Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Alert pop up. Cannot get automatic updates.


  • This topic is locked This topic is locked
19 replies to this topic

#1 Zera

Zera

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 14 April 2011 - 10:45 PM

A few days ago Windows Security alert came up, and since then I cannot get automatic updates from windows at all. I ran MSE, Mbam, kapersky, spybot, and none of them are detecting anything.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Administrator at 20:23:08.26 on Thu 04/14/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.3086 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.trendmicro.com/go/hjt/win9x//?hjtver=2.0.2&winver=Windows%20NT%205.01.2600&iever=7.0.5730.13
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file:///C:/Program%20Files/Gateway/Do%20More/DoMoreRunExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 31932732;31932732 Boot Guard Driver;c:\windows\system32\drivers\31932732.sys [2011-4-13 37392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-13 218176]
S1 31932731;31932731;c:\windows\system32\drivers\31932731.sys [2011-4-13 128016]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S1 MpKsl5ec4c7a2;MpKsl5ec4c7a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3707ade-2c4f-4aa4-9a7f-937f6b56cca2}\mpksl5ec4c7a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3707ade-2c4f-4aa4-9a7f-937f6b56cca2}\MpKsl5ec4c7a2.sys [?]
S1 MpKsl83e64d48;MpKsl83e64d48;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5246d347-c2e8-4f0c-93af-8282036d828c}\mpksl83e64d48.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5246d347-c2e8-4f0c-93af-8282036d828c}\MpKsl83e64d48.sys [?]
S1 MpKsla7594dfe;MpKsla7594dfe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48cb0375-a357-477c-83ed-fbf54d896a4f}\mpksla7594dfe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48cb0375-a357-477c-83ed-fbf54d896a4f}\MpKsla7594dfe.sys [?]
S1 MpKsle3687fd9;MpKsle3687fd9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5246d347-c2e8-4f0c-93af-8282036d828c}\mpksle3687fd9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5246d347-c2e8-4f0c-93af-8282036d828c}\MpKsle3687fd9.sys [?]
S1 setup_9.0.0.722_14.04.2011_06-50drv;setup_9.0.0.722_14.04.2011_06-50drv;c:\windows\system32\drivers\3193273.sys [2011-4-13 315408]
S2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-2-19 2304]
S2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [1998-11-27 6144]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2002-9-3 14336]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S3 utm3mjg4;AVZ Kernel Driver;\??\c:\windows\system32\drivers\utm3mjg4.sys --> c:\windows\system32\drivers\utm3mjg4.sys [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-27 1399680]
.
=============== Created Last 30 ================
.
2011-04-14 06:08:57 37392 ----a-w- c:\windows\system32\drivers\31932732.sys
2011-04-14 06:08:57 315408 ----a-w- c:\windows\system32\drivers\3193273.sys
2011-04-14 06:08:57 128016 ----a-w- c:\windows\system32\drivers\31932731.sys
2011-04-13 07:50:28 -------- d-----w- c:\program files\Ace of Spades
2011-04-13 01:10:43 -------- d-----w- c:\program files\Yahoo!
2011-04-09 09:58:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nexon
2011-04-09 09:46:49 -------- d-----w- c:\program files\common files\DirectX
2011-04-09 07:04:13 -------- d-----w- C:\_backupD
2011-04-07 23:01:52 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{731b1c25-18f7-4bcf-ae81-eac2baeb456d}\mpengine.dll
2011-04-06 21:17:22 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-06 21:17:22 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-06 05:05:01 280286 ----a-w- C:\win32delfkil.exe
2011-04-06 05:04:59 90112 ----a-w- c:\windows\system32\regdacl.exe
2011-04-06 05:04:59 53248 ----a-w- c:\windows\system32\process.exe
2011-04-06 05:04:59 42496 ----a-w- c:\windows\system32\swreg.exe
2011-04-06 05:04:59 4096 ----a-w- c:\windows\system32\reboot.exe
2011-04-06 05:04:59 16384 ----a-w- c:\windows\system32\restart.exe
2011-04-06 05:04:59 -------- d-----w- c:\windows\system32\regdacl
2011-04-03 06:51:26 0 ----a-w- c:\windows\Dsiboxazexowa.bin
2011-04-03 01:24:44 -------- d-----w- c:\program files\Gravity
2011-03-29 02:55:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-28 06:36:20 -------- d-----w- C:\my flashes
2011-03-26 17:46:47 -------- d-----w- C:\Games
2011-03-26 17:46:23 -------- d-----w- c:\program files\GeMM
2011-03-26 09:00:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\LAG
2011-03-26 09:00:05 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
2011-03-25 07:37:26 -------- d-----w- c:\program files\Bethesda Softworks
2011-03-23 07:48:52 -------- d-----w- c:\windows\system32\xlive
2011-03-23 07:48:51 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
.
==================== Find3M ====================
.
2011-04-09 02:18:43 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 02:18:43 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-07 02:37:45 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-23 03:03:21 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-10 23:58:17 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-06 22:56:12 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-02-06 22:56:12 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-02-06 22:56:12 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-02-04 23:21:45 2829 ----a-w- c:\windows\DIIUnin.pif
2011-02-04 23:21:44 94208 ----a-w- c:\windows\DIIUnin.exe
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-27 07:05:58 17252352 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-27 07:01:02 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-27 07:00:56 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-27 06:59:38 4636672 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-27 06:52:48 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-27 06:51:44 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-01-27 06:42:02 4029824 ----a-w- c:\windows\system32\ati3duag.dll
2011-01-27 06:41:32 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-01-27 06:35:06 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2011-01-27 06:32:14 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-27 06:32:00 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-27 06:31:52 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-01-27 06:31:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-27 06:31:30 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-01-27 06:30:10 638976 ----a-w- c:\windows\system32\ati2evxx.exe
2011-01-27 06:28:46 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-01-27 06:27:52 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-27 06:27:08 2673280 ----a-w- c:\windows\system32\ativvaxx.dll
2011-01-27 06:23:52 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-01-27 06:21:34 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-27 06:21:32 483328 ----a-w- c:\windows\system32\atiok3x2.dll
2011-01-27 06:21:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-01-27 06:15:14 847872 ----a-w- c:\windows\system32\ati2cqag.dll
2011-01-27 06:13:00 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-27 06:13:00 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 20:23:48.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:37 AM

