1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan virus!

Discussion in 'Virus & Other Malware Removal' started by Hyde676, Jan 4, 2011.

Thread Status:
Not open for further replies.
  1. Hyde676

    Hyde676 Thread Starter

    Joined:
    Jun 1, 2010
    Messages:
    9
    After closing down an MMORPG I was playing, it went to a blue screen where I briefly saw some message about deleting parts of my system (?) before the quick countdown ended and my computer restarted. It seemed find when I started up again, but I scanned using malwarebytes and got this:
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

    Here are my logs:
    -----------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:31:45 AM, on 1/4/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
    C:\Windows\System32\HWKeyPlus.exe
    C:\Windows\System32\HWTabTray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\Hyde\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe
    C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Users\Hyde\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Hyde\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
    O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
    O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
    O4 - HKLM\..\Run: [HWTablet KeyPlus] C:\Windows\system32\HWKeyPlus.exe
    O4 - HKLM\..\Run: [HWTablet Service] C:\Windows\system32\HWTabTray.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe"
    O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
    O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{0E4ADA09-3962-4345-A16E-5CFA1908C931}
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Hyde\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Meebo Notifier] "C:\Users\Hyde\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Transfer by Image Converter 3 - C:\Program Files\Sony\Image Converter 3\menu.htm
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://audition.bugs.co.kr/public_inc/images/cab/swflash.cab
    O16 - DPF: {D6440B15-8FD8-455C-AE55-8D3198F49638} (ExcuteHbsAudition Class) - http://xb.hanbitstation.jp/Game/XBLauncher.cab
    O16 - DPF: {E1CE4482-98E9-48F8-8D0D-EF03BC9E26F3} (BugsGameStarts Class) - http://audition.bugs.co.kr/Game/BugsGameStart.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HWSuperPowerTablet - Unknown owner - C:\Windows\jwpen.exe
    O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe
    O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 3\IcVzMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 16343 bytes

    ----------------------------

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Hyde at 10:33:29.70 on Tue 01/04/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.639 [GMT -8:00]

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\brsvc01a.exe
    C:\Windows\system32\brss01a.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\jwpen.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Nexon\Mabinogi\npkcmsvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\System32\STacSV.exe
    C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
    C:\Windows\System32\HWKeyPlus.exe
    C:\Windows\System32\HWTabTray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\Hyde\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe
    C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Users\Hyde\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Windows\system32\notepad.exe
    C:\Users\Hyde\Desktop\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Hyde\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
    mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
    mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
    TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
    TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
    uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{0E4ADA09-3962-4345-A16E-5CFA1908C931}
    uRun: [Google Update] "c:\users\hyde\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Meebo Notifier] "c:\users\hyde\appdata\local\meebo\meebo notifier\MeeboNotifier.exe" /startup
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [AppMon Utility] "c:\program files\sony\appmonutil\AppMonUtility.exe" @@@Start
    mRun: [HWTablet KeyPlus] c:\windows\system32\HWKeyPlus.exe
    mRun: [HWTablet Service] c:\windows\system32\HWTabTray.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [QuickBooks Simple Start] "c:\program files\intuit\simplestartentice\entice.exe"
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe"
    mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
    mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
    mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\Vista VAIO Survey.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\wnda3100.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
    IE: Transfer by Image Converter 3 - c:\program files\sony\image converter 3\menu.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2007.4.4.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher_v1013.cab
    DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} - hxxp://config.hyosungcdn.com/download/p3xset.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://audition.bugs.co.kr/public_inc/images/cab/swflash.cab
    DPF: {D6440B15-8FD8-455C-AE55-8D3198F49638} - hxxp://xb.hanbitstation.jp/Game/XBLauncher.cab
    DPF: {E1CE4482-98E9-48F8-8D0D-EF03BC9E26F3} - hxxp://audition.bugs.co.kr/Game/BugsGameStart.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\hyde\appdata\roaming\mozilla\firefox\profiles\tsvb069b.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.the-dollars.com/dchat/index.php
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
    FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\users\hyde\appdata\roaming\mozilla\firefox\profiles\tsvb069b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
    FF - component: c:\users\hyde\appdata\roaming\mozilla\firefox\profiles\tsvb069b.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    FF - component: c:\users\hyde\appdata\roaming\mozilla\firefox\profiles\tsvb069b.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\hyde\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\windows\system32\npOGPPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Kempelton: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Nemesis: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: ANTHEM: {07b2a769-ed19-4483-87ce-c643914c9626} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
    FF - Ext: tektek.org GaiaOnline Toolbar 2.1: {0df7b3bb-9581-44bb-835f-061a29ec8a46} - %profile%\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
    FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
    FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    FF - Ext: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - %profile%\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
    FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: iFox Smooth: {d3d70bca-2d54-425e-b02c-b7e2f4b07688} - %profile%\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
    FF - Ext: iFox Smooth: {d3d70bca-2d54-425e-b02c-b7e2f4b07688} - %profile%\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Ask Chrome Search Engine: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    FF - Ext: YouTube mp3: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    FF - Ext: Virtus Search Opt-in: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: 1-Click YouTube Video Downloader: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
    FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
    FF - Ext: Veoh Browser Plug-in: [email protected] - c:\program files\veoh networks\veoh\plugins\noreg\VideoFinder4

