0

You ran the wrong program, you were supposed to run the DDS Scanner, from the Read me sticky, not the TDSSKILLER, that can be removed you don't need that program anymore.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Auberey at 23:04:15.94 on Mon 03/28/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.5.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.976 [GMT -4:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre1.5.0_22\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\Auberey\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {744EC540-7CAC-4B6A-8581-CBD7CC81024B} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_22\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E1FF080D-12A3-439A-A2EF-4BA95A3148E8} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_22\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\auberey\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {0AD67A1E-902B-4DB9-876E-7B2FF7001D94} = 156.154.70.22,156.154.71.22
TCP: {E1C2A72B-9DEE-4DDD-B40A-9BFBD8DB3849} = 156.154.70.22,156.154.71.22
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs:
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\auberey\appdata\roaming\mozilla\firefox\profiles\kqw78h9r.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\users\auberey\appdata\roaming\mozilla\firefox\profiles\kqw78h9r.default\extensions\{5a64f979-2f93-4707-884b-1003bdf91fe4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\auberey\appdata\roaming\mozilla\firefox\profiles\kqw78h9r.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\auberey\appdata\roaming\mozilla\firefox\profiles\kqw78h9r.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\auberey\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\auberey\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\auberey\appdata\roaming\mozilla\firefox\profiles\kqw78h9r.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\users\auberey\appdata\roaming\mozilla\firefox\profiles\kqw78h9r.default\extensions\wildpocketsloader@simopsstudios.com\plugins\npWildPocketsLoader.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 61440]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-10-2 93544]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-9-18 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-18 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-31 4463400]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-10-27 4232704]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-9-16 227328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;"c:\cfusionmx7\runtime\bin\jrunsvc.exe" --> c:\cfusionmx7\runtime\bin\jrunsvc.exe [?]
S2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;"c:\cfusionmx7\verity\k2\_nti40\bin\k2admin.exe" -cfg "c:\cfusionmx7\verity\k2\common\verity.cfg" -ntstart 1 --> c:\cfusionmx7\verity\k2\_nti40\bin\k2admin.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-16 59552]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-9-18 21504]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 12872]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-10-27 722288]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-12-6 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-03-29 02:43:20 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{082c78d8-48a7-4a5a-8871-724855270bc1}\mpengine.dll
2011-03-29 02:20:01 -------- d-----w- c:\program files\COMODO
2011-03-28 13:52:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-03-28 13:52:39 389632 ----a-w- c:\windows\system32\html.iec
2011-03-28 13:52:33 834048 ----a-w- c:\windows\system32\wininet.dll
2011-03-28 13:13:48 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-03-28 03:14:46 -------- d-----w- c:\program files\Belarc
2011-03-28 02:00:05 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-03-27 16:19:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-27 16:19:53 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-27 16:19:53 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-27 16:19:53 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-27 16:19:53 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-27 16:19:53 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-27 16:19:53 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-27 16:19:53 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-27 14:16:24 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2011-03-23 08:43:30 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 08:43:30 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 08:43:29 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-19 22:19:48 -------- d-----w- c:\users\auberey\2011-03-19 tie dye
2011-03-17 16:02:01 -------- d-----w- c:\users\auberey\appdata\local\Adobe
2011-03-17 12:55:02 -------- d-----w- c:\users\auberey\appdata\local\Apple
2011-03-12 16:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-11 01:58:48 -------- d-----w- c:\users\auberey\appdata\local\Sun
2011-03-09 02:15:46 0 ----a-w- C:\jre-6u24-windows-i586-s.exe
2011-03-08 22:58:59 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 22:58:59 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 22:58:58 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 22:58:57 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-08 22:58:54 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 22:58:53 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 01:19:09 -------- d-----w- c:\program files\EventLog
2011-03-03 03:54:30 -------- d-----w- c:\program files\Citrix
2011-03-03 03:54:15 -------- d-----w- c:\users\auberey\appdata\local\Citrix
2011-03-03 00:04:09 -------- d-----w- c:\users\auberey\appdata\local\Opera
2011-02-28 20:56:16 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-28 20:54:51 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-28 20:54:51 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-28 20:54:51 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-28 20:54:47 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-28 20:54:46 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-28 20:54:36 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-02-28 20:54:36 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-02-28 20:54:36 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-02-28 20:54:36 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-02-28 20:54:36 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-02-28 20:54:34 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-28 20:54:13 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-02-28 20:53:46 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-28 20:53:46 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-28 20:53:46 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-28 20:53:45 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-28 20:53:45 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-28 20:53:45 1181696 ----a-w- c:\windows\system32\WsmSvc.dll

