hi, if you'd look at this, i'd appreciate it. thanks!
symptoms: slow, can't hit internet with chrome or ie 8
i have already run:
* chkdsk c: /f /r - which fixed some stuff
* kaspersky 2010 boot rescue cd (scans from cd) w/updated defs
* avira 2011 boot rescue cd (scans from cd) w/updated defs
* malwarebytes 1.50.1.1100 w/updated defs - only found 1 thing
* flush.bat which resets winsock, dnscache, hosts file, ip configuration
* ie 8, options, advanced tab, reset settings
* uninstalled countless games and crapware from add/remove programs in cp
afterwards, disabled all items in startup of msconfig
"security checkup" results
Results of screen317's Security Check version 0.99.8
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Webroot AntiVirus with Spy Sweeper
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10.0.32.18
Adobe Reader 8.1.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
root repeal drivers
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/02/08 21:06
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80604000 Size: 286720 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8223C000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: Afc.sys
Image Path: C:\Windows\system32\drivers\Afc.sys
Address: 0x8A5CA000 Size: 32768 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8C74E000 Size: 294912 File Visible: - Signed: -
Status: -
Name: amdk8.sys
Image Path: C:\Windows\system32\DRIVERS\amdk8.sys
Address: 0x8A00E000 Size: 65536 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82DA4000 Size: 32768 File Visible: - Signed: -
Status: -
Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82DAC000 Size: 122880 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x82D1C000 Size: 40960 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8C1EE000 Size: 28672 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8041E000 Size: 32768 File Visible: - Signed: -
Status: -
Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x99D02000 Size: 102400 File Visible: - Signed: -
Status: -
Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x948E0000 Size: 57344 File Visible: - Signed: -
Status: -
Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9AB7D000 Size: 90112 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8A5D2000 Size: 98304 File Visible: - Signed: -
Status: -
Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x80467000 Size: 917504 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x807CD000 Size: 135168 File Visible: - Signed: -
Status: -
Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80426000 Size: 266240 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x82D19000 Size: 10496 File Visible: - Signed: -
Status: -
Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8CACA000 Size: 53248 File Visible: - Signed: -
Status: -
Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x82DF1000 Size: 36864 File Visible: - Signed: -
Status: -
Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8CA72000 Size: 94208 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x807BC000 Size: 69632 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8A19F000 Size: 151552 File Visible: - Signed: -
Status: -
Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8CAD7000 Size: 40960 File Visible: No Signed: -
Status: -
Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8CAE1000 Size: 106496 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8CAFB000 Size: 40960 File Visible: - Signed: -
Status: -
Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8B123000 Size: 659456 File Visible: - Signed: -
Status: -
Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x82FD5000 Size: 159744 File Visible: - Signed: -
Status: -
Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0x99C50000 Size: 163840 File Visible: - Signed: -
Status: -
Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x807AC000 Size: 65536 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8077A000 Size: 204800 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8C1DE000 Size: 36864 File Visible: - Signed: -
Status: -
Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8C709000 Size: 110592 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8A5EA000 Size: 21120 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82209000 Size: 208896 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8A101000 Size: 577536 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8CAA9000 Size: 65536 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8A9F4000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8CAA0000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8A509000 Size: 737280 File Visible: - Signed: -
Status: -
Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8A406000 Size: 1060864 File Visible: - Signed: -
Status: -
Name: HSXHWBS2.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWBS2.sys
Address: 0x8A08D000 Size: 303104 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x99C78000 Size: 446464 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8A990000 Size: 45056 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8CAB9000 Size: 36864 File Visible: - Signed: -
Status: -
Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80406000 Size: 28672 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8A0D7000 Size: 172032 File Visible: - Signed: -
Status: -
Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x82E04000 Size: 462848 File Visible: - Signed: -
Status: -
Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8CBE7000 Size: 65536 File Visible: - Signed: -
Status: -
Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8CB14000 Size: 110592 File Visible: - Signed: -
Status: -
Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0x9AA56000 Size: 12672 File Visible: - Signed: -
Status: -
Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8A5BD000 Size: 53248 File Visible: - Signed: -
Status: -
Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8CB05000 Size: 61440 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8A99B000 Size: 45056 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8CAC2000 Size: 32768 File Visible: - Signed: -
Status: -
Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82D94000 Size: 65536 File Visible: - Signed: -
Status: -
Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x99D1B000 Size: 86016 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x99D30000 Size: 135168 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x99D51000 Size: 126976 File Visible: - Signed: -
Status: -
Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x99D70000 Size: 233472 File Visible: - Signed: -
Status: -
Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x99DA9000 Size: 98304 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8A1C4000 Size: 45056 File Visible: - Signed: -
Status: -
Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x80653000 Size: 32768 File Visible: - Signed: -
Status: -
Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8B1D0000 Size: 192512 File Visible: - Signed: -
Status: -
Name: msrpc.sys
Image Path: C:\Windows\system32\DRIVERS\msrpc.sys
Address: 0x806D3000 Size: 176128 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8A9A8000 Size: 40960 File Visible: - Signed: -
Status: -
Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x82FC6000 Size: 61440 File Visible: - Signed: -
Status: -
Name: NDIS.SYS
Image Path: C:\Windows\system32\DRIVERS\NDIS.SYS
Address: 0x82C03000 Size: 1093632 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8A91A000 Size: 45056 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x99C33000 Size: 40960 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8A925000 Size: 143360 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8A18E000 Size: 69632 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8CA0B000 Size: 57344 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8C796000 Size: 204800 File Visible: - Signed: -
Status: -
Name: NETIO.SYS
Image Path: C:\Windows\system32\DRIVERS\NETIO.SYS
Address: 0x806FE000 Size: 241664 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8C608000 Size: 57344 File Visible: - Signed: -
Status: -
Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8CA68000 Size: 40960 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x82E75000 Size: 1114112 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8223C000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8C1E7000 Size: 28672 File Visible: - Signed: -