    ============= SERVICES / DRIVERS ===============

    P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-29 144888]
    R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-7-30 38448]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-19 342128]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\programdata\symantec\definitions\symcdata\idsdefs\20070108.003\IDSvix86.sys [2007-3-22 212280]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\jwpen.exe [2009-3-29 66560]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-29 21256]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-29 62800]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-19 70216]
    R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
    R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-2-5 742144]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-19 91640]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-19 43288]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-3-12 72448]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-3-12 43904]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
    R3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [2007-3-12 699520]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-3-13 30976]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-3-12 807424]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2006-11-16 21504]
    S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2006-11-16 20480]
    S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2007-3-22 75952]
    S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2007-3-22 67760]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-19 65224]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-5-21 15656]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

    =============== Created Last 30 ================

    2010-12-18 23:52:47 -------- d-----w- c:\program files\HyperCam Toolbar
    2010-12-18 23:52:21 -------- d-----w- c:\program files\HyCam2

    ==================== Find3M ====================

    2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll
    2010-10-07 20:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 20:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 20:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 10:35:10.78 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/27/2009 6:02:25 PM
    System Uptime: 1/4/2011 12:20:13 AM (10 hours ago)

    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | N/A | 2000/167mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 261 GiB total, 162.829 GiB free.
    E: is Removable
    F: is CDROM ()
    G: is Removable
    H: is FIXED (NTFS) - 30 GiB total, 11.008 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd

    ==== System Restore Points ===================

    RP68: 10/14/2010 1:54:50 AM - Windows Update
    RP69: 10/21/2010 12:35:29 PM - Scheduled Checkpoint
    RP70: 10/27/2010 12:36:52 AM - Windows Update
    RP71: 11/3/2010 10:49:33 AM - Scheduled Checkpoint
    RP72: 11/9/2010 11:55:08 PM - Windows Update
    RP73: 11/15/2010 9:51:14 PM - Windows Update
    RP74: 11/23/2010 7:10:30 PM - Scheduled Checkpoint
    RP75: 11/30/2010 9:44:53 PM - Scheduled Checkpoint
    RP76: 12/7/2010 10:34:04 AM - Before Winter Break
    RP77: 12/7/2010 10:35:23 AM - Before Winter Break (H)
    RP78: 12/15/2010 2:52:31 AM - Scheduled Checkpoint
    RP79: 12/15/2010 3:00:15 AM - Windows Update
    RP80: 12/17/2010 2:46:05 PM - Removed Compatibility Pack for the 2007 Office system
    RP81: 12/24/2010 3:00:36 PM - Scheduled Checkpoint
    RP82: 1/1/2011 5:18:25 AM - Scheduled Checkpoint
    RP83: 1/4/2011 12:35:24 AM - Removed Windows Sidebar Styler