Posted 23 April 2011 - 01:21 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Zera

Zera
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 23 April 2011 - 05:43 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lt. Dan at 15:25:01.45 on Sat 04/23/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2773 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lt. Dan\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lt. Dan\Desktop\Vbleep\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SansaDispatch] c:\documents and settings\lt. dan\application data\sandisk\sansa updater\SansaDispatch.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm
IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file:///C:/Program%20Files/Gateway/Do%20More/DoMoreRunExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\lt745a~1.dan\applic~1\mozilla\firefox\profiles\26x2ojhg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z023&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\lt. dan\application data\mozilla\firefox\profiles\26x2ojhg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\lt. dan\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9} - c:\documents and settings\lt. dan\local settings\application data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-17 64512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-13 218176]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl31e93ba1;MpKsl31e93ba1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\MpKsl31e93ba1.sys [2011-4-19 28752]
R1 MpKsl3820ff8e;MpKsl3820ff8e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\MpKsl3820ff8e.sys [2011-4-22 28752]
R1 MpKsl6ca763cf;MpKsl6ca763cf;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\MpKsl6ca763cf.sys [2011-4-20 28752]
R1 MpKslb8a6ba26;MpKslb8a6ba26;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\MpKslb8a6ba26.sys [2011-4-22 28752]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-2-19 2304]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [1998-11-27 6144]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-4-22 33792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-27 1399680]
R4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S1 MpKsl5ec4c7a2;MpKsl5ec4c7a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3707ade-2c4f-4aa4-9a7f-937f6b56cca2}\mpksl5ec4c7a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3707ade-2c4f-4aa4-9a7f-937f6b56cca2}\MpKsl5ec4c7a2.sys [?]
S1 MpKsl83e64d48;MpKsl83e64d48;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5246d347-c2e8-4f0c-93af-8282036d828c}\mpksl83e64d48.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5246d347-c2e8-4f0c-93af-8282036d828c}\MpKsl83e64d48.sys [?]
S1 MpKsla7594dfe;MpKsla7594dfe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48cb0375-a357-477c-83ed-fbf54d896a4f}\mpksla7594dfe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{48cb0375-a357-477c-83ed-fbf54d896a4f}\MpKsla7594dfe.sys [?]
S1 MpKsle3687fd9;MpKsle3687fd9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5246d347-c2e8-4f0c-93af-8282036d828c}\mpksle3687fd9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5246d347-c2e8-4f0c-93af-8282036d828c}\MpKsle3687fd9.sys [?]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S3 utm3mjg4;AVZ Kernel Driver;\??\c:\windows\system32\drivers\utm3mjg4.sys --> c:\windows\system32\drivers\utm3mjg4.sys [?]
S4 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2002-9-3 14336]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 2146496]
.
=============== Created Last 30 ================
.
2011-04-23 05:51:22 -------- d-----w- c:\program files\Magical Jelly Bean
2011-04-23 05:40:14 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\MpKsl3820ff8e.sys
2011-04-23 04:30:44 46592 ----a-w- c:\windows\system32\libusb0.dll
2011-04-23 04:30:44 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-04-23 04:30:44 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2011-04-23 04:30:44 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2011-04-23 04:30:44 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2011-04-22 22:01:05 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\MpKslb8a6ba26.sys
2011-04-21 04:51:49 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\MpKsl6ca763cf.sys
2011-04-19 23:50:57 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\MpKsl31e93ba1.sys
2011-04-18 04:54:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-18 04:28:46 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-18 04:28:36 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-18 04:27:13 -------- d-----w- c:\docume~1\lt745a~1.dan\locals~1\applic~1\Sunbelt Software
2011-04-18 04:26:05 -------- dc----w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-18 04:24:42 -------- d-----w- c:\program files\Lavasoft
2011-04-17 04:51:39 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a50d9feb-5021-455a-9612-02d79d7122d3}\mpengine.dll
2011-04-13 07:50:28 -------- d-----w- c:\program files\Ace of Spades
2011-04-13 01:16:23 -------- d-----w- c:\docume~1\lt745a~1.dan\locals~1\applic~1\Yahoo
2011-04-13 01:15:05 -------- d-----w- c:\docume~1\lt745a~1.dan\locals~1\applic~1\Yahoo!
2011-04-13 01:10:43 -------- d-----w- c:\program files\Yahoo!
2011-04-09 09:58:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nexon
2011-04-09 09:46:49 -------- d-----w- c:\program files\common files\DirectX
2011-04-09 07:04:13 -------- d-----w- C:\_backupD
2011-04-06 21:17:22 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-06 21:17:22 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-06 05:05:01 280286 ----a-w- C:\win32delfkil.exe
2011-04-06 05:04:59 90112 ----a-w- c:\windows\system32\regdacl.exe
2011-04-06 05:04:59 53248 ----a-w- c:\windows\system32\process.exe
2011-04-06 05:04:59 42496 ----a-w- c:\windows\system32\swreg.exe
2011-04-06 05:04:59 4096 ----a-w- c:\windows\system32\reboot.exe
2011-04-06 05:04:59 16384 ----a-w- c:\windows\system32\restart.exe
2011-04-06 05:04:59 -------- d-----w- c:\windows\system32\regdacl
2011-04-03 06:51:26 0 ----a-w- c:\windows\Dsiboxazexowa.bin
2011-04-03 06:51:24 -------- d-----w- c:\docume~1\lt745a~1.dan\locals~1\applic~1\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}
2011-04-03 01:24:44 -------- d-----w- c:\program files\Gravity
2011-03-29 02:56:09 -------- d-----w- c:\docume~1\lt745a~1.dan\applic~1\Red Alert 3
2011-03-29 02:55:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-28 06:36:20 -------- d-----w- C:\my flashes
2011-03-26 17:46:47 -------- d-----w- C:\Games
2011-03-26 17:46:28 -------- d-----w- c:\docume~1\lt745a~1.dan\locals~1\applic~1\FOMM
2011-03-26 17:46:23 -------- d-----w- c:\program files\GeMM
2011-03-26 09:00:13 -------- d-----w- c:\docume~1\lt745a~1.dan\locals~1\applic~1\LAG
2011-03-26 09:00:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\LAG
2011-03-26 09:00:05 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
2011-03-25 07:41:49 -------- d-----w- c:\docume~1\lt745a~1.dan\locals~1\applic~1\FalloutNV
2011-03-25 07:37:26 -------- d-----w- c:\program files\Bethesda Softworks
.
==================== Find3M ====================
.
2011-04-09 02:18:43 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 02:18:43 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-07 02:37:45 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-23 03:03:21 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-10 23:58:36 138056 ----a-w- c:\docume~1\lt745a~1.dan\applic~1\PnkBstrK.sys
2011-02-10 23:58:17 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-06 22:56:12 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-02-06 22:56:12 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-02-06 22:56:12 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-02-04 23:21:45 2829 ----a-w- c:\windows\DIIUnin.pif
2011-02-04 23:21:44 94208 ----a-w- c:\windows\DIIUnin.exe
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-27 07:05:58 17252352 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-27 07:01:02 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-27 07:00:56 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-27 06:59:38 4636672 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-27 06:52:48 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-27 06:51:44 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-01-27 06:42:02 4029824 ----a-w- c:\windows\system32\ati3duag.dll
2011-01-27 06:41:32 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-01-27 06:35:06 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2011-01-27 06:32:14 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-27 06:32:00 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-27 06:31:52 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-01-27 06:31:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-27 06:31:30 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-01-27 06:30:10 638976 ----a-w- c:\windows\system32\ati2evxx.exe
2011-01-27 06:28:46 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-01-27 06:27:52 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-27 06:27:08 2673280 ----a-w- c:\windows\system32\ativvaxx.dll
2011-01-27 06:23:52 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-01-27 06:21:34 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-27 06:21:32 483328 ----a-w- c:\windows\system32\atiok3x2.dll
2011-01-27 06:21:10 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-01-27 06:15:14 847872 ----a-w- c:\windows\system32\ati2cqag.dll
2011-01-27 06:13:00 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-27 06:13:00 64512 ----a-w- c:\windows\system32\amdpcom32.dll
.
============= FINISH: 15:25:17.89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2011 6:36:07 PM
System Uptime: 4/22/2011 10:36:15 PM (17 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D-E LX
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz | LGA1156 | 2808/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 341.923 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 228 GiB total, 20.497 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 228 GiB total, 227.756 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&1F21EBDD&0&00E3