==================== Find3M ====================

2011-03-15 14:21:51 3766 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 23:05:14.34 ===============

0

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/16/2008 8:18:56 PM
System Uptime: 3/28/2011 10:20:37 PM (1 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | N/A | 1833/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 166.254 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel

Class GUID:
Description:
Device ID: ACPI\SNY5001\4&6F653EC&0
Manufacturer:
Name:
PNP Device ID: ACPI\SNY5001\4&6F653EC&0
Service:

==== System Restore Points ===================


==== Installed Programs ======================


Acrobat.com
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 9.4.3
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.6 (Unicode)
Bandisoft MPEG-1 Decoder
Belarc Advisor 8.1
Bluetooth Stack for Windows by Toshiba
Bonjour
Compatibility Pack for the 2007 Office system
Content
Corel Painter 11
Corel Painter 11 - ICA
Corel Painter 11 - IPM
Corel Painter X
D3DX10
DAISY ADPCM2 Audio Decoder
EA Download Manager
ESET Online Scanner v3
Express Burn
getPlus(R) for Corel
Google Toolbar for Internet Explorer
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IconHandler 32 bit
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 22
Junk Mail filter update
LAN Setting Utility
Langauge
Licensing Service Install
Macromedia ColdFusion MX 7
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Move Media Player
Mozilla Firefox 4.0 (x86 en-US)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Opera 11.01
Pando Media Booster
QuickTime
Revo Uninstaller 1.91
RFB&D Download Manager
RFB&D ReadHear by gh
Safari
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Setting Utility Series
SOAP3 and XML4
Sony Snymsico for Vista
Sony Utilities DLL
Suite Specific
System Requirements Lab
TopStyle Lite (Version 3.0)
TouchFreeze
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Camera Capture Utility
VAIO Camera Utility
VAIO Central
VAIO Event Service
VAIO Update
VAIO Update 3
Wacom Tablet
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live Sign-in Assistant
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Resource Kit Tools - SubInAcl.exe
Wireless Switch Setting Utility
WYSIWYG Web Builder 5.5
Xara Dreamweaver Extension 1.02
Xara Webstyle 4
Xara Xtreme Pro 4
Xara3D6