    ==== Installed Programs ======================


    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS2
    Adobe Photoshop CS3
    Adobe Reader 9.3.3
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Aleks 3.13
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AppMon Utility
    Audacity 1.2.6
    Audition
    AviSynth 2.5
    Bonjour
    CCleaner (remove only)
    CD Art Display 2.0.1
    Chinese Simplified Fonts Support For Adobe Reader 9
    Cisco NAC Agent
    Click to DVD 2.0.05 Menu Data
    Click to DVD 2.6.00
    Cobian Backup 9
    DNA
    DSD Direct
    DSD Direct Player
    DSD Playback Plug-in
    DVDVideoSoftTB Toolbar
    Free 3GP Video Converter version 3.5
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    Google Chrome
    Grouper Screen Saver 1.0
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    HyperCam 2
    HyperCam Toolbar
    ijji
    Image Converter 3
    Intel(R) Graphics Media Accelerator Driver
    Internet Explorer Zoom Utility
    iPod for Windows 2005-09-23
    iTunes
    Japanese Fonts Support For Adobe Reader 9
    Jasc Animation Shop 3
    Jasc Paint Shop Pro 9
    Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    La Tale
    LAN-Express AS IEEE 802.11 Wireless LAN
    LocationFree Player
    Mabinogi
    Malwarebytes' Anti-Malware
    MapleStory
    McAfee Agent
    McAfee VirusScan Enterprise
    Meebo Notifier
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft MPEG-4 VKI Video Codec V1/V2/V3
    Microsoft Office XP Professional with FrontPage
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Microsoft® Winter Fun Pack 2004 for Windows® XP
    mIRC
    Morphyre
    Mozilla Firefox (3.5.16)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Neffy 1,2,1,11
    NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OGPlanet Game Launcher
    openCanvas4.5.09e Plus
    OpenMG Limited Patch 4.7-07-13-24-01
    OpenMG Secure Module 4.7.00
    OpenOffice.org Installer 1.0
    Paint.NET v3.36
    Pando Media Booster
    PaperPort
    Paragon Partition Manager 8.5 Personal Demo
    PDF Settings
    QuickBooks Product Listing Service
    QuickBooks Simple Start Free Starter Edition
    QuickTime
    Rainlendar2 (remove only)
    RealPlayer
    Rhapsody Player Engine
    SAMSUNG CDMA Modem Driver Set
    Samsung Mobile phone USB driver Drive Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio
    Samsung PC Studio 3 USB Driver Installer
    Security Update for CAPICOM (KB931906)
    Setting Utility Series
    Simple Start Entice
    Skype Toolbars
    Skype™ 5.0
    SoftSkies
    SonicStage 4.3
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Audio Filter Custom Preset
    SonicStage Mastering Studio Plugins
    Sony Utilities DLL
    Sony Video Shared Library
    SupportSoft Assisted Service
    System Requirements Lab
    [email protected] ZS4 Video Editor v0.958-686
    Tablet Driver
    Uninstall 1.0.0.1
    VAIO Action Setup
    VAIO Azure Float Wallpaper
    VAIO Camera Capture Utility
    VAIO Camera Utility
    VAIO Center Access Bar
    VAIO Central
    VAIO Entertainment Center
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Floral Dusk Wallpaper
    VAIO Help And Support
    VAIO Media
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.0
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool
    VAIO Media Registration Tool 6.0
    VAIO OOBE
    VAIO Photo 2007
    VAIO Productivity Center
    VAIO Security Center
    VAIO Survey
    VAIO Teal Whisper Wallpaper
    VAIO Update 3
    VeohTV BETA
    VLC media player 1.1.1
    Wacom Tablet
    WD SmartWare
    Winamp
    Winamp Detector Plug-in
    Windows 7 Upgrade Advisor
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinRAR archiver
    WinZip 11.1
    WNDA3100
    X-BEAT
    XviD MPEG-4 Video Codec