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&1F21EBDD&0&00E3
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Ace of Spades
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Advanced SystemCare 3
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Problem Report Wizard
Battlefield: Bad Company 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Champions Online
Combined Community Codec Pack 2010-10-10
Command & Conquer™ Red Alert™ 3
DAEMON Tools Lite
DAEMON Tools Toolbar
Diablo II
DP8381x 10/100 PCI Network Adapter Driver
Dragon Saga
Easy CD & DVD Creator 6
Fallout Mod Manager 0.13.21
Fallout New Vegas
Fate/stay night English v3.2
Flash Saver
HelpSpot
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Help and Support
IObitCom Toolbar
Java Auto Updater
Java™ 6 Update 23
Killing Floor
Lead and Gold - Gangs of the Wild West
LibUSB-Win32-0.1.10.1
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware
Mass Effect 2
MELTY BLOOD Act Cadenza Ver.B Windows”Ĺ
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Mozilla Firefox (3.6.16)
NVIDIA PhysX
ObjectDock Free
PC-Doctor for Windows
Platform
PunkBuster Services
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Saints Row 2
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SpeedFan (remove only)
Spybot - Search & Destroy
StarCraft II
Steam
StepMania 3.9a (remove only)
System Requirements Lab CYRI
Team Fortress 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
VIA Platform Device Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wanko to Kurasou English v1.0
Warcraft III: All Products
WebFldrs XP
WinAce Archiver
Winamp
Winamp Detector Plug-in
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
4/22/2011 9:32:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the libusbd service.
4/22/2011 7:37:47 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/22/2011 11:12:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort4, did not respond within the timeout period.
4/22/2011 10:50:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1625.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.1625.0&asdelta=1.101.1625.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072f76 Error description: The requested header was not found
4/22/2011 10:50:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1625.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.1625.0&asdelta=1.101.1625.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072f76 Error description: The requested header was not found
4/22/2011 10:50:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1625.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.1625.0&asdelta=1.101.1625.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072f76 Error description: The requested header was not found
4/22/2011 10:50:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1625.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.1625.0&asdelta=1.101.1625.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072f76 Error description: The requested header was not found
4/22/2011 10:50:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1625.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
4/22/2011 10:39:03 PM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The system cannot find the file specified.
4/22/2011 10:39:03 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xB8F8B000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 6742016 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF259000 C:\WINDOWS\System32\ati3duag.dll 4030464 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF9C5000 C:\WINDOWS\System32\ativvaxx.dll 2674688 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA7CEC000 C:\WINDOWS\system32\drivers\viahduaa.sys 1400832 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 847872 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF12F000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9E48000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF1DE000 C:\WINDOWS\System32\atiok3x2.dll 503808 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xA7A45000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB603C000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA7B50000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA480A000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF631000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA4391000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA7C65000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 262144 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xB6001000 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0xA7BF6000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 217088 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA4952000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E1B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7AB5000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6149000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA7B02000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA7CC5000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xA7B2A000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA7E42000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6125000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6102000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB60C2000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 143360 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xA7AE0000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9F11000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB60E5000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 118784 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xA7E66000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 114688 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0xB9E01000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA3E4D000 C:\DOCUME~1\LT745A~1.DAN\LOCALS~1\Temp\pxtdapow.sys 102400 bytes
0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EE8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB60AB000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA4BBF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6171000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA7BA9000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9ED5000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EFF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB609A000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA238000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB6421000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9689000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA1A8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xBA188000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA4CCC000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB9619000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB9609000 C:\WINDOWS\system32\drivers\libusb0.sys 57344 bytes
0xBA108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9679000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB9649000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA208000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB6431000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9659000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB95F9000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA128000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB9629000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA228000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB9669000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB9639000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1C8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA3C42000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA218000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA428000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA3F0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA420000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8031000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA3D0000 C:\DOCUME~1\LT745A~1.DAN\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8071000 C:\WINDOWS\System32\Drivers\dvd_2K.SYS 24576 bytes (Roxio, DVD-RAM AddOn Driver)
0xBA470000 C:\WINDOWS\System32\DRIVERS\IOPORT.SYS 24576 bytes (Erik Salaj, Windows NT I/O port driver)
0xBA490000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8079000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA460000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKsl31e93ba1.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xB8049000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKsl3820ff8e.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA448000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKsl6ca763cf.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA410000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKslb8a6ba26.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA3E0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3E8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA438000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA440000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA430000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA488000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA4375000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xA7C47000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9DB1000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA4E88000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9DC9000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA7C37000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB6272000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA7C4F000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9DC5000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA584000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5F0000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xBA600000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5FE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA602000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA604000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5F2000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5AC000 speedfan.sys 8192 bytes