==== End Of File ===========================

Edited by khwhitaker: n/a

0

I'm hardly surprised at that.. :). This si a quick one: ==RKU from http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE -start it, select Report tab, Scan, and tick Drivers and Stealth Code. If the generated report contains anything please save it, and post it.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C407000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6307840 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8D004000 C:\Windows\system32\DRIVERS\NETw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x8260F000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8260F000 PnpManager 3907584 bytes
0x8260F000 RAW 3907584 bytes
0x8260F000 WMIxWDM 3907584 bytes
0x81A20000 Win32k 2109440 bytes
0x81A20000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8860C000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8820A000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D801000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x80696000 PCI_PNP9039 1048576 bytes
0x80696000 C:\Windows\System32\Drivers\spmr.sys 1048576 bytes
0x80696000 sptd 1048576 bytes
0x8840E000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D6000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAAEEF000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D904000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA960C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8CA0B000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8CAB7000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8060D000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x88139000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA9713000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAAE85000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x88035000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DC14000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x805B6000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80495000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D587000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8857D000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8D422000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x883A0000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8D48D000 C:\Windows\system32\drivers\ti21sony.sys 249856 bytes (Texas Instruments, ti21sony.sys)
0x8DCCB000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88340000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAAE0C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8871C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8852F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x829C9000 ACPI_HAL 208896 bytes
0x829C9000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAE43E000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x880F7000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x881C0000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8D558000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x88094000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x885BC000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88315000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8CBC4000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA96CC000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAAE5D000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D4CA000 C:\Windows\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0x8876C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x807CD000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAE401000 C:\Windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x8079F000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8837B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8CB44000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8DCA3000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x887A4000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA97CB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8DD62000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x883DD000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8DDBF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x880D9000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA9780000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x884F8000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8DD9C000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA979D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D51A000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAAE45000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8DD12000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D5D3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8DD49000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xAE471000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DC5C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x881AA000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA97B6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8CB8A000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8CBAF000 C:\Windows\system32\DRIVERS\StarPortLite.sys 86016 bytes (Rocket Division Software, StarPort Storage Controller Lite)
0xAAED3000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8CB76000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8DC00000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D4F1000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA9700000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DC80000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA97EC000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x88793000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8856C000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88129000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D53E000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA96BC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x880C1000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8D46F000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CB9F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x88513000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8DD8D000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8875D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8800A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8CB67000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D460000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x88026000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8D47F000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x81C60000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DC72000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88400000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88086000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8DD29000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D9B8000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x88522000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80689000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAAFD7000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xAE432000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8D9DC000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CAAB000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8DD36000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8D504000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D50F000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x885E9000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D5EA000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D5C8000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xAE427000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x887EE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D417000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8801C000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8DD83000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D532000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0x8CBEE000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA96F6000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8DD07000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAAFCD000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xAAFE3000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x887C5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D9C5000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D5F7000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAE4A0000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x885F4000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x81C40000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88600000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80796000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x880D1000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8DD41000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8CBF8000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x807C5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D9E8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D9F0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88755000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x88564000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xAAFEC000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D9D5000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D54E000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8807F000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80405000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAE499000 C:\Users\Auberey\AppData\Local\Temp\mbr.sys 28672 bytes
0x8D9CE000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8DCC5000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x887F9000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAAEEB000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x88019000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8D555000 C:\Windows\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0x8D5F5000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8DD60000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8D53C000 C:\Windows\system32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0x8DD11000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0x8520F1F8 unknown_irp_handler 3592 bytes
0x8520E1F8 unknown_irp_handler 3592 bytes
0x8631D1F8 unknown_irp_handler 3592 bytes
0x87A001F8 unknown_irp_handler 3592 bytes
0x879BA1F8 unknown_irp_handler 3592 bytes
0x863991F8 unknown_irp_handler 3592 bytes
0x863571F8 unknown_irp_handler 3592 bytes
0x848791F8 unknown_irp_handler 3592 bytes
0x863251F8 unknown_irp_handler 3592 bytes
0x87B5A1F8 unknown_irp_handler 3592 bytes
0xB08CC1F8 unknown_irp_handler 3592 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]

0

We did the TDSSKiller, nothing. GMER was run of course to begin and posted in the first post. PP was working here then with her. Combofix wasn't run in this one..was it? I don't think so. That was run in her previous thread in 2009.

0

We did the TDSSKiller, nothing. GMER was run of course to begin and posted in the first post. PP was working here then with her. Combofix wasn't run in this one..was it? I don't think so. That was run in her previous thread in 2009.

I think the combofix was last time.

0

I think the combofix was last time.

Yes, it was in 2009. Never run here at all. This one has centered on Java install problem. PP never asked for it and I didn't. I only asked for TDSSKiller because of the old logs in the other thread, since it was found then and that was before TDSSKiller was available. Didn't think it would find anything but you never know. Heck with THIS computer we evidently know nothing!
Now the new "stuff" with the Word program. Boy! I just don't know!
The only thing I do know at the moment I wouldn't do ANY work using this computer that you aren't willing to lose, the Word problem shows that.

0

So, I updated to the newest version of firefox today and java is now updated and working. So weird right? Why wouldn't it work in any other browser if it was a firefox issue? I always update firefox when it tells me to... Wow, :o maybe it won't stop again! fingers crossed

Here's another "oddity". You posted the above yesterday, note you say, Java is working and UPDATED but in the most recent DDS scan that you just did it says;
J2SE Runtime Environment 5.0 Update 22
No way that it updated if that is what is on the machine. Current version IF it updated should be version 6 Update 24

This is like being in "The Twilight Zone"!!!

The release date for that version in October 29, 2007!

Edited by jholland1964: n/a

0

Here's another "oddity". You posted the above yesterday, note you say, Java is working and UPDATED but in the most recent DDS scan that you just did it says;
J2SE Runtime Environment 5.0 Update 22
No way that it updated if that is what is on the machine. Current version IF it updated should be version 6 Update 24

This is like being in "The Twilight Zone"!!!

The release date for that version in October 29, 2007!

Yes, I know, it makes no sense what so ever. I swear it said it updated to vr. 6, it said it was up to date in the Java console and it worked all day yesterday and it was still working today. I just have new bizarre issues. And the java website still says I don't have working java at all. So go figure.

