---- C:\Windows\Microsoft.NET
2011-02-07 19:16:48 ----RSD---- C:\Windows\assembly
2011-02-07 19:15:02 ----D---- C:\Windows
2011-02-07 19:14:27 ----DC---- C:\Windows\system32\DRVSTORE
2011-02-07 19:11:51 ----D---- C:\Program Files\Windows Live
2011-02-07 19:09:30 ----RSD---- C:\Windows\Fonts
2011-02-07 19:08:29 ----SD---- C:\ProgramData\Microsoft
2011-02-07 19:08:24 ----D---- C:\Windows\winsxs
2011-02-07 19:07:50 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-07 18:35:46 ----D---- C:\Users\Taormina\AppData\Roaming\Unity
2011-02-07 18:35:46 ----D---- C:\Program Files\Unity
2011-02-07 18:34:17 ----SHD---- C:\$RECYCLE.BIN
2011-02-07 18:29:21 ----D---- C:\Windows\system32\catroot2
2011-02-07 18:24:32 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-07 18:24:32 ----D---- C:\Program Files\BigFix
2011-02-07 18:22:46 ----SD---- C:\Users\Taormina\AppData\Roaming\Microsoft
2011-02-07 18:22:44 ----D---- C:\Program Files\Virtools
2011-02-04 18:10:05 ----D---- C:\Program Files\SIFXINST
2011-02-03 20:50:19 ----D---- C:\Users\Taormina\AppData\Roaming\FrostWire
2011-01-12 03:03:51 ----A---- C:\Windows\system32\mrt.exe
2011-01-12 02:36:42 ----D---- C:\Windows\system32\catroot
2010-12-29 22:11:28 ----D---- C:\Users\Taormina\AppData\Roaming\Skype
2010-12-29 21:02:38 ----D---- C:\Users\Taormina\AppData\Roaming\skypePM
2010-12-17 03:44:36 ----D---- C:\Windows\rescache
2010-12-17 03:25:45 ----D---- C:\Program Files\Windows Mail
2010-12-17 03:25:40 ----D---- C:\Program Files\Internet Explorer
2010-12-17 03:25:39 ----D---- C:\Windows\system32\migration
2010-12-17 03:05:53 ----D---- C:\Windows\system32\en-US
2010-11-13 23:42:00 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-04-17 1032104]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-06 7476704]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 vmcam326av;HP Camera; C:\Windows\System32\Drivers\vmcam326av.sys [2007-04-13 100096]
S3 vvftav;326 Solborn filter service name, vista ver; C:\Windows\system32\drivers\vvftav.sys [2007-04-13 279680]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-18 521216]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-05-21 65536]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-03-12 1201640]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 190448]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe [2010-10-04 237008]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[Corrine]

Hi, Temmu.

I see you already ran TDSSKiller.  Was anything found?

I'm shutting down for the night so have just given your log a cursory check and nothing stood out, although I note outdated Java and Adobe Reader:

Java(TM) SE Runtime Environment 6 Update 1
Adobe Reader 8.1.4

Please do the following:

Please download JavaRa and unzip it to your desktop.

• Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  
• Click on Remove Older Versions to remove older versions of Java.
  
• A logfile will pop up. Please save it to a convenient location.
  

Then download and install Java SE Runtime Environment (JRE) 6 Update 23.   

Download Link: Java SE Runtime Environment 6u23

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

Adobe Reader had critical updates, released today.  See http://www.landzdown.com/index.php/topic,49403.0.html for links.

Let's see if a different A/V finds something:  Please go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
  
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic and also let me know how things are now.

[winchester73]

Did this start about the same time you switched to a new ISP?

[Temmu]

corrine - 2 online scans have found nothing.  - will try eset's (didn't know they had one)
- also, tdskiller came up empty.

winchester73 - no.  am helping a friend, it is her pc (different isp)

thanks!