0xBA636000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA63A000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA747000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7D5000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xBA7D6000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xBA73B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA671000 giveio.sys 4096 bytes
0xB6291000 C:\WINDOWS\system32\HtsysmNT.sys 4096 bytes
0xBA740000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x05F70000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 102400 bytes
0x06B70000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 102400 bytes
0x01260000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 110592 bytes
0x05540000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 110592 bytes
0x06460000 Hidden Image-->Branding.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 110592 bytes
0x00CE0000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x8A32D990 ] PID: 316, 118784 bytes
0x03860000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 118784 bytes
0x07020000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 1232896 bytes
0x049B0000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 167936 bytes
0x06D40000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 1748992 bytes
0x07720000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 192512 bytes
0x05E50000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 208896 bytes
0x05F20000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 217088 bytes
0x07310000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 282624 bytes
0x03600000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x8A32D990 ] PID: 316, 28672 bytes
0x01280000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x8A32D990 ] PID: 316, 28672 bytes
0x01250000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x01280000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x03930000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x03CC0000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x03CE0000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x043F0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x04410000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x04540000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x04560000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x049E0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x04A60000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x04A10000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x04A90000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x04BC0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05170000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x052A0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x053B0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x053C0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05710000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05510000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x055C0000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x055A0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05690000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05680000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x056F0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05770000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05830000 Hidden Image-->atixclib.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05D50000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x06A50000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05D80000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05DD0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05E00000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05F60000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x06130000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x05FF0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x06110000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x06900000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x06910000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x06A70000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 28672 bytes
0x03C50000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x8A32D990 ] PID: 316, 36864 bytes
0x053D0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x03A00000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x038F0000 Hidden Image-->AxInterop.WBOCXLib.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x038B0000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x03B20000 Hidden Image-->Interop.WBOCXLib.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x05160000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x052B0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x05300000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x05390000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x05380000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x05D40000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x05DC0000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x06920000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 36864 bytes
0x073D0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 389120 bytes
0x04940000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 397312 bytes
0x07360000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 405504 bytes
0x07430000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 405504 bytes
0x06890000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 413696 bytes
0x05EB0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 421888 bytes
0x07250000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 421888 bytes
0x011E0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x8A32D990 ] PID: 316, 45056 bytes
0x01250000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x8A32D990 ] PID: 316, 45056 bytes
0x03C40000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x8A32D990 ] PID: 316, 45056 bytes
0x00D50000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 45056 bytes
0x01240000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 45056 bytes
0x032D0000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 45056 bytes
0x03940000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 45056 bytes
0x05290000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 45056 bytes
0x05140000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 45056 bytes
0x04570000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 462848 bytes
0x03920000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x03990000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x03CD0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x04520000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x05120000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x05130000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x05280000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x055B0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x05660000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x06120000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x06A30000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 53248 bytes
0x074A0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 585728 bytes
0x06140000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 593920 bytes
0x038E0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 61440 bytes
0x05310000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 61440 bytes
0x053E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 61440 bytes
0x056A0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 61440 bytes
0x056E0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 61440 bytes
0x07770000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 684032 bytes
0x05D60000 Hidden Image-->APM.Server.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 69632 bytes
0x03890000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 69632 bytes
0x038C0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 69632 bytes
0x055F0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 69632 bytes
0x07750000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 69632 bytes
0x063A0000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 749568 bytes
0x01260000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x8A32D990 ] PID: 316, 77824 bytes
0x032B0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 77824 bytes
0x052C0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 77824 bytes
0x05560000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 77824 bytes
0x05520000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 77824 bytes
0x055D0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 77824 bytes
0x05610000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 77824 bytes
0x05E30000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 77824 bytes
0x05320000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 86016 bytes
0x05580000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 86016 bytes
0x05DE0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 86016 bytes
0x07610000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 888832 bytes
0x03970000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 94208 bytes
0x05340000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.dll [ EPROCESS 0x8AFA37A8 ] PID: 4016, 94208 bytes