Status: -
Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8AA01000 Size: 7476704 File Visible: - Signed: -
Status: -
Name: nvmfdx32.sys
Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Address: 0x8A808000 Size: 1025152 File Visible: - Signed: -
Status: -
Name: nvstor.sys
Image Path: C:\Windows\system32\drivers\nvstor.sys
Address: 0x82DCA000 Size: 53248 File Visible: - Signed: -
Status: -
Name: nvstor32.sys
Image Path: C:\Windows\system32\DRIVERS\nvstor32.sys
Address: 0x82DD7000 Size: 106496 File Visible: - Signed: -
Status: -
Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x99C09000 Size: 172032 File Visible: - Signed: -
Status: -
Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8C7DF000 Size: 90112 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8A01E000 Size: 98304 File Visible: - Signed: -
Status: -
Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80682000 Size: 61440 File Visible: - Signed: -
Status: -
Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0x9AA4F000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x8065B000 Size: 159744 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x82D7F000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x82D86000 Size: 57344 File Visible: - Signed: -
Status: -
Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9AA5A000 Size: 909312 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8223C000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8C1B1000 Size: 184320 File Visible: - Signed: -
Status: -
Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8040D000 Size: 69632 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8C616000 Size: 36864 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8A903000 Size: 94208 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8A948000 Size: 61440 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8A957000 Size: 81920 File Visible: - Signed: -
Status: -
Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8A96B000 Size: 86016 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8223C000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8CA2C000 Size: 245760 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8C1F5000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8A800000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9AB93000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x99C3D000 Size: 77824 File Visible: - Signed: -
Status: -
Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8C003000 Size: 1759296 File Visible: - Signed: -
Status: -
Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9AB38000 Size: 40960 File Visible: - Signed: -
Status: -
Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8C73A000 Size: 81920 File Visible: - Signed: -
Status: -
Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x82FBE000 Size: 32768 File Visible: - Signed: -
Status: -
Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8CB37000 Size: 720896 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9AA01000 Size: 319488 File Visible: - Signed: -
Status: -
Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x99DC1000 Size: 163840 File Visible: - Signed: -
Status: -
Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x99CE5000 Size: 118784 File Visible: - Signed: -
Status: -
Name: ssfs0bbc.sys
Image Path: C:\Windows\system32\DRIVERS\ssfs0bbc.sys
Address: 0x8069A000 Size: 45056 File Visible: - Signed: -
Status: -
Name: sshrmd.sys
Image Path: C:\Windows\system32\DRIVERS\sshrmd.sys
Address: 0x80691000 Size: 36864 File Visible: - Signed: -
Status: -
Name: ssidrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssidrv.sys
Address: 0x806A5000 Size: 188416 File Visible: - Signed: -
Status: -
Name: storport.sys
Image Path: C:\Windows\system32\drivers\storport.sys
Address: 0x80739000 Size: 266240 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8A9A6000 Size: 4992 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8C61F000 Size: 958464 File Visible: - Signed: -
Status: -
Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9AB42000 Size: 49152 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x82D0E000 Size: 45056 File Visible: - Signed: -
Status: -
Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8C724000 Size: 90112 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8A980000 Size: 65536 File Visible: - Signed: -
Status: -
Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x948C0000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8A005000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x805F4000 Size: 45056 File Visible: - Signed: -
Status: -
Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8A9B2000 Size: 53248 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8CA89000 Size: 94208 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8C7DD000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8A07E000 Size: 61440 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8A9BF000 Size: 217088 File Visible: - Signed: -
Status: -
Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8A036000 Size: 40960 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8A040000 Size: 253952 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8C7C8000 Size: 86016 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8A5F0000 Size: 49152 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8A1D7000 Size: 135168 File Visible: - Signed: -
Status: -
Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x82D26000 Size: 61440 File Visible: - Signed: -
Status: -
Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82D35000 Size: 303104 File Visible: - Signed: -
Status: -
Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x82F85000 Size: 233472 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8CA19000 Size: 77824 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8B1C4000 Size: 49152 File Visible: - Signed: -
Status: -
Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80547000 Size: 507904 File Visible: - Signed: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x805C3000 Size: 53248 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0x946A0000 Size: 2109440 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x946A0000 Size: 2109440 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x8064A000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8223C000 Size: 3903488 File Visible: - Signed: -
Status: -
Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9AB63000 Size: 73728 File Visible: - Signed: -
Status: -
Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9AB4E000 Size: 83328 File Visible: - Signed: -
Status: -
Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0x9AB75000 Size: 32768 File Visible: - Signed: -
Status: -
root repeal processes
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/02/08 21:06
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\explorer.exe
PID: 200 Status: -
Path: C:\Windows\System32\smss.exe
PID: 424 Status: -
Path: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PID: 464 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 468 Status: -
Path: C:\Windows\System32\csrss.exe
PID: 504 Status: -
Path: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 508 Status: -
Path: C:\Windows\System32\wininit.exe
PID: 556 Status: -
Path: C:\Windows\System32\csrss.exe
PID: 568 Status: -
Path: C:\Windows\System32\services.exe
PID: 600 Status: -
Path: C:\Windows\System32\lsass.exe
PID: 616 Status: -
Path: C:\Windows\System32\lsm.exe
PID: 628 Status: -
Path: C:\Windows\System32\winlogon.exe
PID: 724 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 812 Status: -
Path: C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PID: 860 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 892 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 928 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 984 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1024 Status: -
Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PID: 1084 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1100 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1120 Status: -
Path: C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PID: 1236 Status: -
Path: C:\Windows\System32\audiodg.exe
PID: 1248 Status: Locked to the Windows API!
Path: C:\Windows\System32\svchost.exe
PID: 1272 Status: -
Path: C:\Windows\System32\SLsvc.exe