    ==== Event Viewer Messages From Past Week ========

    12/31/2010 2:50:53 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 10.0.0.8, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    12/31/2010 2:45:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    12/31/2010 2:44:24 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 2:43:56 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/29/2010 11:59:07 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 97.90.131.137, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    12/29/2010 11:53:48 PM, Error: yukonw7 [101] - Driver status 1
    1/4/2011 8:35:44 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer COURTNEY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94AF4B5C-5A56-4F84-9412-C10C5A. The master browser is stopping or an election is being forced.
    1/4/2011 12:23:52 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.234.104.56, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    1/4/2011 12:23:50 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    1/4/2011 12:22:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    1/4/2011 12:21:14 AM, Error: Service Control Manager [7000] - The HYRDBios service failed to start due to the following error: The system cannot find the file specified.
    1/4/2011 12:21:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0xb70bd715, 0xb4c2d5c4, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010411-50325-01.
    1/4/2011 12:20:22 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    1/4/2011 10:33:44 AM, Error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    1/3/2011 11:51:02 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer RICK-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94AF4B5C-5A56-4F84-9412-C10C5A5E. The master browser is stopping or an election is being forced.
    1/3/2011 11:35:42 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    1/1/2011 8:55:40 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.157.171, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    1/1/2011 8:55:24 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    1/1/2011 7:04:51 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 10.0.0.4, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    1/1/2011 7:04:40 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 97.90.138.0, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    1/1/2011 6:57:43 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.100.10, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    1/1/2011 12:54:12 AM, Error: Service Control Manager [7034] - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-04 18:12:47
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3320820AS rev.3.AAD
    Running: 0zm6q693.exe; Driver: C:\Users\Hyde\AppData\Local\Temp\uwlcrpoc.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8978A092]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8978A0CE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x8978A0E2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8978A0BA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8978A0A6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8978A054]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E7B599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E9FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? C:\Users\Hyde\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
    AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Driver\ACPI_HAL \Device\0000008b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ??????????N??????A?????D????????????????????HID_Inst????????????????????????????????? ???????{?????????????-??????????E?????????????????6-21-2006???? ?????????????????????-?????????????????f??? ???e???d??????????????????? ???e??????????????????????oem116.inf???????????????????????????????????????????????????E??????????? ????4??????????t??Local Area Connection* 39???????????? ???f???d??????????????????? ???f??????????????????????? ???f???d??????????????????????cs??? ???e??????????????????????? ???e???5???????????????????????????????????.??vi??????????????????{4d36e972-e325-11ce-bfc1-08002be10318}??5????????????1??-4??-4??Microsoft??????????????????d????nettun.inf? En??{4d36e96f-e325-11ce-bfc1-08002be10318}??? [email protected],%gendev_mfg%;(Standard system devices)?????????????????? ??6.1.7600.16385?wal??HID_Mouse_Inst?-30??????????????????oem80.inf:Mfg0:SNC_DDI:7.0.0.5:*sny5001?????.NT?????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0051?????? Z????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????16??Terminal Device Driver???????????????p??6"??????????????????{8498B182-0F29-4CEE-9E36-6B952FEF9210}???????????????????????????z??? ?????????????????????1??????????'?&????????????????????????????????i??????????d4???????????i???e??????????????????l NetBIOS [\Device\NetBT_Tcpip6_{8C11D18F-0F16-4650-A440-237C2B14C619}] DATAGRAM 14?????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F5BE9317-F3F0-4032-BC67-38877E848664}] DATAGRAM 29?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6D93A2AF-B1F9-428A-8216-38B7EC4D385B}] DATAGRAM 22??????????????u???????????4???S??Sy???????????????h??Microsoft???\Device\{60ACC98D-92E7-46E7-9F48-2461BC08AE4F}??????{2be14aa9-0664-11e0-b803-806e6f6e6963}?;Ge??????id???????????????e??????????????????????????????????????? ???????