[Corrine]

Missed this last night:

Antivirus/Firewall Check:

Webroot AntiVirus with Spy Sweeper
McAfee Security Scan Plus

Uninstall McAfee Security Scan Plus.

[Temmu]

ok, but it's only been on there to do the online scan.  which, of course, failed to run.  even with webroot off.

[Corrine]

No problem then.  I thought it was mistakenly downloaded by the owner with an Adobe update. 

Any luck with the ESET scan?

[Temmu]

first and foremost, thank you for looking and commenting, corrine  :rose: and winchester73  :Win73:

um...
i think i know why nothing made anything better.
and why nothing shows up in all these logs.

ready?

i think it's ms updates.
some machines just won't work if they have updates pending.
this had 'em pending.
i updated and it had more.
and more.
and more.

when ms was done vomiting all over itself, the machine ran, well, ran ok.  
alright, ran ok for a vista machine.

and i know someone is going to say how much they love vista.
and i know some who honestly loved m.e. (messed up edition.)
both precursors to the best os of their time, xp, and 7.
o, xp, we hardly knew you. - shakespear. (he stole that from his neighbor, ed.)

but i digress.  don't i always?

anyway, my guess, ms updates vomiting all over the os.
with the puke gone, the os feels better now.

ciao. (chow)

[Temmu]

ok

i'm wrong.

there is something on that machine transmitting.

webroot keeps displaying
"The internet commuication shield has blocked access to:
get-access.host.sk"

or any number of sites.

help.

thanks.

[Corrine]

Hi, Temmu.

Let's see if ComboFix finds anything.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

• Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
• Double-click ComboFix.exe on your desktop and follow the prompts.
• As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  
  


• After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  


• Click "Yes" to continue scanning for malware.


• When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

[Temmu]

o great and might queen,

ps
webroot is still blocking outgoing website connections
i am not running a browser.
the pc is of its own accord attempting to connect to the internet.

due to length, i'll post this first, then wait a few minutes for the "posts it to the same thing you just posted to" thing times out so it shows up in a separate box

combo fix log


ComboFix 11-02-09.05 - Taormina 02/10/2011   9:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.894.320 [GMT -6:00]
Running from: c:\users\Taormina\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\users\Taormina\GoogleEarthPluginSetup.exe
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2011-01-10 to 2011-02-10  )))))))))))))))))))))))))))))))
.