PID: 1288 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1332 Status: -
Path: C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
PID: 1364 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1480 Status: -
Path: C:\Windows\System32\spoolsv.exe
PID: 1704 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1728 Status: -
Path: C:\Windows\System32\SearchFilterHost.exe
PID: 1772 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 1880 Status: -
Path: C:\Windows\System32\SearchIndexer.exe
PID: 1968 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1972 Status: -
Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1992 Status: -
Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2024 Status: -
Path: C:\Windows\System32\drivers\XAudio.exe
PID: 2052 Status: -
Path: C:\Windows\System32\dwm.exe
PID: 2060 Status: -
Path: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PID: 2084 Status: -
Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PID: 2092 Status: -
Path: C:\Windows\System32\WUDFHost.exe
PID: 2164 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 2780 Status: -
Path: C:\Windows\System32\SearchProtocolHost.exe
PID: 2800 Status: -
Path: J:\NewFolder\RootRepeal.exe
PID: 2920 Status: -
Path: C:\Windows\System32\wbem\unsecapp.exe
PID: 3324 Status: -
Path: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 4004 Status: -
root repeal ssdt
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/02/08 21:06
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked
#: 001 Function Name: NtAccessCheck
Status: Not hooked
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked
#: 003 Function Name: NtAccessCheckByType
Status: Not hooked
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked
#: 008 Function Name: NtAddAtom
Status: Not hooked
#: 009 Function Name: NtAddBootEntry
Status: Not hooked
#: 010 Function Name: NtAddDriverEntry
Status: Not hooked
#: 011 Function Name: NtAdjustGroupsToken
Status: Not hooked
#: 012 Function Name: NtAdjustPrivilegesToken
Status: Not hooked
#: 013 Function Name: NtAlertResumeThread
Status: Not hooked
#: 014 Function Name: NtAlertThread
Status: Not hooked
#: 015 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked
#: 016 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked
#: 017 Function Name: NtAllocateUuids
Status: Not hooked
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x848cdaf8
#: 019 Function Name: NtAlpcAcceptConnectPort
Status: Not hooked
#: 020 Function Name: NtAlpcCancelMessage
Status: Not hooked
#: 021 Function Name: NtAlpcConnectPort
Status: Not hooked
#: 022 Function Name: NtAlpcCreatePort
Status: Not hooked
#: 023 Function Name: NtAlpcCreatePortSection
Status: Not hooked
#: 024 Function Name: NtAlpcCreateResourceReserve
Status: Not hooked
#: 025 Function Name: NtAlpcCreateSectionView
Status: Not hooked
#: 026 Function Name: NtAlpcCreateSecurityContext
Status: Not hooked
#: 027 Function Name: NtAlpcDeletePortSection
Status: Not hooked
#: 028 Function Name: NtAlpcDeleteResourceReserve
Status: Not hooked
#: 029 Function Name: NtAlpcDeleteSectionView
Status: Not hooked
#: 030 Function Name: NtAlpcDeleteSecurityContext
Status: Not hooked
#: 031 Function Name: NtAlpcDisconnectPort
Status: Not hooked
#: 032 Function Name: NtAlpcImpersonateClientOfPort
Status: Not hooked
#: 033 Function Name: NtAlpcOpenSenderProcess
Status: Not hooked
#: 034 Function Name: NtAlpcOpenSenderThread
Status: Not hooked
#: 035 Function Name: NtAlpcQueryInformation
Status: Not hooked
#: 036 Function Name: NtAlpcQueryInformationMessage
Status: Not hooked
#: 037 Function Name: NtAlpcRevokeSecurityContext
Status: Not hooked
#: 038 Function Name: NtAlpcSendWaitReceivePort
Status: Not hooked
#: 039 Function Name: NtAlpcSetInformation
Status: Not hooked
#: 040 Function Name: NtApphelpCacheControl
Status: Not hooked
#: 041 Function Name: NtAreMappedFilesTheSame
Status: Not hooked
#: 042 Function Name: NtAssignProcessToJobObject
Status: Not hooked
#: 043 Function Name: NtCallbackReturn
Status: Not hooked
#: 044 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 045 Function Name: NtCancelIoFile
Status: Not hooked
#: 046 Function Name: NtCancelTimer
Status: Not hooked
#: 047 Function Name: NtClearEvent
Status: Not hooked
#: 048 Function Name: NtClose
Status: Not hooked
#: 049 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked
#: 050 Function Name: NtCompactKeys
Status: Not hooked
#: 051 Function Name: NtCompareTokens
Status: Not hooked
#: 052 Function Name: NtCompleteConnectPort
Status: Not hooked
#: 053 Function Name: NtCompressKey
Status: Not hooked
#: 054 Function Name: NtConnectPort
Status: Not hooked
#: 055 Function Name: NtContinue
Status: Not hooked
#: 056 Function Name: NtCreateDebugObject
Status: Not hooked
#: 057 Function Name: NtCreateDirectoryObject
Status: Not hooked
#: 058 Function Name: NtCreateEvent
Status: Not hooked
#: 059 Function Name: NtCreateEventPair
Status: Not hooked
#: 060 Function Name: NtCreateFile
Status: Not hooked
#: 061 Function Name: NtCreateIoCompletion
Status: Not hooked
#: 062 Function Name: NtCreateJobObject
Status: Not hooked
#: 063 Function Name: NtCreateJobSet
Status: Not hooked
#: 064 Function Name: NtCreateKey
Status: Not hooked
#: 065 Function Name: NtCreateKeyTransacted
Status: Not hooked
#: 066 Function Name: NtCreateMailslotFile
Status: Not hooked
#: 067 Function Name: NtCreateMutant
Status: Not hooked
#: 068 Function Name: NtCreateNamedPipeFile
Status: Not hooked
#: 069 Function Name: NtCreatePrivateNamespace
Status: Not hooked
#: 070 Function Name: NtCreatePagingFile
Status: Not hooked
#: 071 Function Name: NtCreatePort
Status: Not hooked
#: 072 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x83e6a620
#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x848cdfa8
#: 074 Function Name: NtCreateProfile
Status: Not hooked
#: 075 Function Name: NtCreateSection
Status: Not hooked
#: 076 Function Name: NtCreateSemaphore
Status: Not hooked
#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x848cddc8
#: 079 Function Name: NtCreateTimer
Status: Not hooked
#: 080 Function Name: NtCreateToken
Status: Not hooked
#: 081 Function Name: NtCreateTransaction
Status: Not hooked
#: 082 Function Name: NtOpenTransaction
Status: Not hooked
#: 083 Function Name: NtQueryInformationTransaction
Status: Not hooked
#: 084 Function Name: NtQueryInformationTransactionManager
Status: Not hooked
#: 085 Function Name: NtPrePrepareEnlistment
Status: Not hooked
#: 086 Function Name: NtPrepareEnlistment
Status: Not hooked
#: 087 Function Name: NtCommitEnlistment
Status: Not hooked
#: 088 Function Name: NtReadOnlyEnlistment
Status: Not hooked
#: 089 Function Name: NtRollbackComplete
Status: Not hooked
#: 090 Function Name: NtRollbackEnlistment
Status: Not hooked
#: 091 Function Name: NtCommitTransaction
Status: Not hooked
#: 092 Function Name: NtRollbackTransaction
Status: Not hooked
#: 093 Function Name: NtPrePrepareComplete
Status: Not hooked
#: 094 Function Name: NtPrepareComplete
Status: Not hooked
#: 095 Function Name: NtCommitComplete
Status: Not hooked
#: 096 Function Name: NtSinglePhaseReject
Status: Not hooked
#: 097 Function Name: NtSetInformationTransaction
Status: Not hooked
#: 098 Function Name: NtSetInformationTransactionManager
Status: Not hooked
#: 099 Function Name: NtSetInformationResourceManager
Status: Not hooked
#: 100 Function Name: NtCreateTransactionManager
Status: Not hooked
#: 101 Function Name: NtOpenTransactionManager
Status: Not hooked
#: 102 Function Name: NtRenameTransactionManager
Status: Not hooked
#: 103 Function Name: NtRollforwardTransactionManager
Status: Not hooked
#: 104 Function Name: NtRecoverEnlistment
Status: Not hooked
#: 105 Function Name: NtRecoverResourceManager
Status: Not hooked
#: 106 Function Name: NtRecoverTransactionManager
Status: Not hooked
#: 107 Function Name: NtCreateResourceManager
Status: Not hooked
#: 108 Function Name: NtOpenResourceManager
Status: Not hooked
#: 109 Function Name: NtGetNotificationResourceManager
Status: Not hooked
#: 110 Function Name: NtQueryInformationResourceManager
Status: Not hooked
#: 111 Function Name: NtCreateEnlistment
Status: Not hooked
#: 112 Function Name: NtOpenEnlistment
Status: Not hooked
#: 113 Function Name: NtSetInformationEnlistment
Status: Not hooked
#: 114 Function Name: NtQueryInformationEnlistment
Status: Not hooked
#: 115 Function Name: NtCreateWaitablePort