Thank you for the help. Since the last post I havent been able to get any windows updates at all. Also the computer has been slowing down and restarting at random times.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:37 AM

Posted 23 April 2011 - 08:31 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Zera

Zera
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 23 April 2011 - 10:09 PM

I did as you said and ran the combofix. It ran for awhile and then restarted my computer, after the restart I cant seem to connect to the internet. Also I tried to connect a flashdrive to bring over the combofix log but it gives me errors saying the flashdrive is corrupt.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:37 AM

Posted 23 April 2011 - 10:16 PM

restart the computer and let me know if it clears up

if not rerun combofix again


gringo

Edited by gringo_pr, 23 April 2011 - 10:16 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Zera

Zera
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 23 April 2011 - 10:41 PM

I restarted the computer and It would not let me connect again. Ran combofix and after it was done internet did not work. restarted one more time and I still have no internet.

#8 Zera

Zera
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 24 April 2011 - 07:50 PM

I actually managed to get a thumb drive to work in safe mode so I have the combofix log.

ComboFix 11-04-23.01 - Lt. Dan 04/23/2011 19:15:01.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2910 [GMT -7:00]
Running from: c:\documents and settings\Lt. Dan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lt. Dan\Application Data\PriceGong
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Lt. Dan\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}
c:\documents and settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}\chrome.manifest
c:\documents and settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}\chrome\content\_cfg.js
c:\documents and settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}\chrome\content\overlay.xul
c:\documents and settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}\install.rdf
c:\windows\system32\Process.exe
c:\windows\system32\restart.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
.
.
2011-04-23 23:28 . 2011-04-23 23:28 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96F12F0E-4B9E-4D47-A9C7-B4FC91B0EE24}\MpKsl633a56d3.sys
2011-04-23 23:26 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96F12F0E-4B9E-4D47-A9C7-B4FC91B0EE24}\mpengine.dll
2011-04-23 05:51 . 2011-04-23 05:51 -------- d-----w- c:\program files\Magical Jelly Bean
2011-04-23 04:30 . 2011-04-23 04:30 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2011-04-23 04:30 . 2005-03-10 03:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2011-04-23 04:30 . 2005-03-10 03:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2011-04-23 04:30 . 2005-03-10 03:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-04-23 04:30 . 2005-03-10 03:50 46592 ----a-w- c:\windows\system32\libusb0.dll
2011-04-18 04:28 . 2011-04-18 04:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-18 04:27 . 2011-04-18 04:27 -------- d-----w- c:\documents and settings\Lt. Dan\Local Settings\Application Data\Sunbelt Software
2011-04-18 04:26 . 2011-04-24 02:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-18 04:24 . 2011-04-24 02:11 -------- d-----w- c:\program files\Lavasoft
2011-04-18 04:24 . 2011-04-24 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-15 04:08 . 2011-04-15 04:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-04-13 07:50 . 2011-04-13 07:52 -------- d-----w- c:\program files\Ace of Spades
2011-04-13 01:16 . 2011-04-13 01:16 -------- d-----w- c:\documents and settings\Lt. Dan\Local Settings\Application Data\Yahoo
2011-04-13 01:14 . 2011-04-14 23:36 -------- d-----w- c:\documents and settings\Lt. Dan\Application Data\Yahoo!
2011-04-13 01:10 . 2011-04-14 23:36 -------- d-----w- c:\program files\Yahoo!
2011-04-09 09:58 . 2011-04-09 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2011-04-09 09:46 . 2011-04-09 09:46 -------- d-----w- c:\program files\Common Files\DirectX
2011-04-09 07:04 . 2011-04-09 07:04 -------- d-----w- C:\_backupD
2011-04-06 21:17 . 2011-04-06 21:30 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-06 21:17 . 2011-04-06 21:30 139264 ----a-w- c:\windows\War3Unin.exe
2011-04-06 21:13 . 2011-04-06 21:37 -------- d-----w- c:\program files\Warcraft III
2011-04-06 05:05 . 2011-04-06 05:04 280286 ----a-w- C:\win32delfkil.exe
2011-04-06 05:04 . 2011-04-09 07:04 4096 ----a-w- c:\windows\system32\reboot.exe
2011-04-06 05:04 . 2011-04-06 05:04 -------- d-----w- c:\windows\system32\regdacl
2011-04-03 07:54 . 2011-04-03 07:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-03 06:51 . 2011-04-03 09:18 0 ----a-w- c:\windows\Dsiboxazexowa.bin
2011-04-03 01:24 . 2011-04-09 09:23 -------- d-----w- c:\program files\Gravity