I guess I just thought it actually updated but it obviously did not. I'm just totally confused by the whole thing.

Edited by khwhitaker: n/a

0

I really hate to say this but honestly think your only option is reformat/reinstall. There are either major infections on there that are stopping anything from seeing them or major damage to very necessary system files probably going back to 2009.
Obviously things are now falling like dominoes and if you look back over the last, I am not sure how long, maybe going clear back to your original thread, which would the a year, things have not really worked correctly probably since then.
You obviously had the TDSS rootkit back then. Thought it was gone, though now I wonder. You installed Avira and Comodo. Then Avira quit, though that honestly could be Comodo doing that. You installed Comodo Av but you have said Windows updates didn't work right and for sure the ones done on March 7th didn't work, that error shows in one of the logs you did for PP. You have had java on, java off, totally uninstalled multiple times, installed multiple times. You said you had Comodo on and off at least one other times. Now since last week Word has become corrupted, or at least some of it's created documents. When opening Word you are getting an error saying Windows live sign in isn't working, that doesn't even have anything to do with Word so even if it isn't working that shouldn't make a difference with Word. You don't even have to have internet connections installed on a computer to use Microsoft Office programs, Word included.
The computer has major, major problems and all of the above are merely the symptoms. This would also have to include the display problems too.

Edited by jholland1964: n/a

0

The computer has major, major problems and all of the above are merely the symptoms.

Yes, I know you are right. I'll just bite the bullet and go ahead and wipe it because the reasons I was holding off are now no longer working anyway. Thanks so much for all your help. I really appreciate your time and effort. You and PP. :)

0

I think you have really fought this long enough, each day it is going to get worse and worse. A reformat/reinstall will really take a few hours IF you have the disks to reinstall everything.
Looking at the DDS log I see these programs that likely need install disks:

Of course your reinstall/rescue disks that you got from Sony.
These should have the drivers on them too. Most of those would likely need updating AFTER everything is on there that brings the computer back to factory.
What you would do is reformat, which would wipe the drive and then reinstall the operating system.

Then reinstall the drivers.You have to do that before the windows updates because for one thing your display will look very odd and also you don't want the Windows Updates offering you generic drivers and it will when it scans for updates and doesn't see them on there.

THEN you would go to Windows Updates and install All the updates that have been released since the computer was manufactured.

THEN update the drivers.

THEN reinstall these programs from their disks:
Microsoft Office Home and Student 2007
Adobe Photoshop CS2
Corel Painter 11
and any others you have disks for, those are just the ones I noticed, especially the Office program. You likely would have to "re-register" that one with Microsoft which is very easy to do online.
Then you would update the Office program.

Then update the others.

THEN do the Java,

THEN do Avira and other security programs.

You would do the security programs AFTER the others to be sure there would be no interference from them.
I would totally stay away from Comodo. There are other firewalls or of course Vista has the built in two way firewall which certainly can be used and honest to god, with Vista, it is so "quirky" you might be better off using that.
DON'T use Windows Defender, it's really a joke.

I will be happy to assist in any way that I can.

Edited by jholland1964: n/a

0

And your DNS lookup is via Comodo, not your ISP. Gee, they are taking over your internet. You really should use the DNS servers given by your ISP.

Edited by gerbil: n/a

0

And your DNS lookup is via Comodo, not your ISP. Gee, they are taking over your internet.

That's like a virus all it's own if that is the case. All of this is really odd, no other word for it!!!
PhilliePhan isn't going to believe all this when he comes back to look around. He left thinking java was working and all was well. He will be stunned to find nothing is working as it should.

Edited by jholland1964: added comment.

0

I must check that it it is not his sptd, judy. They rename every time... sp--.sys. It possibly is that.

Ok, you're losing me here...

0

I am not sure the \Windows key value name AppInit_DLLS should appear with no entry? I might expect this to be used by parts of some AV service or similar... I don't like the Null entry much; it is possible to give a key value name a null entry, and then assign a data to it. I know that if App_Init_Dlls is empty then DDS does not report it.
I have watched this struggle occasionally, from afar... I think the OP has chosen the right course, reinstall. Something is broken, and badly.
kw, maybe you could paste this into a cmd window, and post c:\showkey.text ? Just my curiosity, really...
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v appinit_dlls > c:\showkey.txt

0

kw, maybe you could paste this into a cmd window, and post c:\showkey.text ? Just my curiosity, really...
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v appinit_dlls > c:\showkey.txt

this?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
appinit_dlls REG_SZ C:\Windows\system32\guard32.dll

0

And your DNS lookup is via Comodo, not your ISP. Gee, they are taking over your internet. You really should use the DNS servers given by your ISP.