Status: Not hooked
#: 116 Function Name: NtDebugActiveProcess
Status: Not hooked
#: 117 Function Name: NtDebugContinue
Status: Not hooked
#: 118 Function Name: NtDelayExecution
Status: Not hooked
#: 119 Function Name: NtDeleteAtom
Status: Not hooked
#: 120 Function Name: NtDeleteBootEntry
Status: Not hooked
#: 121 Function Name: NtDeleteDriverEntry
Status: Not hooked
#: 122 Function Name: NtDeleteFile
Status: Not hooked
#: 123 Function Name: NtDeleteKey
Status: Not hooked
#: 124 Function Name: NtDeletePrivateNamespace
Status: Not hooked
#: 125 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked
#: 126 Function Name: NtDeleteValueKey
Status: Not hooked
#: 127 Function Name: NtDeviceIoControlFile
Status: Not hooked
#: 128 Function Name: NtDisplayString
Status: Not hooked
#: 129 Function Name: NtDuplicateObject
Status: Not hooked
#: 130 Function Name: NtDuplicateToken
Status: Not hooked
#: 131 Function Name: NtEnumerateBootEntries
Status: Not hooked
#: 132 Function Name: NtEnumerateDriverEntries
Status: Not hooked
#: 133 Function Name: NtEnumerateKey
Status: Not hooked
#: 134 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked
#: 135 Function Name: NtEnumerateTransactionObject
Status: Not hooked
#: 136 Function Name: NtEnumerateValueKey
Status: Not hooked
#: 137 Function Name: NtExtendSection
Status: Not hooked
#: 138 Function Name: NtFilterToken
Status: Not hooked
#: 139 Function Name: NtFindAtom
Status: Not hooked
#: 140 Function Name: NtFlushBuffersFile
Status: Not hooked
#: 141 Function Name: NtFlushInstructionCache
Status: Not hooked
#: 142 Function Name: NtFlushKey
Status: Not hooked
#: 143 Function Name: NtFlushProcessWriteBuffers
Status: Not hooked
#: 144 Function Name: NtFlushVirtualMemory
Status: Not hooked
#: 145 Function Name: NtFlushWriteBuffer
Status: Not hooked
#: 146 Function Name: NtFreeUserPhysicalPages
Status: Not hooked
#: 147 Function Name: NtFreeVirtualMemory
Status: Not hooked
#: 148 Function Name: NtFreezeRegistry
Status: Not hooked
#: 149 Function Name: NtFreezeTransactions
Status: Not hooked
#: 150 Function Name: NtFsControlFile
Status: Not hooked
#: 151 Function Name: NtGetContextThread
Status: Not hooked
#: 152 Function Name: NtGetDevicePowerState
Status: Not hooked
#: 153 Function Name: NtGetNlsSectionPtr
Status: Not hooked
#: 154 Function Name: NtGetPlugPlayEvent
Status: Not hooked
#: 155 Function Name: NtGetWriteWatch
Status: Not hooked
#: 156 Function Name: NtImpersonateAnonymousToken
Status: Not hooked
#: 157 Function Name: NtImpersonateClientOfPort
Status: Not hooked
#: 158 Function Name: NtImpersonateThread
Status: Not hooked
#: 159 Function Name: NtInitializeNlsFiles
Status: Not hooked
#: 160 Function Name: NtInitializeRegistry
Status: Not hooked
#: 161 Function Name: NtInitiatePowerAction
Status: Not hooked
#: 162 Function Name: NtIsProcessInJob
Status: Not hooked
#: 163 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked
#: 164 Function Name: NtListenPort
Status: Not hooked
#: 165 Function Name: NtLoadDriver
Status: Not hooked
#: 166 Function Name: NtLoadKey
Status: Not hooked
#: 167 Function Name: NtLoadKey2
Status: Not hooked
#: 168 Function Name: NtLoadKeyEx
Status: Not hooked
#: 169 Function Name: NtLockFile
Status: Not hooked
#: 170 Function Name: NtLockProductActivationKeys
Status: Not hooked
#: 171 Function Name: NtLockRegistryKey
Status: Not hooked
#: 172 Function Name: NtLockVirtualMemory
Status: Not hooked
#: 173 Function Name: NtMakePermanentObject
Status: Not hooked
#: 174 Function Name: NtMakeTemporaryObject
Status: Not hooked
#: 175 Function Name: NtMapUserPhysicalPages
Status: Not hooked
#: 176 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked
#: 177 Function Name: NtMapViewOfSection
Status: Not hooked
#: 178 Function Name: NtModifyBootEntry
Status: Not hooked
#: 179 Function Name: NtModifyDriverEntry
Status: Not hooked
#: 180 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked
#: 181 Function Name: NtNotifyChangeKey
Status: Not hooked
#: 182 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked
#: 183 Function Name: NtOpenDirectoryObject
Status: Not hooked
#: 184 Function Name: NtOpenEvent
Status: Not hooked
#: 185 Function Name: NtOpenEventPair
Status: Not hooked
#: 186 Function Name: NtOpenFile
Status: Not hooked
#: 187 Function Name: NtOpenIoCompletion
Status: Not hooked
#: 188 Function Name: NtOpenJobObject
Status: Not hooked
#: 189 Function Name: NtOpenKey
Status: Not hooked
#: 190 Function Name: NtOpenKeyTransacted
Status: Not hooked
#: 191 Function Name: NtOpenMutant
Status: Not hooked
#: 192 Function Name: NtOpenPrivateNamespace
Status: Not hooked
#: 193 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked
#: 194 Function Name: NtOpenProcess
Status: Not hooked
#: 195 Function Name: NtOpenProcessToken
Status: Not hooked
#: 196 Function Name: NtOpenProcessTokenEx
Status: Not hooked
#: 197 Function Name: NtOpenSection
Status: Not hooked
#: 198 Function Name: NtOpenSemaphore
Status: Not hooked
#: 199 Function Name: NtOpenSession
Status: Not hooked
#: 200 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked
#: 201 Function Name: NtOpenThread
Status: Not hooked
#: 202 Function Name: NtOpenThreadToken
Status: Not hooked
#: 203 Function Name: NtOpenThreadTokenEx
Status: Not hooked
#: 204 Function Name: NtOpenTimer
Status: Not hooked
#: 205 Function Name: NtPlugPlayControl
Status: Not hooked
#: 206 Function Name: NtPowerInformation
Status: Not hooked
#: 207 Function Name: NtPrivilegeCheck
Status: Not hooked
#: 208 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked
#: 209 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked
#: 210 Function Name: NtProtectVirtualMemory
Status: Not hooked
#: 211 Function Name: NtPulseEvent
Status: Not hooked
#: 212 Function Name: NtQueryAttributesFile
Status: Not hooked
#: 213 Function Name: NtQueryBootEntryOrder
Status: Not hooked
#: 214 Function Name: NtQueryBootOptions
Status: Not hooked
#: 215 Function Name: NtQueryDebugFilterState
Status: Not hooked
#: 216 Function Name: NtQueryDefaultLocale
Status: Not hooked
#: 217 Function Name: NtQueryDefaultUILanguage
Status: Not hooked
#: 218 Function Name: NtQueryDirectoryFile
Status: Not hooked
#: 219 Function Name: NtQueryDirectoryObject
Status: Not hooked
#: 220 Function Name: NtQueryDriverEntryOrder
Status: Not hooked
#: 221 Function Name: NtQueryEaFile
Status: Not hooked
#: 222 Function Name: NtQueryEvent
Status: Not hooked
#: 223 Function Name: NtQueryFullAttributesFile
Status: Not hooked
#: 224 Function Name: NtQueryInformationAtom
Status: Not hooked
#: 225 Function Name: NtQueryInformationFile
Status: Not hooked
#: 226 Function Name: NtQueryInformationJobObject
Status: Not hooked
#: 227 Function Name: NtQueryInformationPort
Status: Not hooked
#: 228 Function Name: NtQueryInformationProcess
Status: Not hooked
#: 229 Function Name: NtQueryInformationThread
Status: Not hooked
#: 230 Function Name: NtQueryInformationToken
Status: Not hooked
#: 231 Function Name: NtQueryInstallUILanguage
Status: Not hooked
#: 232 Function Name: NtQueryIntervalProfile
Status: Not hooked
#: 233 Function Name: NtQueryIoCompletion
Status: Not hooked
#: 234 Function Name: NtQueryKey
Status: Not hooked
#: 235 Function Name: NtQueryMultipleValueKey
Status: Not hooked
#: 236 Function Name: NtQueryMutant
Status: Not hooked
#: 237 Function Name: NtQueryObject
Status: Not hooked
#: 238 Function Name: NtQueryOpenSubKeys
Status: Not hooked
#: 239 Function Name: NtQueryOpenSubKeysEx
Status: Not hooked
#: 240 Function Name: NtQueryPerformanceCounter
Status: Not hooked
#: 241 Function Name: NtQueryQuotaInformationFile
Status: Not hooked
#: 242 Function Name: NtQuerySection
Status: Not hooked
#: 243 Function Name: NtQuerySecurityObject
Status: Not hooked
#: 244 Function Name: NtQuerySemaphore
Status: Not hooked
#: 245 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked
#: 246 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked
#: 247 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked
#: 248 Function Name: NtQuerySystemInformation
Status: Not hooked
#: 249 Function Name: NtQuerySystemTime
Status: Not hooked
#: 250 Function Name: NtQueryTimer
Status: Not hooked
#: 251 Function Name: NtQueryTimerResolution
Status: Not hooked
#: 252 Function Name: NtQueryValueKey
Status: Not hooked
#: 253 Function Name: NtQueryVirtualMemory
Status: Not hooked
#: 254 Function Name: NtQueryVolumeInformationFile