2011-03-29 02:56 . 2011-03-29 03:47 -------- d-----w- c:\documents and settings\Lt. Dan\Application Data\Red Alert 3
2011-03-29 02:55 . 2011-03-29 02:55 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-28 06:36 . 2011-04-19 06:34 -------- d-----w- C:\my flashes
2011-03-26 17:46 . 2011-03-26 17:46 -------- d-----w- C:\Games
2011-03-26 17:46 . 2011-03-26 17:46 -------- d-----w- c:\documents and settings\Lt. Dan\Local Settings\Application Data\FOMM
2011-03-26 17:46 . 2011-03-26 17:46 -------- d-----w- c:\program files\GeMM
2011-03-26 09:00 . 2011-03-26 09:00 -------- d-----w- c:\documents and settings\Lt. Dan\Local Settings\Application Data\LAG
2011-03-26 09:00 . 2011-03-26 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\LAG
2011-03-26 09:00 . 2011-03-26 09:00 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
2011-03-25 07:41 . 2011-03-25 07:41 -------- d-----w- c:\documents and settings\Lt. Dan\Local Settings\Application Data\FalloutNV
2011-03-25 07:37 . 2011-03-25 07:37 -------- d-----w- c:\program files\Bethesda Softworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 02:18 . 2011-02-10 23:58 140248 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-09 02:18 . 2011-02-10 23:59 266400 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 02:18 . 2011-02-10 23:58 266400 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-07 02:37 . 2011-02-10 23:58 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-15 04:05 . 2011-01-28 19:58 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-23 03:03 . 2011-02-10 23:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-10 23:58 . 2011-02-10 23:58 138056 ----a-w- c:\documents and settings\Lt. Dan\Application Data\PnkBstrK.sys
2011-02-10 23:58 . 2011-02-10 23:58 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-02-09 13:53 . 2002-09-03 13:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-09-03 13:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-06 22:56 . 2011-02-04 23:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-02-06 22:56 . 2011-02-04 23:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-02-06 22:56 . 2011-02-04 23:33 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-02-04 23:21 . 2011-02-04 23:21 2829 ----a-w- c:\windows\DIIUnin.pif
2011-02-04 23:21 . 2011-02-04 23:21 94208 ----a-w- c:\windows\DIIUnin.exe
2011-02-03 01:11 . 2011-01-27 18:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2011-01-12 02:31 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2011-01-12 02:31 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-27 07:34 . 2011-01-12 04:11 6406656 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-01-27 07:05 . 2011-01-12 23:42 17252352 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-27 07:01 . 2011-01-12 23:42 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-27 07:00 . 2011-01-12 23:42 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-27 06:59 . 2011-01-12 23:42 4636672 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-27 06:52 . 2011-01-12 23:42 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-27 06:51 . 2011-01-12 04:11 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-01-27 06:42 . 2011-01-12 04:11 4029824 ----a-w- c:\windows\system32\ati3duag.dll
2011-01-27 06:41 . 2011-01-12 23:42 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-01-27 06:35 . 2011-01-27 06:35 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2011-01-27 06:32 . 2011-01-12 23:42 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-27 06:32 . 2011-01-12 23:42 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-27 06:31 . 2011-01-12 23:42 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-01-27 06:31 . 2011-01-12 23:42 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-27 06:31 . 2011-01-12 23:42 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-01-27 06:30 . 2011-01-12 23:42 638976 ----a-w- c:\windows\system32\ati2evxx.exe
2011-01-27 06:28 . 2011-01-12 23:42 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-01-27 06:27 . 2011-01-12 23:42 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-27 06:27 . 2011-01-12 04:11 2673280 ----a-w- c:\windows\system32\ativvaxx.dll
2011-01-27 06:23 . 2011-01-12 23:41 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-01-27 06:21 . 2011-01-12 23:42 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-27 06:21 . 2011-01-12 23:42 483328 ----a-w- c:\windows\system32\atiok3x2.dll
2011-01-27 06:21 . 2011-01-12 23:42 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-01-27 06:15 . 2011-01-12 04:11 847872 ----a-w- c:\windows\system32\ati2cqag.dll
2011-01-27 06:13 . 2011-01-12 23:42 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-27 06:13 . 2011-01-12 23:42 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-27 06:12 . 2011-01-12 23:42 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-02 01:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-02 2166296]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Lt. Dan\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-03-10 79872]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Lt. Dan^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\Lt. Dan\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-05 00:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 13:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-09-23 02:43 33665024 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 21:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger2004]
2004-03-02 22:33 882688 ----a-w- c:\program files\eVGA\ResChanger2004\ResChanger2004.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-06 00:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-11-26 05:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-10-01 01:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PrismXL"=2 (0x2)
"libusbd"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"xmlprov"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"SerialKeys"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"itlperf"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"WMDM PMSP Service"=2 (0x2)
"wlidsvc"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
"RemoteAccess"=2 (0x2)
"RasMan"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PnkBstrA"=2 (0x2)
"PlugPlay"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"MsMpSvc"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"Dnscache"=2 (0x2)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ALG"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\saints row 2\\SR2_pc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lead and gold gangs of the wild west\\lag_win32_public_dev.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/13/2011 4:32 AM 218176]
R1 MpKsl633a56d3;MpKsl633a56d3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96F12F0E-4B9E-4D47-A9C7-B4FC91B0EE24}\MpKsl633a56d3.sys [4/23/2011 4:28 PM 28752]
R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2/19/2011 2:30 AM 2304]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [11/27/1998 1:57 PM 6144]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [4/22/2011 9:30 PM 33792]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/27/2011 11:21 AM 1399680]
S1 MpKsl31e93ba1;MpKsl31e93ba1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKsl31e93ba1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKsl31e93ba1.sys [?]
S1 MpKsl5ec4c7a2;MpKsl5ec4c7a2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3707ADE-2C4F-4AA4-9A7F-937F6B56CCA2}\MpKsl5ec4c7a2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3707ADE-2C4F-4AA4-9A7F-937F6B56CCA2}\MpKsl5ec4c7a2.sys [?]
S1 MpKsl6ca763cf;MpKsl6ca763cf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKsl6ca763cf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKsl6ca763cf.sys [?]
S1 MpKsl83e64d48;MpKsl83e64d48;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5246D347-C2E8-4F0C-93AF-8282036D828C}\MpKsl83e64d48.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5246D347-C2E8-4F0C-93AF-8282036D828C}\MpKsl83e64d48.sys [?]
S1 MpKsla7594dfe;MpKsla7594dfe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48CB0375-A357-477C-83ED-FBF54D896A4F}\MpKsla7594dfe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48CB0375-A357-477C-83ED-FBF54D896A4F}\MpKsla7594dfe.sys [?]
S1 MpKslb8a6ba26;MpKslb8a6ba26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKslb8a6ba26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A50D9FEB-5021-455A-9612-02D79D7122D3}\MpKslb8a6ba26.sys [?]
S1 MpKsle3687fd9;MpKsle3687fd9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5246D347-C2E8-4F0C-93AF-8282036D828C}\MpKsle3687fd9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5246D347-C2E8-4F0C-93AF-8282036D828C}\MpKsle3687fd9.sys [?]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 utm3mjg4;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utm3mjg4.sys --> c:\windows\system32\Drivers\utm3mjg4.sys [?]
S4 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file:///C:/Program%20Files/Gateway/Do%20More/DoMoreRunExe.CAB
FF - ProfilePath - c:\documents and settings\Lt. Dan\Application Data\Mozilla\Firefox\Profiles\26x2ojhg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z023&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 19:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Lt. Dan\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?1_301.txt</url> </Application_Updater> <Application_Dispatch> <version>1.011</ve
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-651377827-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:19,8e,48,22,48,ab,82,4e,14,dc,5c,cf,dc,a6,04,de,bf,12,7d,bc,07,
e9,de,eb,d0,f6,3c,a1,8c,50,7e,7c,a8,a7,9e,14,92,34,e7,44,7c,b9,30,72,62,93,\
"rkeysecu"=hex:b7,75,0d,3a,83,27,f1,e5,c2,f5,2c,84,36,e2,c6,cd
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-23 19:31:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-24 02:30
.
Pre-Run: 367,700,688,896 bytes free
Post-Run: 367,723,790,336 bytes free
.
- - End Of File - - 187983C5B4BA30019AA8E4C46F45856D