Gotta disagree with you, my friend :)

Comodo is a really solid FREE security suite. I challenge anyone to find a comparable one that offers all that Comodo does. For free.
I don't recommend things I have little confidence in....

http://www.comodo.com/secure-dns/

For the record, I do not believe that this is a malware issue or solely a Comodo issue, per se. I agree with Judy that something is definitely borked and, if all important data is able to be backed up and the recovery disks are available, a fresh install is probably easiest and least time-consuming.

Like Judy, I too prefer to get to the heart of a mystery - but my time constraints are such that it really isn't feasible and all the waiting between posts really does Karen a disservice.
For that, I apologize.

PP:)

Edited by PhilliePhan: spelling

0

Like Judy, I too prefer to get to the heart of a mystery - but my time constraints are such that it really isn't feasible and all the waiting between posts really does Karen a disservice.
For that, I apologize.

PP:)

No apologies, you have been wonderful. You and Judy both. I will do the reinstall of windows over the weekend, that way we can get through the remainder of the school week and I'll have more time to mess around with it. Thanks again, do I close this out or wait and see if I have reinstall issues? I'm praying I won't, but...

Edited by khwhitaker: n/a

0

You can wait if you want and see if anything comes up during or after the reinstall.
We tried and guess that's all we can say.

0

Yes. kh, that is what I wanted to see, that key query result. I use Comodo, and I was puzzled as to why guard32.dll was not listed in your DDS log instead of a blank.
Thanks.

0

PP, I cannot comment on Comodo's worth... should be good.. I lost the address of a german ratings group whose work I valued, cannot seem to find them via searches. As far as reinstalling goes, well, I would have done it weeks back, it is just a night's work, it is what I said yest? I, too, am often uncomfortable with the time span of some solutions/quests, I wonder at the resilience of the OPs, but that's how it can be with solution sites, time zones, work commitments... As an OP I'd not last a week! But that is not to underestimate the value of these sites.. helpers often put in a lot more effort than someone could reasonably afford to pay for; the help, too, can be of higher quality.
Comodo doing the DNS lookup is just their way of safeguarding browsers from bad web addresses instead of using a referral service like that of others. Upon reflection, I don't know why I edited in that kh should use the DNS server supplied by her ISP.
I did have a somewhat similar issue with a friend's sys and Java several weeks ago; it would not update, the installer would run and halt with an error message; this continued even after uninstallation of the loaded Java, running JavaRa.... I eventually solved it by judicious key deletions {JavaRa leaves heaps], but did not identify the culprit; it was a key, or number of.
But anyway...

Edited by gerbil: n/a

0

ok, I feel super dumb, it is not letting me do a restore of the C drive. This is what the Sony site instructions said to choose but it is coming up with an error. It says that the recovery drive letter is the same as the system drive letter. I thought this was why I had purchased the recover disks. Nothing can be easy on this computer and I feel really dumb. There is a Restore complete system option, should I choose this?

0

ok, I feel super dumb, it is not letting me do a restore of the C drive. This is what the Sony site instructions said to choose but it is coming up with an error. It says that the recovery drive letter is the same as the system drive letter. I thought this was why I had purchased the recover disks. Nothing can be easy on this computer and I feel really dumb. There is a Restore complete system option, should I choose this?

Yes, you do want to restore the complete system.

What are the names of these disks?

0

Yes, you do want to restore the complete system.

What are the names of these disks?

Sony Vaio Recovery Media Kit, it is what they told me I needed to repair or reinstall Windows Vista since the computer did not come with disks and it would not allow me to make recovery disks last year when I tried.

0

How many disks and what is the name of each? It should give information of what is on each disk. Did instructions come with it?

0

How many disks and what is the name of each? It should give information of what is on each disk. Did instructions come with it?

3 disks, no explanations or descriptions on them, and minimal generic instructions that take you into the recovery system, which gives you choices of

System Restore
Vaio hardware diagnosis
Restore C drive
Restore complete system
Rescue data
wipe and erase data

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.