Status: Not hooked
#: 255 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x848cdb70
#: 256 Function Name: NtRaiseException
Status: Not hooked
#: 257 Function Name: NtRaiseHardError
Status: Not hooked
#: 258 Function Name: NtReadFile
Status: Not hooked
#: 259 Function Name: NtReadFileScatter
Status: Not hooked
#: 260 Function Name: NtReadRequestData
Status: Not hooked
#: 261 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x848cda08
#: 262 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked
#: 263 Function Name: NtReleaseMutant
Status: Not hooked
#: 264 Function Name: NtReleaseSemaphore
Status: Not hooked
#: 265 Function Name: NtRemoveIoCompletion
Status: Not hooked
#: 266 Function Name: NtRemoveProcessDebug
Status: Not hooked
#: 267 Function Name: NtRenameKey
Status: Not hooked
#: 268 Function Name: NtReplaceKey
Status: Not hooked
#: 269 Function Name: NtReplacePartitionUnit
Status: Not hooked
#: 270 Function Name: NtReplyPort
Status: Not hooked
#: 271 Function Name: NtReplyWaitReceivePort
Status: Not hooked
#: 272 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked
#: 273 Function Name: NtReplyWaitReplyPort
Status: Not hooked
#: 274 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 275 Function Name: NtRequestPort
Status: Not hooked
#: 276 Function Name: NtRequestWaitReplyPort
Status: Not hooked
#: 277 Function Name: NtRequestWakeupLatency
Status: Not hooked
#: 278 Function Name: NtResetEvent
Status: Not hooked
#: 279 Function Name: NtResetWriteWatch
Status: Not hooked
#: 280 Function Name: NtRestoreKey
Status: Not hooked
#: 281 Function Name: NtResumeProcess
Status: Not hooked
#: 282 Function Name: NtResumeThread
Status: Not hooked
#: 283 Function Name: NtSaveKey
Status: Not hooked
#: 284 Function Name: NtSaveKeyEx
Status: Not hooked
#: 285 Function Name: NtSaveMergedKeys
Status: Not hooked
#: 286 Function Name: NtSecureConnectPort
Status: Not hooked
#: 287 Function Name: NtSetBootEntryOrder
Status: Not hooked
#: 288 Function Name: NtSetBootOptions
Status: Not hooked
#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x848cdc60
#: 290 Function Name: NtSetDebugFilterState
Status: Not hooked
#: 291 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked
#: 292 Function Name: NtSetDefaultLocale
Status: Not hooked
#: 293 Function Name: NtSetDefaultUILanguage
Status: Not hooked
#: 294 Function Name: NtSetDriverEntryOrder
Status: Not hooked
#: 295 Function Name: NtSetEaFile
Status: Not hooked
#: 296 Function Name: NtSetEvent
Status: Not hooked
#: 297 Function Name: NtSetEventBoostPriority
Status: Not hooked
#: 298 Function Name: NtSetHighEventPair
Status: Not hooked
#: 299 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked
#: 300 Function Name: NtSetInformationDebugObject
Status: Not hooked
#: 301 Function Name: NtSetInformationFile
Status: Not hooked
#: 302 Function Name: NtSetInformationJobObject
Status: Not hooked
#: 303 Function Name: NtSetInformationKey
Status: Not hooked
#: 304 Function Name: NtSetInformationObject
Status: Not hooked
#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x848cdeb8
#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x848cdcd8
#: 307 Function Name: NtSetInformationToken
Status: Not hooked
#: 308 Function Name: NtSetIntervalProfile
Status: Not hooked
#: 309 Function Name: NtSetIoCompletion
Status: Not hooked
#: 310 Function Name: NtSetLdtEntries
Status: Not hooked
#: 311 Function Name: NtSetLowEventPair
Status: Not hooked
#: 312 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked
#: 313 Function Name: NtSetQuotaInformationFile
Status: Not hooked
#: 314 Function Name: NtSetSecurityObject
Status: Not hooked
#: 315 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked
#: 316 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked
#: 317 Function Name: NtSetSystemInformation
Status: Not hooked
#: 318 Function Name: NtSetSystemPowerState
Status: Not hooked
#: 319 Function Name: NtSetSystemTime
Status: Not hooked
#: 320 Function Name: NtSetThreadExecutionState
Status: Not hooked
#: 321 Function Name: NtSetTimer
Status: Not hooked
#: 322 Function Name: NtSetTimerResolution
Status: Not hooked
#: 323 Function Name: NtSetUuidSeed
Status: Not hooked
#: 324 Function Name: NtSetValueKey
Status: Not hooked
#: 325 Function Name: NtSetVolumeInformationFile
Status: Not hooked
#: 326 Function Name: NtShutdownSystem
Status: Not hooked
#: 327 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked
#: 328 Function Name: NtStartProfile
Status: Not hooked
#: 329 Function Name: NtStopProfile
Status: Not hooked
#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x848cde40
#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x848cdbe8
#: 332 Function Name: NtSystemDebugControl
Status: Not hooked
#: 333 Function Name: NtTerminateJobObject
Status: Not hooked
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x848cdf30
#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x848cdd50
#: 336 Function Name: NtTestAlert
Status: Not hooked
#: 337 Function Name: NtThawRegistry
Status: Not hooked
#: 338 Function Name: NtThawTransactions
Status: Not hooked
#: 339 Function Name: NtTraceEvent
Status: Not hooked
#: 340 Function Name: NtTraceControl
Status: Not hooked
#: 341 Function Name: NtTranslateFilePath
Status: Not hooked
#: 342 Function Name: NtUnloadDriver
Status: Not hooked
#: 343 Function Name: NtUnloadKey
Status: Not hooked
#: 344 Function Name: NtUnloadKey2
Status: Not hooked
#: 345 Function Name: NtUnloadKeyEx
Status: Not hooked
#: 346 Function Name: NtUnlockFile
Status: Not hooked
#: 347 Function Name: NtUnlockVirtualMemory
Status: Not hooked
#: 348 Function Name: NtUnmapViewOfSection
Status: Not hooked
#: 349 Function Name: NtVdmControl
Status: Not hooked
#: 350 Function Name: NtWaitForDebugEvent
Status: Not hooked
#: 351 Function Name: NtWaitForMultipleObjects
Status: Not hooked
#: 352 Function Name: NtWaitForSingleObject
Status: Not hooked
#: 353 Function Name: NtWaitHighEventPair
Status: Not hooked
#: 354 Function Name: NtWaitLowEventPair
Status: Not hooked
#: 355 Function Name: NtWriteFile
Status: Not hooked
#: 356 Function Name: NtWriteFileGather
Status: Not hooked
#: 357 Function Name: NtWriteRequestData
Status: Not hooked
#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x848cda80
#: 359 Function Name: NtYieldExecution
Status: Not hooked
#: 360 Function Name: NtCreateKeyedEvent
Status: Not hooked
#: 361 Function Name: NtOpenKeyedEvent
Status: Not hooked
#: 362 Function Name: NtReleaseKeyedEvent
Status: Not hooked
#: 363 Function Name: NtWaitForKeyedEvent
Status: Not hooked
#: 364 Function Name: NtQueryPortInformationProcess
Status: Not hooked
#: 365 Function Name: NtGetCurrentProcessorNumber
Status: Not hooked
#: 366 Function Name: NtWaitForMultipleObjects32
Status: Not hooked
#: 367 Function Name: NtGetNextProcess
Status: Not hooked
#: 368 Function Name: NtGetNextThread
Status: Not hooked
#: 369 Function Name: NtCancelIoFileEx
Status: Not hooked
#: 370 Function Name: NtCancelSynchronousIoFile
Status: Not hooked
#: 371 Function Name: NtRemoveIoCompletionEx
Status: Not hooked
#: 372 Function Name: NtRegisterProtocolAddressInformation
Status: Not hooked
#: 373 Function Name: NtPropagationComplete
Status: Not hooked
#: 374 Function Name: NtPropagationFailed
Status: Not hooked
#: 375 Function Name: NtCreateWorkerFactory
Status: Not hooked
#: 376 Function Name: NtReleaseWorkerFactoryWorker
Status: Not hooked
#: 377 Function Name: NtWaitForWorkViaWorkerFactory
Status: Not hooked
#: 378 Function Name: NtSetInformationWorkerFactory
Status: Not hooked
#: 379 Function Name: NtQueryInformationWorkerFactory
Status: Not hooked
#: 380 Function Name: NtWorkerFactoryWorkerReady
Status: Not hooked
#: 381 Function Name: NtShutdownWorkerFactory
Status: Not hooked
#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x848cd918
#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "<unknown>" at address 0x848cd990
#: 384 Function Name: NtQueryLicenseValue
Status: Not hooked
#: 385 Function Name: NtMapCMFModule
Status: Not hooked
#: 386 Function Name: NtIsUILanguageComitted
Status: Not hooked
#: 387 Function Name: NtFlushInstallUILanguage
Status: Not hooked
#: 388 Function Name: NtGetMUIRegistryInfo
Status: Not hooked
#: 389 Function Name: NtAcquireCMFViewOwnership
Status: Not hooked
#: 390 Function Name: NtReleaseCMFViewOwnership
Status: Not hooked
root repeal hidden services
does not complete the scan!
rsit log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Taormina at 2011-02-08 20:27:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 178 GB (78%) free of 229 GB
Total RAM: 894 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:46 PM, on 2/8/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
J:\RSIT.exe
C:\Program Files\trend micro\Taormina.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Li
obviously ran out of space - again:
rsit log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Taormina at 2011-02-08 20:27:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 178 GB (78%) free of 229 GB
Total RAM: 894 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:46 PM, on 2/8/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
J:\RSIT.exe
C:\Program Files\trend micro\Taormina.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6036 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Taormina.job
C:\Windows\tasks\User_Feed_Synchronization-{A69D11DF-C5CE-43EA-BB51-AD1D766F08EF}.job
C:\Windows\tasks\wrSpySweeper_L0216702BBA51487CBAECEA3CA665B82A.job
C:\Windows\tasks\wrSpySweeper_LEC5FEA63B1534AD49A406B78701F1CB7.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-09 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23 160056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe /atstartup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\nino nindo\iTunesHelper.exe [2010-02-15 141608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-04-06 8429568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-04-06 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-04-06 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-04-04 1822720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-29 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe /atstartup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Taormina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\Users\Taormina\Desktop\LimeWire\LimeWire.exe -startup []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d663642-c82e-11dd-af2a-0040ca9e900d}]
shell\Auto\command - Microsoft.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Microsoft.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e91ee01-3462-11df-8a15-0040ca9e900d}]
shell\AutoRun\command - "J:\Install FreeAgent Tools.exe" /run
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2011-02-08 14:37:16 ----A---- C:\TDSSKiller.2.4.12.0_08.02.2011_14.37.16_log.txt
2011-02-08 14:12:42 ----D---- C:\ProgramData\McAfee Security Scan
2011-02-08 14:12:31 ----D---- C:\Program Files\McAfee Security Scan
2011-02-07 20:37:28 ----SHD---- C:\Config.Msi
2011-02-07 19:15:02 ----D---- C:\Windows\en
2011-02-07 19:06:13 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-02-07 19:06:13 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-02-07 19:06:12 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-02-07 19:04:49 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-04 13:53:06 ----AD---- C:\Kaspersky Rescue Disk 10.0
2011-01-12 02:38:36 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 02:38:20 ----A---- C:\Windows\system32\sdclt.exe
2010-12-19 16:38:09 ----D---- C:\Users\Taormina\AppData\Roaming\OpenCandy
2010-12-16 16:32:49 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 16:32:48 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 16:32:47 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 16:32:47 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 16:32:47 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 16:32:25 ----A---- C:\Windows\system32\consent.exe
2010-12-16 16:32:16 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 16:32:16 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 16:32:15 ----A---- C:\Windows\system32\fontsub.dll
2010-12-16 16:32:02 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 16:32:01 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 16:32:00 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 16:31:57 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 16:31:56 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-16 16:31:54 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 16:31:54 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 16:31:54 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 16:31:53 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-16 16:31:53 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 16:31:51 ----A---- C:\Windows\system32\occache.dll
2010-12-16 16:31:51 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-16 16:31:51 ----A---- C:\Windows\system32\ieui.dll
2010-12-16 16:31:51 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 16:31:50 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 16:31:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-16 16:31:49 ----A---- C:\Windows\system32\iesetup.dll
2010-12-16 16:31:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-16 16:31:48 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-16 16:31:47 ----A---- C:\Windows\system32\iernonce.dll
2010-12-16 16:31:46 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-16 16:28:41 ----A---- C:\Windows\system32\tzres.dll
2010-12-03 21:11:39 ----A---- C:\Windows\system32\webservices.dll
======List of files/folders modified in the last 3 months======
2011-02-08 20:27:45 ----D---- C:\Windows\Temp
2011-02-08 20:27:42 ----D---- C:\Windows\Prefetch
2011-02-08 20:27:33 ----D---- C:\Program Files\trend micro
2011-02-08 20:01:52 ----HD---- C:\Windows\inf
2011-02-08 20:01:52 ----D---- C:\Windows\System32
2011-02-08 20:01:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-08 14:37:16 ----D---- C:\Windows\system32\drivers
2011-02-08 14:12:42 ----HD---- C:\ProgramData
2011-02-08 14:12:31 ----RD---- C:\Program Files
2011-02-08 14:12:28 ----D---- C:\ProgramData\McAfee
2011-02-08 14:12:18 ----D---- C:\hosts
2011-02-08 11:39:42 ----SHD---- C:\System Volume Information
2011-02-08 08:03:37 ----A---- C:\Windows\ntbtlog.txt
2011-02-07 20:44:29 ----SHD---- C:\Windows\Installer
2011-02-07 19:32:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-07 19:25:43 ----D---- C:\Windows\system32\Tasks
2011-02-07 19:25:42 ----D---- C:\Windows\Tasks
2011-02-07 19:17:49 ----D---- C:\Windows\Microsoft.NET
2011-02-07 19:16:48 ----RSD---- C:\Windows\assembly
2011-02-07 19:15:02 ----D---- C:\Windows
2011-02-07 19:14:27 ----DC---- C:\Windows\system32\DRVSTORE
2011-02-07 19:11:51 ----D---- C:\Program Files\Windows Live
2011-02-07 19:09:30 ----RSD---- C:\Windows\Fonts
2011-02-07 19:08:29 ----SD---- C:\ProgramData\Microsoft
2011-02-07 19:08:24 ----D---- C:\Windows\winsxs
2011-02-07 19:07:50 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-07 18:35:46 ----D---- C:\Users\Taormina\AppData\Roaming\Unity
2011-02-07 18:35:46 ----D---- C:\Program Files\Unity
2011-02-07 18:34:17 ----SHD---- C:\$RECYCLE.BIN
2011-02-07 18:29:21 ----D---- C:\Windows\system32\catroot2
2011-02-07 18:24:32 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-07 18:24:32 ----D---- C:\Program Files\BigFix
2011-02-07 18:22:46 ----SD---- C:\Users\Taormina\AppData\Roaming\Microsoft
2011-02-07 18:22:44 ----D---- C:\Program Files\Virtools
2011-02-04 18:10:05 ----D---- C:\Program Files\SIFXINST
2011-02-03 20:50:19 ----D---- C:\Users\Taormina\AppData\Roaming\FrostWire
2011-01-12 03:03:51 ----A---- C:\Windows\system32\mrt.exe
2011-01-12 02:36:42 ----D---- C:\Windows\system32\catroot
2010-12-29 22:11:28 ----D---- C:\Users\Taormina\AppData\Roaming\Skype
2010-12-29 21:02:38 ----D---- C:\Users\Taormina\AppData\Roaming\skypePM
2010-12-17 03:44:36 ----D---- C:\Windows\rescache
2010-12-17 03:25:45 ----D---- C:\Program Files\Windows Mail
2010-12-17 03:25:40 ----D---- C:\Program Files\Internet Explorer
2010-12-17 03:25:39 ----D---- C:\Windows\system32\migration
2010-12-17 03:05:53 ----D---- C:\Windows\system32\en-US
2010-11-13 23:42:00 ----D---- C:\Windows\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-04-17 1032104]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-06 7476704]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 vmcam326av;HP Camera; C:\Windows\System32\Drivers\vmcam326av.sys [2007-04-13 100096]
S3 vvftav;326 Solborn filter service name, vista ver; C:\Windows\system32\drivers\vvftav.sys [2007-04-13 279680]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-18 521216]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-05-21 65536]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-03-12 1201640]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 190448]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe [2010-10-04 237008]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
Hi, Temmu.
I see you already ran TDSSKiller. Was anything found?
I'm shutting down for the night so have just given your log a cursory check and nothing stood out, although I note outdated Java and Adobe Reader:
Java(TM) SE Runtime Environment 6 Update 1
Adobe Reader 8.1.4
Please do the following:
Please download
JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.
- Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
- Click on Remove Older Versions to remove older versions of Java.
- A logfile will pop up. Please save it to a convenient location.
Then download and install
Java SE Runtime Environment (JRE) 6 Update 23.
Download Link: Java SE Runtime Environment 6u23 (https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u23-oth-JPR@CDS-CDS_Developer)
Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
Adobe Reader had critical updates, released today. See http://www.landzdown.com/index.php/topic,49403.0.html for links.
Let's see if a different A/V finds something: Please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
Did this start about the same time you switched to a new ISP?
corrine - 2 online scans have found nothing. - will try eset's (didn't know they had one)
- also, tdskiller came up empty.
winchester73 - no. am helping a friend, it is her pc (different isp)
thanks!
Missed this last night:
Antivirus/Firewall Check:
Webroot AntiVirus with Spy Sweeper
McAfee Security Scan Plus
Uninstall McAfee Security Scan Plus.
ok, but it's only been on there to do the online scan. which, of course, failed to run. even with webroot off.
No problem then. I thought it was mistakenly downloaded by the owner with an Adobe update.
Any luck with the ESET scan?
first and foremost, thank you for looking and commenting, corrine :rose: and winchester73 :Win73:
um...
i think i know why nothing made anything better.
and why nothing shows up in all these logs.
ready?
i think it's ms updates.
some machines just won't work if they have updates pending.
this had 'em pending.
i updated and it had more.
and more.
and more.
when ms was done vomiting all over itself, the machine ran, well, ran ok.
alright, ran ok for a vista machine.
and i know someone is going to say how much they love vista.
and i know some who honestly loved m.e. (messed up edition.)
both precursors to the best os of their time, xp, and 7.
o, xp, we hardly knew you. - shakespear. (he stole that from his neighbor, ed.)
but i digress. don't i always?
anyway, my guess, ms updates vomiting all over the os.
with the puke gone, the os feels better now.
ciao. (chow)
ok
i'm wrong.
there is something on that machine transmitting.
webroot keeps displaying
"The internet commuication shield has blocked access to:
get-access.host.sk"
or any number of sites.
help.
thanks.
Hi, Temmu.
Let's see if ComboFix finds anything.
Please follow these instructions carefully.Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
!!! IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
Now, please run ComboFix:
- Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC1.png&hash=29e6fe1eb864e58b4b66611caa7d7b6be84a47f8)
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC2.png&hash=e111f6aa2d657579d44cabc5fb4258fd1dce26eb)
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
o great and might queen,
ps
webroot is still blocking outgoing website connections
i am not running a browser.
the pc is of its own accord attempting to connect to the internet.
due to length, i'll post this first, then wait a few minutes for the "posts it to the same thing you just posted to" thing times out so it shows up in a separate box
combo fix log
ComboFix 11-02-09.05 - Taormina 02/10/2011 9:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.320 [GMT -6:00]
Running from: c:\users\Taormina\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Uninstall
c:\users\Taormina\GoogleEarthPluginSetup.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.
2011-02-10 15:22 . 2011-02-10 15:23 -------- d-----w- c:\users\Taormina\AppData\Local\temp
2011-02-10 15:22 . 2011-02-10 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-10 04:53 . 2011-02-10 08:40 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-09 22:50 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 22:50 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 22:50 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 22:50 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 22:50 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-08 17:40 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9A9BA9F-E0DB-4FB8-9280-EC09DDCD2B5F}\mpengine.dll
2011-02-08 01:15 . 2011-02-08 01:15 -------- d-----w- c:\windows\en
2011-02-08 01:14 . 2010-09-23 06:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-02-08 01:06 . 2009-09-04 23:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-08 01:06 . 2009-09-04 23:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-08 01:06 . 2009-09-04 23:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-08 01:04 . 2011-02-08 14:02 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-08 00:51 . 2011-02-08 00:51 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\4d69003f1cbc72a01\Silverlight.4.0.exe
2011-02-04 19:53 . 2011-02-05 00:57 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-01-12 08:38 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 08:38 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:38 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:38 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:38 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:38 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 08:38 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2010-09-20 14:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-09-20 14:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 21:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Taormina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Taormina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 ----a-w- c:\nino nindo\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-21 00:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-23 06:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-04-06 21:21 8429568 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-04-06 21:21 81920 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-04-06 21:21 86016 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-10 23:01 4431872 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 22:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-04-05 00:22 1822720 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 21:19 6515784 ----a-w- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-29 19:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 21:54]
2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 21:54]
2011-02-10 c:\windows\Tasks\User_Feed_Synchronization-{A69D11DF-C5CE-43EA-BB51-AD1D766F08EF}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
2011-02-07 c:\windows\Tasks\wrSpySweeper_L0216702BBA51487CBAECEA3CA665B82A.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-12 21:19]
2011-02-07 c:\windows\Tasks\wrSpySweeper_L0216702BBA51487CBAECEA3CA665B82A.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-12 21:19]
2011-02-10 c:\windows\Tasks\wrSpySweeper_LEC5FEA63B1534AD49A406B78701F1CB7.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-12 21:19]
2011-02-10 c:\windows\Tasks\wrSpySweeper_LEC5FEA63B1534AD49A406B78701F1CB7.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-03-12 21:19]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 09:23
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-10 09:25:39
ComboFix-quarantined-files.txt 2011-02-10 15:25
Pre-Run: 164,013,158,400 bytes free
Post-Run: 165,117,116,416 bytes free
- - End Of File - - 4C385F5B2B21898FDBB0C7FC4CEF82A9
part too
Logfile of random's system information tool 1.06 (written by random/random)
Run by Taormina at 2011-02-10 09:35:18
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 158 GB (69%) free of 229 GB
Total RAM: 894 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:23 AM, on 2/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
J:\RSIT.exe
C:\Program Files\trend micro\Taormina.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 5016 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{A69D11DF-C5CE-43EA-BB51-AD1D766F08EF}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-09 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23 160056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\nino nindo\iTunesHelper.exe [2010-02-15 141608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-04-06 8429568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-04-06 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-04-06 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-04-04 1822720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-29 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe /atstartup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Taormina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\Users\Taormina\Desktop\LimeWire\LimeWire.exe -startup []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 3 months======