Would you like me to post the combofix log when I restarted the computer as well?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:37 AM

Posted 24 April 2011 - 08:06 PM

Hello

lets try this to get you back online, let me know if it works

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.
  • Double click on WinsockXPFix.exe to open.
  • On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
  • On the ERDNT Welcome screen, click "OK".
  • On the Backup to: screen, click "OK".
  • On the Folder does not exist question screen click "Yes".
  • You will see a status screen as your registry is being backed up.
  • On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  • On the Winsock and TCP Repair Utility screen, click "Fix".
  • On the Apply the VB_Winsock fix? screen click "Yes".
  • The screen will display a status message "repair completed please reboot."
  • On the Repair Completed screen click "OK" to reboot your computer.
  • If your computer was not using DHCP, you will need to reconfigure TCP/IP.
  • You should have connectivity restored.
If you have internet back come back and let me know if not go to next step

Download LSPFix and save to your desktop.
alternate download site
alternate download site
  • Disconnect from the Internet, go to the LSPfix file and extract (unzip) LSP-Fix into its own folder such as C:\lspfix. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.
  • Open the lspfix folder and double-click on LSPFix.exe to start the program.
  • Check the "I know what I am doing" checkbox.
  • Click "Finish" and LSPfix will restore the chain numbers.
  • restart the computer


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Zera

Zera
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 24 April 2011 - 08:52 PM

I did winsock fix and during the registry back up it error'd all of the files it was trying to save. After the reboot I still did not have a connection. I did the second fix and the program said it had nothing to change. I rebooted after that and I still have no connection. Also when I open the device manager it is showing nothing.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:37 AM

Posted 24 April 2011 - 09:10 PM

Check - Reset Proxy settings

Internet Explorer Proxy settings:

  • Open Internet Explorer > click Tools > Internet Options > Connections tab.
  • Click the LAN Settings... button and uncheck "Use a proxy server for your LAN"
    or change the settings to the proxy you normally use if you previously reconfigured it.
  • Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
  • Click OK... then click OK again.
  • Close Internet Explorer and -restart- the computer.
  • An example of how to do this with screenshots can be found >here<

Firefox Proxy settings:

  • Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  • Under the Connection section click on the Settings... button.
  • Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
  • Click OK... then click OK again.
  • Close Firefox and -restart- the computer.
  • An example of how to do this with screenshots can be found >here<

For other browsers, please refer to How to configure browser proxy settings.

flush the DNS:

Can you please flush the DNS:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Zera

Zera
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 24 April 2011 - 09:29 PM

When I try to flush DNS it gives me the error "Could not flush the DNS Resolver Cache: failed during execution.

Also when I restarted the computer I ran the IE network diagnostic tool and I got this "Failed with error 0x80070422. The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:37 AM

Posted 24 April 2011 - 09:45 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\ComboFix-quarantined-files.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Zera

Zera
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 24 April 2011 - 09:53 PM

2011-04-24 02:36:52 . 2011-04-24 02:57:22 72 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\mru.xml.vir
2011-04-24 02:20:39 . 2011-04-24 02:20:39 0 ----a-w- C:\Qoobox\Quarantine\Replicators\Replicator_1.txt
2011-04-24 02:17:46 . 2011-04-24 02:17:46 2,888 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_itlperf.reg.dat
2011-04-24 02:17:46 . 2011-04-24 02:17:46 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ITLPERF.reg.dat
2011-04-24 02:17:40 . 2011-04-24 03:30:47 6,167 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-04-24 02:11:46 . 2011-04-24 03:22:40 184 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-04-06 05:04:59 . 2011-04-09 07:04:04 16,384 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\restart.exe.vir
2011-04-06 05:04:59 . 2011-04-09 07:04:04 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\process.exe.vir
2011-04-03 06:51:25 . 2011-04-03 06:51:25 5,954 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}\chrome\content\overlay.xul.vir
2011-04-03 06:51:25 . 2011-04-03 06:51:25 2,122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}\chrome\content\_cfg.js.vir
2011-04-03 06:51:24 . 2011-04-03 06:51:25 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}\install.rdf.vir
2011-04-03 06:51:24 . 2011-04-03 06:51:24 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Local Settings\Application Data\{5E91EE17-BB9E-4F8F-AED1-375BD4E2A9C9}\chrome.manifest.vir
2011-03-20 18:48:54 . 2011-03-20 18:48:54 43,536 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\w.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 23,296 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\1.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 125,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\a.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 165,160 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\b.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 172,176 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\c.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 105,704 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\d.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 108,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\e.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 60,048 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\f.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 70,624 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\g.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 52,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\h.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 48,336 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\i.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 28,000 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\J.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 28,080 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\k.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 69,168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\l.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 104,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\m.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 36,808 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\n.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 41,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\o.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 96,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\p.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 4,440 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\q.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 36,768 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\r.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 159,760 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\s.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 95,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\t.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 20,960 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\u.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 30,528 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\v.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 2,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\x.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 10,744 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\y.xml.vir
2011-01-05 14:02:22 . 2011-01-05 14:02:22 11,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Lt. Dan\Application Data\PriceGong\Data\z.xml.vir

#15 Zera

Zera
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 25 April 2011 - 10:40 PM

Ok I got the internet working again. I ran msconfig and set it back to default, after it restarted I was able to get windows updates again. I ran Spybot and malwarebytes and it seems fine. Is there anything I should do to make sure that its all fine?

Edited by Zera, 25 April 2011 - 10:40 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users