[?????????????,???????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ???|?????????y??????????????????????????????????????????{00000000-0000-0000-ffff-ffffffffffff}???????????????????y???????????}?}?????????|???????????????????4???????4??2&37c186b&0??7????"??|??????????????????????????6.1.7600.16385??????? ???|?????????7?????????????????????}?}?}???}?????|???|?????????y??????????{00000000-0000-0000-ffff-ffffffffffff}??????? ???|???7??????????s???? ???????|?????????????-????????P?????????????s??????????|??????????USB\ROOT_HUB&VID8086&PID27CB&REV0002?USB\ROOT_HUB&VID8086&PID27CB?USB\ROOT_HUB???????????z????????????????????????????m?????? ???????|?????????????-?????????????????f??.NT??????}??? ???????|?????|???????1??L????????? ??????????????|???|???|?????|??? ???????|?????|???????1????????????&???????????????????????? ???????|?????|???????1????????????????????? ???????|???????????y?1????????????????????umbus.inf:Microsoft.NTx86:UmBus_Device:6.1.7600.16385:umb\umbus?????UmBus_Device?????????????????????}?}???????|????? ???????|?????|???????1?????????????????????}?}?????}??? ?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ????????{e606a509-b45f-11df-9838-cbdb44180395}??? ??????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?0}???Microsoft 6to4 Adapter??????? p???????????????????X??????????????????7??????24??? [email protected],%msft%;Microsoft?????????????????????4??????????{4d36e972-e325-11ce-bfc1-08002be10318}??????Microsoft 6to4 Adapter #42??? ??int?lp??????os??????????{4d36e972-e325-11ce-bfc1-08002be10318}?-A5????????????????????????N??????B?????D}???6to4mp.ndi??????????????????????Microsoft???wpdfs.inf????????[email protected]nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?02??Microsoft 6to4 Adapter #39?6?2???????????????????????????3??:r??????????????6-21-2006???? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ???????????????????w?1??????????????????????N??????8?????D?"??? ???????????????????4??????????`????????e???????????????????????7??????????? ???_???d????????????????????*????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ????????????????????????????t???????"???? ????????????????????????????"???k?????????)????????????5??????????????????????? ?????????????? ???????????????????????????????????????????hid_device??????????????{4d36e972-e325-11ce-bfc1-08002be10318}??$???????????tunnel??\c??????????????????????????????????????????? ??????????????????????????????? ???????????????????????????????????????????????????f??ms??{4d36e972-e325-11ce-bfc1-08002be10318}?p?&???????????????????????????p??St?????????????? ?#?????????????????int?????? f?????????????????????????????????????????????????????????????????????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0019?????????????????????????????Microsoft 6to4 Adapter #[email protected],%6to4mp.displayname%;Microsoft 6to4 Adapter?f5??{4d36e972-e325-11ce-bfc1-08002be10318}\0055?? [email protected],%msft%;Microsoft?????????????v??os??nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?a??????????????????????????????os???????z???y??sm?????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] [email protected]??????????????????? ?????????????????????????????????4???????9?&?:?&??????????????????????disk?????????5???5??????????? ?????????????????????1?????????????????????????5???/?/?????????????6???????5????`[email protected]???}???~??? ???????????????????-????????"??????????????????????????????????????????????5???????5??????????????? ???????5?????????????1????????????????????? ???????5?????????????1????????????????????? ???????5?????????????1????????????????????? ???????5?????????????1????????????????????? ???????5?????????????1?????????????????????????????????????????????5?5?5??? ???????5?????????????1????????????????????? ???????5?????????????1????????????????????? ???????5?????????????1???????????????????????5???5???5???5???5???5???5???5?????????5???????????5???.???????.??5&1666745d&0?7????????????????????2??????4?g?4??????????? ???????.?????5???????-??"???&?z????????????3???????5?????????????n????Channel 0???????????????????????? ???????5???????????4?-??????"??????????f???????5 ???????????r?6-?????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ?????????????????????????????????????e??sa??????????????? ???????^?????????????,????????X????????????????????????n??th???????????p????????????X???????????h??????{??????????????"C:\Program Files\iPod\bin\iPodService.exe"??????????????C?????era??iPod Service?n??Keyboard Class Driver????????????n???????????e???????e??????????????t???? ???????|?????col??LocalSystem?va????D??????r?????nFi??????????????????????Keyboard HID Driver????????????????g?????}?{????????Cryptography??????????????????????8???????????h?????????????????????????????????????????????????????t???????????????t???????????????????????????????????????????????????p????????????-??25?????????????g??????:???????????h?????? 0??????????????????????????????????????????????????????????????t??Boot File System????????????????t???????????????????????????????????????????Keyboard Port????????????????????o???????????????????????-???????????e???????????*???*???????????????????????????0???????????????????????????????0??e2???????????????????v?????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ?????????? ????????????e????????????????t?????????????J????????????e????????????????t??????????????????????????????g??????????????8???????????h?????system32\drivers\HTTP.sys?????