2011-02-10 15:22 . 2011-02-10 15:23   --------   d-----w-   c:\users\Taormina\AppData\Local\temp
2011-02-10 15:22 . 2011-02-10 15:22   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-02-10 04:53 . 2011-02-10 08:40   --------   d-----w-   c:\program files\MyDefrag v4.3.1
2011-02-09 22:50 . 2010-12-31 13:57   2039808   ----a-w-   c:\windows\system32\win32k.sys
2011-02-09 22:50 . 2010-10-15 14:08   3602320   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-02-09 22:50 . 2010-10-15 14:08   3550096   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-02-09 22:50 . 2010-10-15 13:48   1205080   ----a-w-   c:\windows\system32\ntdll.dll
2011-02-09 22:50 . 2011-01-06 10:51   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 17:40 . 2011-01-13 09:41   5890896   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9A9BA9F-E0DB-4FB8-9280-EC09DDCD2B5F}\mpengine.dll
2011-02-08 01:15 . 2011-02-08 01:15   --------   d-----w-   c:\windows\en
2011-02-08 01:14 . 2010-09-23 06:21   39272   ----a-w-   c:\windows\system32\drivers\fssfltr.sys
2011-02-08 01:06 . 2009-09-04 23:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2011-02-08 01:06 . 2009-09-04 23:44   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2011-02-08 01:06 . 2009-09-04 23:29   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2011-02-08 01:04 . 2011-02-08 14:02   --------   d-----w-   c:\program files\Microsoft Silverlight
2011-02-08 00:51 . 2011-02-08 00:51   6260088   ----a-w-   c:\program files\Common Files\Windows Live\.cache\4d69003f1cbc72a01\Silverlight.4.0.exe
2011-02-04 19:53 . 2011-02-05 00:57   --------   d---a-w-   C:\Kaspersky Rescue Disk 10.0
2011-01-12 08:38 . 2010-12-28 15:55   413696   ----a-w-   c:\windows\system32\odbc32.dll
2011-01-12 08:38 . 2010-12-28 15:53   253952   ----a-w-   c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:38 . 2010-12-28 15:53   708608   ----a-w-   c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:38 . 2010-12-28 15:53   241664   ----a-w-   c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:38 . 2010-12-28 15:53   180224   ----a-w-   c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:38 . 2010-12-28 15:53   57344   ----a-w-   c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 08:38 . 2010-12-14 14:49   1169408   ----a-w-   c:\windows\system32\sdclt.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2010-09-20 14:46   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-09-20 14:46   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 21:14   238968   ----a-w-   c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Taormina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Taormina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04   39792   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40   1197648   ----a-w-   c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33   125952   ----a-w-   c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07   141608   ----a-w-   c:\nino nindo\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-21 00:08   963976   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06   4351216   ----a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-23 06:47   4240760   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-04-06 21:21   8429568   ----a-w-   c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-04-06 21:21   81920   ----a-w-   c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-04-06 21:21   86016   ----a-w-   c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 17:45   75304   ----a-w-   c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08   417792   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-10 23:01   4431872   ----a-w-   c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05   111856   ----a-w-   c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28   1233920   ----a-w-   c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 22:57   26192168   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-05 00:22   1822720   ----a-w-   c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 21:19   6515784   ----a-w-   c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 18:16   185896   ----a-w-   c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-29 19:50   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33   202240   ----a-w-   c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05   111856   ----a-w-   c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 21:54]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 21:54]

2011-02-10 c:\windows\Tasks\User_Feed_Synchronization-{A69D11DF-C5CE-43EA-BB51-AD1D766F08EF}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]

2011-02-07 c:\windows\Tasks\wrSpySweeper_L0216702BBA51487CBAECEA3CA665B82A.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-12 21:19]

2011-02-07 c:\windows\Tasks\wrSpySweeper_L0216702BBA51487CBAECEA3CA665B82A.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-12 21:19]

2011-02-10 c:\windows\Tasks\wrSpySweeper_LEC5FEA63B1534AD49A406B78701F1CB7.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-12 21:19]

2011-02-10 c:\windows\Tasks\wrSpySweeper_LEC5FEA63B1534AD49A406B78701F1CB7.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-12 21:19]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 09:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-10  09:25:39
ComboFix-quarantined-files.txt  2011-02-10 15:25

Pre-Run: 164,013,158,400 bytes free
Post-Run: 165,117,116,416 bytes free

- - End Of File - - 4C385F5B2B21898FDBB0C7FC4CEF82A9

[Temmu]

part too


Logfile of random's system information tool 1.06 (written by random/random)
Run by Taormina at 2011-02-10 09:35:18
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 158 GB (69%) free of 229 GB
Total RAM: 894 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:23 AM, on 2/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
J:\RSIT.exe
C:\Program Files\trend micro\Taormina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5016 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{A69D11DF-C5CE-43EA-BB51-AD1D766F08EF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-09 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23 160056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\nino nindo\iTunesHelper.exe [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-04-06 8429568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-04-06 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-04-06 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-04-04 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-29 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe /atstartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Taormina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\Users\Taormina\Desktop\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2011-02-10 09:25:51 ----SHD---- C:\$RECYCLE.BIN
2011-02-10 09:25:42 ----D---- C:\Windows\temp
2011-02-10 09:25:40 ----A---- C:\ComboFix.txt
2011-02-10 09:12:42 ----A---- C:\Windows\zip.exe
2011-02-10 09:12:42 ----A---- C:\Windows\SWSC.exe
2011-02-10 09:12:42 ----A---- C:\Windows\SWREG.exe
2011-02-10 09:12:42 ----A---- C:\Windows\sed.exe
2011-02-10 09:12:42 ----A---- C:\Windows\PEV.exe
2011-02-10 09:12:42 ----A---- C:\Windows\NIRCMD.exe
2011-02-10 09:12:42 ----A---- C:\Windows\MBR.exe
2011-02-10 09:12:42 ----A---- C:\Windows\grep.exe
2011-02-10 09:12:26 ----D---- C:\Windows\ERDNT
2011-02-10 09:12:25 ----D---- C:\ComboFix
2011-02-10 09:11:57 ----AD---- C:\Qoobox
2011-02-10 09:11:39 ----A---- C:\Windows\SWXCACLS.exe
2011-02-09 22:53:21 ----D---- C:\Program Files\MyDefrag v4.3.1
2011-02-09 16:50:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 16:50:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 16:50:34 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\FntCache.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\DWrite.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\d2d1.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\mf.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\dxgi.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\d3d10.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\stobject.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-09 16:49:18 ----A---- C:\Windows\system32\mfplat.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-09 16:49:16 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-09 16:49:16 ----A---- C:\Windows\system32\mfps.dll
2011-02-09 16:49:16 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 16:48:44 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 16:48:43 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 16:48:42 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 16:48:42 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 16:48:42 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\occache.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-09 16:48:41 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iesetup.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iernonce.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-09 16:48:40 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 16:48:34 ----A---- C:\Windows\system32\shell32.dll
2011-02-09 16:48:32 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-09 16:48:27 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 16:48:26 ----A---- C:\Windows\system32\atmlib.dll
2011-02-08 14:37:16 ----A---- C:\TDSSKiller.2.4.12.0_08.02.2011_14.37.16_log.txt
2011-02-07 20:37:28 ----D---- C:\Config.Msi
2011-02-07 19:15:02 ----D---- C:\Windows\en
2011-02-07 19:06:13 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-02-07 19:06:13 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-02-07 19:06:12 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-02-07 19:04:49 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-04 13:53:06 ----AD---- C:\Kaspersky Rescue Disk 10.0
2011-01-12 02:38:36 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 02:38:20 ----A---- C:\Windows\system32\sdclt.exe
2010-12-19 16:38:09 ----D---- C:\Users\Taormina\AppData\Roaming\OpenCandy
2010-12-16 16:32:49 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 16:32:48 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 16:32:47 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 16:32:47 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 16:32:47 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 16:32:25 ----A---- C:\Windows\system32\consent.exe
2010-12-16 16:32:15 ----A---- C:\Windows\system32\fontsub.dll
2010-12-16 16:28:41 ----A---- C:\Windows\system32\tzres.dll
2010-12-03 21:11:39 ----A---- C:\Windows\system32\webservices.dll

======List of files/folders modified in the last 3 months======

2011-02-10 09:35:23 ----D---- C:\Windows\Prefetch
2011-02-10 09:35:19 ----D---- C:\Program Files\trend micro
2011-02-10 09:25:42 ----D---- C:\Windows
2011-02-10 09:25:15 ----D---- C:\Windows\Tasks
2011-02-10 09:23:21 ----A---- C:\Windows\system.ini
2011-02-10 09:22:21 ----D---- C:\Program Files\Common Files
2011-02-10 09:20:06 ----D---- C:\Windows\System32
2011-02-10 09:19:09 ----D---- C:\Windows\system32\drivers
2011-02-10 09:19:09 ----D---- C:\Windows\AppPatch
2011-02-10 09:11:01 ----HD---- C:\Windows\inf
2011-02-10 09:11:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-10 02:03:40 ----SHD---- C:\System Volume Information
2011-02-09 22:53:21 ----RD---- C:\Program Files
2011-02-09 22:47:56 ----D---- C:\hosts
2011-02-09 22:37:21 ----D---- C:\Temp
2011-02-09 22:24:36 ----D---- C:\Windows\SMINST
2011-02-09 17:40:25 ----D---- C:\Windows\rescache
2011-02-09 17:34:48 ----D---- C:\Windows\winsxs
2011-02-09 17:24:40 ----D---- C:\Windows\system32\catroot
2011-02-09 17:20:21 ----D---- C:\Program Files\Windows Mail
2011-02-09 17:20:15 ----D---- C:\Program Files\Internet Explorer
2011-02-09 17:20:14 ----D---- C:\Windows\system32\migration
2011-02-09 17:12:33 ----A---- C:\Windows\system32\mrt.exe
2011-02-09 17:05:03 ----D---- C:\ProgramData
2011-02-09 16:47:57 ----D---- C:\Windows\system32\catroot2
2011-02-08 14:12:28 ----D---- C:\ProgramData\McAfee
2011-02-08 08:03:37 ----A---- C:\Windows\ntbtlog.txt
2011-02-07 20:44:29 ----SHD---- C:\Windows\Installer
2011-02-07 19:32:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-07 19:25:43 ----D---- C:\Windows\system32\Tasks
2011-02-07 19:17:49 ----D---- C:\Windows\Microsoft.NET
2011-02-07 19:16:48 ----RSD---- C:\Windows\assembly
2011-02-07 19:14:27 ----DC---- C:\Windows\system32\DRVSTORE
2011-02-07 19:11:51 ----D---- C:\Program Files\Windows Live
2011-02-07 19:09:30 ----RSD---- C:\Windows\Fonts
2011-02-07 19:08:29 ----SD---- C:\ProgramData\Microsoft
2011-02-07 19:07:50 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-07 18:35:46 ----D---- C:\Users\Taormina\AppData\Roaming\Unity
2011-02-07 18:35:46 ----D---- C:\Program Files\Unity
2011-02-07 18:24:32 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-07 18:24:32 ----D---- C:\Program Files\BigFix
2011-02-07 18:22:46 ----SD---- C:\Users\Taormina\AppData\Roaming\Microsoft
2011-02-07 18:22:44 ----D---- C:\Program Files\Virtools
2011-02-04 18:10:05 ----D---- C:\Program Files\SIFXINST
2011-02-03 20:50:19 ----D---- C:\Users\Taormina\AppData\Roaming\FrostWire
2010-12-29 22:11:28 ----D---- C:\Users\Taormina\AppData\Roaming\Skype
2010-12-29 21:02:38 ----D---- C:\Users\Taormina\AppData\Roaming\skypePM
2010-12-17 03:05:53 ----D---- C:\Windows\system32\en-US
2010-11-13 23:42:00 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-04-17 1032104]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-06 7476704]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 catchme;catchme; \??\C:\Users\Taormina\AppData\Local\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 vmcam326av;HP Camera; C:\Windows\System32\Drivers\vmcam326av.sys [2007-04-13 100096]
S3 vvftav;326 Solborn filter service name, vista ver; C:\Windows\system32\drivers\vvftav.sys [2007-04-13 279680]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-18 521216]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-05-21 65536]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-03-12 1201640]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 190448]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[Corrine]

From http://www.mvps.org/winhelp2002/hosts.txt -- 127.0.0.1  get-access.host.sk #[McAfee.StartPage-IR] and in a thread at Bleeping Computer the entry is shown as having been added to the HOSTS file by StopZilla.

I'm still seeing the vulnerable Adobe and Java.  Please see my previous instructions about updating both.

The next step is to uninstall Limewire.

[Corrine]

Hi, Temmu.

Had a problem with our cable today so I was offline most of the day.  They finally found the problem at the pole and repaired it this afternoon.

The reason I suggested uninstalling Limewire is because it is set for startup and it may be the culprit, particularly if the owner gave it firewall permission. 

After you've caught up with the Adobe/Java updates, I have a minor fix I'd like to do with ComboFix.