2011-02-10 09:25:51 ----SHD---- C:\$RECYCLE.BIN
2011-02-10 09:25:42 ----D---- C:\Windows\temp
2011-02-10 09:25:40 ----A---- C:\ComboFix.txt
2011-02-10 09:12:42 ----A---- C:\Windows\zip.exe
2011-02-10 09:12:42 ----A---- C:\Windows\SWSC.exe
2011-02-10 09:12:42 ----A---- C:\Windows\SWREG.exe
2011-02-10 09:12:42 ----A---- C:\Windows\sed.exe
2011-02-10 09:12:42 ----A---- C:\Windows\PEV.exe
2011-02-10 09:12:42 ----A---- C:\Windows\NIRCMD.exe
2011-02-10 09:12:42 ----A---- C:\Windows\MBR.exe
2011-02-10 09:12:42 ----A---- C:\Windows\grep.exe
2011-02-10 09:12:26 ----D---- C:\Windows\ERDNT
2011-02-10 09:12:25 ----D---- C:\ComboFix
2011-02-10 09:11:57 ----AD---- C:\Qoobox
2011-02-10 09:11:39 ----A---- C:\Windows\SWXCACLS.exe
2011-02-09 22:53:21 ----D---- C:\Program Files\MyDefrag v4.3.1
2011-02-09 16:50:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 16:50:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 16:50:34 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\FntCache.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\DWrite.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-09 16:49:21 ----A---- C:\Windows\system32\d2d1.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-09 16:49:20 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\mf.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\dxgi.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-09 16:49:19 ----A---- C:\Windows\system32\d3d10.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\stobject.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-09 16:49:18 ----A---- C:\Windows\system32\mfplat.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-09 16:49:18 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-09 16:49:16 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-09 16:49:16 ----A---- C:\Windows\system32\mfps.dll
2011-02-09 16:49:16 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 16:48:44 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 16:48:43 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 16:48:42 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 16:48:42 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 16:48:42 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\occache.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-09 16:48:41 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iesetup.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iernonce.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 16:48:41 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-09 16:48:40 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 16:48:34 ----A---- C:\Windows\system32\shell32.dll
2011-02-09 16:48:32 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-09 16:48:27 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 16:48:26 ----A---- C:\Windows\system32\atmlib.dll
2011-02-08 14:37:16 ----A---- C:\TDSSKiller.2.4.12.0_08.02.2011_14.37.16_log.txt
2011-02-07 20:37:28 ----D---- C:\Config.Msi
2011-02-07 19:15:02 ----D---- C:\Windows\en
2011-02-07 19:06:13 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-02-07 19:06:13 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-02-07 19:06:12 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-02-07 19:04:49 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-04 13:53:06 ----AD---- C:\Kaspersky Rescue Disk 10.0
2011-01-12 02:38:36 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 02:38:20 ----A---- C:\Windows\system32\sdclt.exe
2010-12-19 16:38:09 ----D---- C:\Users\Taormina\AppData\Roaming\OpenCandy
2010-12-16 16:32:49 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 16:32:48 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 16:32:47 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 16:32:47 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 16:32:47 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 16:32:25 ----A---- C:\Windows\system32\consent.exe
2010-12-16 16:32:15 ----A---- C:\Windows\system32\fontsub.dll
2010-12-16 16:28:41 ----A---- C:\Windows\system32\tzres.dll
2010-12-03 21:11:39 ----A---- C:\Windows\system32\webservices.dll
======List of files/folders modified in the last 3 months======
2011-02-10 09:35:23 ----D---- C:\Windows\Prefetch
2011-02-10 09:35:19 ----D---- C:\Program Files\trend micro
2011-02-10 09:25:42 ----D---- C:\Windows
2011-02-10 09:25:15 ----D---- C:\Windows\Tasks
2011-02-10 09:23:21 ----A---- C:\Windows\system.ini
2011-02-10 09:22:21 ----D---- C:\Program Files\Common Files
2011-02-10 09:20:06 ----D---- C:\Windows\System32
2011-02-10 09:19:09 ----D---- C:\Windows\system32\drivers
2011-02-10 09:19:09 ----D---- C:\Windows\AppPatch
2011-02-10 09:11:01 ----HD---- C:\Windows\inf
2011-02-10 09:11:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-10 02:03:40 ----SHD---- C:\System Volume Information
2011-02-09 22:53:21 ----RD---- C:\Program Files
2011-02-09 22:47:56 ----D---- C:\hosts
2011-02-09 22:37:21 ----D---- C:\Temp
2011-02-09 22:24:36 ----D---- C:\Windows\SMINST
2011-02-09 17:40:25 ----D---- C:\Windows\rescache
2011-02-09 17:34:48 ----D---- C:\Windows\winsxs
2011-02-09 17:24:40 ----D---- C:\Windows\system32\catroot
2011-02-09 17:20:21 ----D---- C:\Program Files\Windows Mail
2011-02-09 17:20:15 ----D---- C:\Program Files\Internet Explorer
2011-02-09 17:20:14 ----D---- C:\Windows\system32\migration
2011-02-09 17:12:33 ----A---- C:\Windows\system32\mrt.exe
2011-02-09 17:05:03 ----D---- C:\ProgramData
2011-02-09 16:47:57 ----D---- C:\Windows\system32\catroot2
2011-02-08 14:12:28 ----D---- C:\ProgramData\McAfee
2011-02-08 08:03:37 ----A---- C:\Windows\ntbtlog.txt
2011-02-07 20:44:29 ----SHD---- C:\Windows\Installer
2011-02-07 19:32:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-07 19:25:43 ----D---- C:\Windows\system32\Tasks
2011-02-07 19:17:49 ----D---- C:\Windows\Microsoft.NET
2011-02-07 19:16:48 ----RSD---- C:\Windows\assembly
2011-02-07 19:14:27 ----DC---- C:\Windows\system32\DRVSTORE
2011-02-07 19:11:51 ----D---- C:\Program Files\Windows Live
2011-02-07 19:09:30 ----RSD---- C:\Windows\Fonts
2011-02-07 19:08:29 ----SD---- C:\ProgramData\Microsoft
2011-02-07 19:07:50 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-07 18:35:46 ----D---- C:\Users\Taormina\AppData\Roaming\Unity
2011-02-07 18:35:46 ----D---- C:\Program Files\Unity
2011-02-07 18:24:32 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-07 18:24:32 ----D---- C:\Program Files\BigFix
2011-02-07 18:22:46 ----SD---- C:\Users\Taormina\AppData\Roaming\Microsoft
2011-02-07 18:22:44 ----D---- C:\Program Files\Virtools
2011-02-04 18:10:05 ----D---- C:\Program Files\SIFXINST
2011-02-03 20:50:19 ----D---- C:\Users\Taormina\AppData\Roaming\FrostWire
2010-12-29 22:11:28 ----D---- C:\Users\Taormina\AppData\Roaming\Skype
2010-12-29 21:02:38 ----D---- C:\Users\Taormina\AppData\Roaming\skypePM
2010-12-17 03:05:53 ----D---- C:\Windows\system32\en-US
2010-11-13 23:42:00 ----D---- C:\Windows\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-11-08 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-04-17 1032104]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-06 7476704]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 catchme;catchme; \??\C:\Users\Taormina\AppData\Local\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 vmcam326av;HP Camera; C:\Windows\System32\Drivers\vmcam326av.sys [2007-04-13 100096]
S3 vvftav;326 Solborn filter service name, vista ver; C:\Windows\system32\drivers\vvftav.sys [2007-04-13 279680]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-18 521216]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-05-21 65536]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2010-03-12 1201640]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 190448]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
From http://www.mvps.org/winhelp2002/hosts.txt -- 127.0.0.1 get-access.host.sk #[McAfee.StartPage-IR] and in a thread at Bleeping Computer (http://www.bleepingcomputer.com/forums/topic119548.html) the entry is shown as having been added to the HOSTS file by StopZilla.
I'm still seeing the vulnerable Adobe and Java. Please see my previous instructions about updating both.
The next step is to uninstall Limewire.
Hi, Temmu.
Had a problem with our cable today so I was offline most of the day. They finally found the problem at the pole and repaired it this afternoon.
The reason I suggested uninstalling Limewire is because it is set for startup and it may be the culprit, particularly if the owner gave it firewall permission.
After you've caught up with the Adobe/Java updates, I have a minor fix I'd like to do with ComboFix.
glad you got your access fixed, it's rough being without.
from thursday night:
updated flash / adobe
could not find limewire
webroot continuously blocking sites - i am, of course, not browsing.
it must be a really well written malware to be undetectable.
i'm just gonna save her pix and reload the silly machine.
thanks for spending so much time with me on this.