(?????????p???????ca?????????????????????????????????g????????????????????????????????p???????????????????????*6to4mp??????????e???????????????????????&[email protected]%SystemRoot%\system32\drivers\http.sys,-1????????4???????????h?????RPCSS????6??system32\DRIVERS\intelide.sys?????????????V????????????e????System32\drivers\hwpolicy.sys???????????????????????????????t???????????????????????????????????????????????????????????????System Bus Extender?????????s????????????????/???????????4??????2-?????????????????????????????????????????????????????????????????????????????????????????g??????b????????????e?????????y???y??????????????????31????????????????????????????????????????<???????????h???????????????????,????????????e???????????????g?????????????????????????0????N????????????e??????6??????????????????/?????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???????????????????g??????b????????????e?????????y???y??????????????????31????????????????????????????????????????<???????????h???????????????????,????????????e???????????????g?????????????????????????0????N????????????e??????6??????????????????/??????????????????????????????????Intel Processor Driver???????z??????????????????????????????????????????????system32\DRIVERS\intelppm.sys?ntelppm.sys????{????????????????????????????????????????????????????????????????????????????<?????????????????????????????????????????????????????p????????????????[email protected]%SystemRoot%\system32\ikeext.dll,-501????????Z???????????h?????%systemroot%\system32\svchost.exe -k [email protected]%SystemRoot%\system32\ikeext.dll,-502??????? ??????????????????LocalSystem?????????????????????????????????????t??????????????g???????? ????????????? ??e???????????e????,???????????????????????????????????????????????????????????????????????????????????????????????.????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ????sy??????????????????system32\DRIVERS\kbdclass.sys?bdclass.sys????????????????????????? ??P??????p???NTDS??????8???????????h?????System32\Drivers\ksecdd.sys?????????????????p????????????????????????????????????????e??sa??????????????? ???????^?????????????,????????X????????????????????????n??th???????????p????????????X???????????h??????{??????????????"C:\Program Files\iPod\bin\iPodService.exe"??????????????C?????era??iPod Service?n??Keyboard Class Driver????????????n???????????e???????e??????????????t???? ???????|?????col??LocalSystem?va????D??????r?????nFi??????????????????????Keyboard HID Driver????????????????g?????}?{????????Cryptography??????????????????????8???????????h?????????????????????????????????????????????????????t???????????????t???????????????????????????????????????????????????p????????????-??25?????????????g??????:???????????h?????? 0??????????????????????????????????????????????????????????????t??Boot File System????????????????t???????????????????????????????????????????Keyboard Port??
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ?????????????????1??s|??tunnel???????????&???????????????????????????????????????/??Extended Base???????????????????????????????Keyboard Class??????????????????????????????????????????? ??????????????e????? ??P??????p?????h??????8???|???????????3??sv???????????e??oo??????????System32\drivers\ipnat.sys????????0?????????p?????d?????????????????????????????????????????????????p???????? F?????????????????%SystemRoot%\System32\iphlpsvc.dll??????????????????????????????????? ?????????????????????;??L?????????????57???????+???????????????????????d?????????V2A????N???????????h??????????????????????????????q???q??x???????????????oa??? H?????????????????2001:0:4137:9e74:843:1a2c:9ea5:7aca?????????????FSFilter Virtualization?????????????????????????????????????Net?t????????????o??????????????????x???p??????????????????e????????ys??????????????????????????????t???????????????????????????? ??????????????? ??????????????????????????????????????????p?????????????????????&?????????)?????\????????????n????Extended base??????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ????????FSFilter Virtualization?????????????????????????????????????Net?t????????????o??????????????????x???p??????????????????e????????ys??????????????????????????????t???????????????????????????? ??????????????? ??????????????????????????????????????????p?????????????????????&?????????)?????\????????????n????Extended base????????????????????????????????[email protected]%systemroot%\system32\drivers\luafv.sys,-100???????????????t?????(?????????p???????????????s???????????????????????t?????6???????????h?????????????????????????????????????????Pointer Class?????????????????????????P????????????n?????????????????????????????????????????????&??????????????????system32\DRIVERS\mrxsmb10.sys???system32\DRIVERS\[email protected]%systemroot%\system32\wkssvc.dll,-1004??????????????????????????????????/[email protected]%systemroot%\system32\wkssvc.dll,-1005???????????????????????????<?????????????????[email protected]??????(?????e????????????????????????????p???system32\DRIVERS\msisadrv.sys??????????

    ---- EOF - GMER 1.0.15 ----
     
  2. Hyde676

    Hyde676 Thread Starter

    Joined:
    Jun 1, 2010
    Messages:
    9
    Can someone please check if there is still something wrong with my computer?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972727

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice