pikay2k Posted January 7, 2011 ID:371139 Share Posted January 7, 2011 I posted this elsewhere but I was told this was the correct section:Hello. I've recently had several of my email accounts compromised. I have Microsoft Security Essentials running, and it wasn't able to find anything. I decided I'd get a second scan from Malwarebytes. Did a quick scan and it detected three objects that Microsoft Security Essentials didn't find. Here's the log:Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5474Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.131/7/2011 1:49:46 AMmbam-log-2011-01-07 (01-49-46).txtScan type: Quick scanObjects scanned: 215594Time elapsed: 26 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Do any of those seem like they'd possibly be keyloggers? I'm going crazy trying to figure out how my information was lost. I'm usually very cautious with things, and haven't had any serious infections in years. I recently made a purchase on a rather shady site, which I later canceled when I realized they most likely weren't a legit seller, but this purchase was made on my laptop. I cleaned my laptop (which did in fact have some infections after visiting the site, though some javascript exploit or something), but I made sure that when I changed all of my passwords, I did it on my desktop which hasn't visited this shady site, and hasn't opened attachments or anything from my laptop. However, the next day my accounts were still compromised, so I'm really at a loss and want this problem solved. If I don't I'll be forced to reformat both computers because I can't figure out how in the world this information was snatched from me.My Google account did get a hold of their IP though, and they do live in the same state as me, so it's always possible someone I used to know is reverse engineering my information and the whole shady website fiasco is just a coincidence, but that's highly unlikely for many reasons. Here's my HijackThis file.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 3:50:38 PM, on 1/7/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17093)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Program Files\LogMeIn Hamachi\hamachi-2.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exeC:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exeC:\Program Files\Palm, Inc\novacom\x86\novacomd.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exeC:\Program Files\Razer\Arctosa\razerhid.exeC:\Program Files\Razer\Salmosa\razerhid.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Razer\Arctosa\razertra.exeC:\Program Files\Razer\Salmosa\razertra.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exeC:\Program Files\Razer\Salmosa\razerofa.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files\RocketDock\RocketDock.exeC:\Program Files\Stardock\CursorFX\CursorFX.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Kami\Application Data\Dropbox\bin\Dropbox.exeC:\Program Files\UltraMon\UltraMon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Pale Moon\palemoon.exeC:\Program Files\Pale Moon\plugin-container.exeC:\Desktop\HijackThis.exeO2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V14\ATLIECP.DLLO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dllO3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V14\ATLIECP.DLLO3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobsO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrunO4 - HKLM\..\Run: [Arctosa] "C:\Program Files\Razer\Arctosa\razerhid.exe"O4 - HKLM\..\Run: [salmosa] C:\Program Files\Razer\Salmosa\razerhid.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"O4 - HKLM\..\Run: [bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startO4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"O4 - HKCU\..\Run: [Hot Keyboard] C:\Program Files\Hot Keyboard Pro\Hot.exe -minimizedO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kami\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Dropbox.lnk = Application Data\Dropbox\bin\Dropbox.exeO4 - Startup: Shortcut to UltraMon.lnk = UltraMon\UltraMon.exeO8 - Extra context menu item: &Translate with ATLAS - C:\Program Files\ATLAS V14\Atlscript.htmlO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files\ATLAS V14\AtlscriptEdit.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V14\Atlscript.htmlO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230123973593O17 - HKLM\System\CCS\Services\Tcpip\..\{85908620-F498-422A-9E87-B2D38C478351}: NameServer = 192.168.1.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dllO23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe (file missing)O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Japanese Input Cache Service (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exeO23 - Service: Google ?A?b?v?f?[?g ?T?[?r?X (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NICSer_TEW623PI_WPC370L - Unknown owner - C:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exeO23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exeO23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exeO24 - Desktop Component 0: (no name) - C:\Documents and Settings\pikay2k\my documents\My Pictures\Boot\Desktops\1236552402862.jpgO24 - Desktop Component 1: (no name) - C:\Documents and Settings\pikay2k\my documents\My Pictures\1239646305223.jpgO24 - Desktop Component 10: (no name) - C:\Documents and Settings\pikay2k\My Documents\My Pictures\1232332158473.jpgO24 - Desktop Component 11: (no name) - http://img199.imageshack.us/img199/6353/yuki.gifO24 - Desktop Component 2: (no name) - C:\Documents and Settings\pikay2k\my documents\My Pictures\1240675005735.jpgO24 - Desktop Component 3: (no name) - C:\Documents and Settings\pikay2k\my documents\My Pictures\1236461980096.jpgO24 - Desktop Component 4: (no name) - C:\Documents and Settings\pikay2k\my documents\My Pictures\1231620193344.jpgO24 - Desktop Component 5: (no name) - C:\Documents and Settings\pikay2k\My Documents\My Pictures\1229821083979.jpgO24 - Desktop Component 6: (no name) - C:\Documents and Settings\pikay2k\My Documents\My Pictures\Boot\tmpphpjKlhHd.jpgO24 - Desktop Component 7: (no name) - C:\Documents and Settings\pikay2k\My Documents\My Pictures\1227056810829.jpgO24 - Desktop Component 8: (no name) - C:\Documents and Settings\pikay2k\my documents\My Pictures\1236468919251.pngO24 - Desktop Component 9: (no name) - C:\Documents and Settings\Kami\My Documents\My Pictures\1237512686665.jpg--End of file - 14106 bytes Link to post Share on other sites More sharing options...
Gammo Posted January 9, 2011 ID:371807 Share Posted January 9, 2011 Hi,HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.I dont't hink those entries are related to a keylogger.Please download DDS and save it to your desktop.Disable any script blocking protection.Double click dds.com to run the tool..When done, DDS will open two logs (DDS.txt and Attach.txt).Save both reports to your desktop.Please include the contents of DDS.txt in your next reply.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Please download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth Code and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?" Link to post Share on other sites More sharing options...
pikay2k Posted January 11, 2011 Author ID:372800 Share Posted January 11, 2011 Didn't expect a reply so soon so didn't keep up with this thread. Here are the results.DDS.txtDDS (Ver_10-12-12.02) - NTFSx86 Run by pikay2k at 13:21:50.57 on 01/11/2011 TueInternet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1791.376 [GMT -5:00]AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exeC:\Program Files\LogMeIn Hamachi\hamachi-2.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exeC:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\NICServ.exeC:\Program Files\Palm, Inc\novacom\x86\novacomd.exeC:\Program Files\TRENDnet\TEW-623PI Wireless Client Utility\UMCCfg.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exeC:\Program Files\Razer\Arctosa\razerhid.exeC:\Program Files\Razer\Salmosa\razerhid.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Razer\Arctosa\razertra.exeC:\Program Files\Razer\Salmosa\razertra.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Razer\Salmosa\razerofa.exeC:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files\RocketDock\RocketDock.exeC:\Program Files\Stardock\CursorFX\CursorFX.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\pikay2k\Application Data\Dropbox\bin\Dropbox.exeC:\Program Files\UltraMon\UltraMon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Pale Moon\palemoon.exeC:\Program Files\Pale Moon\plugin-container.exeC:\Documents and Settings\pikay2k\Desktop\foobar2000\foobar2000.exeC:\Desktop\dds.comC:\WINDOWS\system32\conime.exe============== Pseudo HJT Report ===============uInternet Settings,ProxyOverride = *.localBHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v14\ATLIECP.DLLBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dllTB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - c:\program files\atlas v14\ATLIECP.DLLTB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dllTB: {A057A204-BACC-4D26-9990-79A187E2698E} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [AdobeBridge] uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"uRun: [Hot Keyboard] c:\program files\hot keyboard pro\Hot.exe -minimizeduRun: [Google Update] "c:\documents and settings\pikay2k\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNCmRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMENamemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [bootSkin Startup Jobs] "c:\progra~1\stardock\wincus~1\bootskin\BootSkin.exe" /StartupJobsmRun: [uDC Integration] mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrunmRun: [Arctosa] "c:\program files\razer\arctosa\razerhid.exe"mRun: [salmosa] c:\program files\razer\salmosa\razerhid.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbyloginmRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exemRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"mRun: [bing Bar] "c:\program files\msn toolbar\platform\6.3.2348.0\mswinext.exe"mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resumemRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkeymRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-startStartupFolder: c:\docume~1\pikay2k\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\pikay2k\application data\dropbox\bin\Dropbox.exeStartupFolder: c:\docume~1\pikay2k\startm~1\programs\startup\shortc~1.lnk - c:\program files\ultramon\UltraMon.exeIE: &Translate with ATLAS - c:\program files\atlas v14\Atlscript.htmlIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: ATLAS Translation &Editor - c:\program files\atlas v14\AtlscriptEdit.htmlIE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - c:\program files\atlas v14\Atlscript.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLLDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230123973593DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: {85908620-F498-422A-9E87-B2D38C478351} = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: AtiExtEvent - Ati2evxx.dll============= SERVICES / DRIVERS ===============R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [2009-1-13 7168]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-14 27992]R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-9-28 24645]R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files\google\google japanese input\GoogleIMEJaCacheService.exe [2010-12-8 613504]R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]R2 NICSer_TEW623PI_WPC370L;NICSer_TEW623PI_WPC370L;c:\program files\trendnet\tew-623pi wireless client utility\NICServ.exe [2008-12-24 530432]R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-9-14 10496]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-25 24652]R3 ArcFltr;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2009-12-25 16896]R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-12-24 572416]R3 Salmosa03;Razer Salmosa USB Filter Driver;c:\windows\system32\drivers\Salmosa.sys [2009-12-25 9344]R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 21920]S2 gupdate;Google ?????? ???? (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-13 136176]S3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;\??\c:\docume~1\pikay2k\locals~1\temp\foxdriver.sys --> c:\docume~1\pikay2k\locals~1\temp\FoxDriver.sys [?]S3 ELINK;ELINK;c:\windows\system32\drivers\ELINK.SYS [2009-5-31 17616]S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]S3 FXExSS;FXExSS;c:\program files\foxconn\fox one\FXExSS32.sys [2008-12-24 21312]S3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2009-1-19 175104]S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-1-13 24576]S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-4-21 9344]S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-5-29 27904]=============== Created Last 30 ================2011-01-10 21:32:35 6273872 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{8070de6b-b8e0-4120-a65e-8d461ab52cc1}\mpengine.dll2011-01-07 06:11:05 -------- d-----w- c:\docume~1\pikay2k\applic~1\Malwarebytes2011-01-07 06:10:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-01-07 06:10:28 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes2011-01-07 06:10:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-01-07 06:10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-01-07 00:36:51 -------- d-----w- C:\Mame32UIFX2011-01-07 00:21:24 73216 ----a-w- c:\windows\ST6UNST.EXE2011-01-04 22:39:39 -------- d-----w- c:\program files\LogMeIn Hamachi2011-01-01 19:33:16 487424 ----a-r- c:\windows\system32\msvcp70.dll2011-01-01 19:33:16 344064 ----a-r- c:\windows\system32\msvcr70.dll2010-12-25 17:57:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2010-12-25 17:57:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2010-12-25 17:57:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2010-12-25 17:57:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2010-12-25 17:57:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2010-12-25 17:57:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2010-12-25 17:57:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2010-12-25 17:54:46 -------- d-----w- c:\program files\Bonjour2010-12-15 23:41:23 26176 ---ha-w- c:\windows\system32\hamachi.sys2010-12-15 01:20:05 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2010-12-15 01:19:30 45568 -c----w- c:\windows\system32\dllcache\wab.exe==================== Find3M ====================2010-12-08 10:53:56 1247360 ----a-w- c:\windows\system32\GIMEJa.ime2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:34:11 78336 ------w- c:\windows\system32\ieencode.dll2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll2010-11-03 12:25:53 389120 ------w- c:\windows\system32\html.iec2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe============= FINISH: 13:23:07.01 ===============Rootkit UnhookerRkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #4==============================================>Drivers==============================================0xB4A73000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6135808 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.13 )0xB5089000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 5406720 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)0xA5C78000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4919296 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)0xBF20E000 C:\WINDOWS\System32\ati3duag.dll 3870720 bytes (ATI Technologies Inc. , ati3duag.dll)0xA82D5000 C:\WINDOWS\system32\drivers\RtHDMI.sys 3690496 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)0xBF5BF000 C:\WINDOWS\System32\ativvaxx.dll 2277376 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)0x804D7000 PnpManager 2150400 bytes0x804D7000 RAW 2150400 bytes0x804D7000 WMIxWDM 2150400 bytes0xBF800000 Win32k 1855488 bytes0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)0xB9E7F000 PCI_PNP0488 1048576 bytes0xB9E7F000 spfm.sys 1048576 bytes0xB9E7F000 sptd 1048576 bytes0xB485A000 C:\WINDOWS\System32\drivers\dmboot.sys 802816 bytes (Microsoft Corp., Veritas Software, NT Disk Manager Startup Driver)0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 704512 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)0xBF10C000 C:\WINDOWS\System32\atikvmag.dll 643072 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)0xB9CF5000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)0xA13EF000 C:\WINDOWS\System32\DRIVERS\RT2860.sys 573440 bytes (Ralink Technology, Corp., Ralink 802.11 Wireless Adapter Driver)0xA5939000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)0xBF1A9000 C:\WINDOWS\System32\atiok3x2.dll 413696 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)0xB47A4000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)0xA5B79000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)0xA230C000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)0xA19A6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)0xA5B41000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)0xB498D000 C:\WINDOWS\System32\Drivers\aco0vzgu.SYS 221184 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)0xA59FC000 C:\WINDOWS\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)0xB4802000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)0xB9E39000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)0xA251C000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)0xB9CC8000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)0xA111C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)0xA59D1000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)0xB504D000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)0xA5AF3000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)0xB9DE3000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)0xA5B1B000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)0xB4969000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))0xB4A4F000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)0xB4946000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)0xA5C05000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)0xA5AD1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)0x806E4000 ACPI_HAL 134400 bytes0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)0xB9DAB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)0xB9E09000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)0xB9CAE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)0xB9DCB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)0xA58A9000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes0xB9E67000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)0xB9D82000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)0xB492F000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))0xA27C9000 C:\WINDOWS\System32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)0xA1F87000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)0xB5075000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)0xA5BD2000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)0xB9D99000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)0xB9E28000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)0xB491E000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)0xB5621000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)0xBA1F8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)0xBA188000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)0xBA178000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)0xBA2F8000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)0xBA198000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)0xBA208000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)0xA2114000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)0xBA248000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)0xBA0B8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)0xBA108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)0xBA1A8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)0xBA1C8000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)0xBA158000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)0xBA1B8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)0xBA218000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)0xBA1E8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)0xB5631000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)0xBA2E8000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)0xBA1D8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)0xBA308000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)0xA2244000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)0xB55C1000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)0xBA2D8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)0xBA498000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)0xBA450000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)0xBA470000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)0xBA4A8000 C:\WINDOWS\system32\drivers\dhahelper.sys 28672 bytes (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>, DhaHelper - Direct HardWare Access Driver)0xBA460000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)0xA5931000 C:\DOCUME~1\pikay2k\LOCALS~1\Temp\mbr.sys 28672 bytes0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)0xBA398000 C:\WINDOWS\system32\DRIVERS\vncmirror.sys 28672 bytes (RealVNC Ltd., VNC Mirror Miniport)0xBA3E0000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)0xBA3C8000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)0xBA3D0000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)0xBA480000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)0xBA488000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)0xBA408000 C:\WINDOWS\System32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)0xBA4B0000 C:\WINDOWS\System32\Drivers\Arctosa.sys 20480 bytes (Razer USA Ltd., Razer Arctosa Keyboard Driver)0xBA3C0000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)0xBA478000 C:\WINDOWS\System32\DRIVERS\irsir.sys 20480 bytes (Microsoft Corporation, Serial Infrared Driver)0xBA490000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)0xBA4A0000 C:\WINDOWS\system32\drivers\pstrip.sys 20480 bytes (EnTech Taiwan, PowerStrip support NT kernel-mode driver)0xBA3B0000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)0xBA3A0000 C:\WINDOWS\System32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)0xBA3B8000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)0xBA3A8000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)0xBA468000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)0xBA350000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)0xB4794000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)0xBA55C000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)0xA28F7000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)0xB5BBD000 C:\WINDOWS\system32\drivers\ScreamingBAudio.sys 16384 bytes (Screaming Bee LLC, Screaming Bee Audio Driver)0xB9C7A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)0xA613D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)0xB5BC1000 C:\WINDOWS\System32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)0xB47A0000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)0xB9C76000 C:\WINDOWS\System32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)0xB479C000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)0xB5BB5000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)0xA5C60000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)0xB4832000 C:\WINDOWS\System32\Drivers\Salmosa.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Salmosa USB Optical Mouse Driver)0xB9C86000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)0xA21B4000 C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys 12288 bytes (Realtime Soft Ltd, UltraMon Utility Driver)0xB4780000 C:\WINDOWS\System32\Drivers\vulfntr.sys 12288 bytes (VIA Technologies, Inc., VIA USB Roothub Lower Filter Driver)0xB5BC5000 C:\WINDOWS\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)0xBA668000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)0xBA66E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes0xBA666000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)0xBA66A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)0xBA66C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)0xBA5F0000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)0xBA612000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)0xBA5EA000 C:\WINDOWS\System32\Drivers\vulfnth.sys 8192 bytes (VIA Technologies, Inc., VIA USB Host Controller Lower Filter Driver)0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)0xBA6D7000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)0xBA6B2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)0xBA7B3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)0xBA7CF000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)0x8AC2F1F8 unknown_irp_handler 3592 bytes0x8AC321F8 unknown_irp_handler 3592 bytes0x8A8801F8 unknown_irp_handler 3592 bytes0x8AC331F8 unknown_irp_handler 3592 bytes0x89E4B1F8 unknown_irp_handler 3592 bytes0x89E391F8 unknown_irp_handler 3592 bytes0x89E1C1F8 unknown_irp_handler 3592 bytes0x8A9E0368 unknown_irp_handler 3224 bytes0x8A94E500 unknown_irp_handler 2816 bytes0x8A9C2500 unknown_irp_handler 2816 bytes0x8A985500 unknown_irp_handler 2816 bytes==============================================>Stealth==============================================0x06030000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 102400 bytes0x063D0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 102400 bytes0x012C0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 110592 bytes0x058C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 110592 bytes0x00D20000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 118784 bytes0x03930000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 118784 bytes0x7A4D0000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 1196032 bytes0x07300000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 1232896 bytes0x7AA10000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 143360 bytes0x04CF0000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 167936 bytes0x06F40000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 1748992 bytes0x07840000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 192512 bytes0x06370000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 208896 bytes0x07190000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 217088 bytes0x79EE0000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 2375680 bytes0x06790000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 282624 bytes0x03690000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 28672 bytes0x012C0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 28672 bytes0x012B0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x012E0000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x039F0000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x03D40000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x03E20000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x03E40000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x03EA0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x043A0000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x04390000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x04D30000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x04DC0000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x04D70000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x04DE0000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x04F20000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05D80000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x055E0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x057A0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x058B0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05CA0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05D20000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05CF0000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05D40000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x06300000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05DB0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05E20000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05E40000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05EE0000 Hidden Image-->atixclib.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05F30000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x05F60000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x06130000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x060B0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x06140000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x06160000 Hidden Image-->Branding.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x061B0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x062E0000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x06310000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x06340000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x06400000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x068D0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 28672 bytes0x036B0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 307200 bytes0x03330000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 307200 bytes0x07590000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 364544 bytes0x03D60000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 36864 bytes0x03980000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x039D0000 Hidden Image-->AxInterop.WBOCXLib.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x03A80000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x03E80000 Hidden Image-->Interop.WBOCXLib.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x05610000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x05730000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x058E0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x05760000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x05A10000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x05A00000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x05F20000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x06180000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x06700000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 36864 bytes0x7B0B0000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 380928 bytes0x04C90000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 389120 bytes0x07530000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 389120 bytes0x06940000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 405504 bytes0x06510000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 413696 bytes0x060C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 421888 bytes0x06720000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 421888 bytes0x7B2E0000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 4476928 bytes0x01220000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 45056 bytes0x01290000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 45056 bytes0x03D30000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 45056 bytes0x00DB0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 45056 bytes0x012A0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 45056 bytes0x03390000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 45056 bytes0x03A10000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 45056 bytes0x055C0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 45056 bytes0x05720000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 45056 bytes0x043C0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 487424 bytes0x039E0000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x03A70000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x03D60000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x04300000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x055B0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x05590000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x055A0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x05CD0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x05D30000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x06020000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x06800000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 53248 bytes0x05F90000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 585728 bytes0x075F0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 585728 bytes0x039B0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 61440 bytes0x05740000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 61440 bytes0x05C70000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 61440 bytes0x05DC0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 61440 bytes0x05DE0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 61440 bytes0x796B0000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 6197248 bytesWARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]0x7A340000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 659456 bytes0x7A1D0000 Hidden Image-->System.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 671744 bytes0x03990000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 69632 bytes0x03950000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 69632 bytes0x05C50000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 69632 bytes0x05F40000 Hidden Image-->APM.Server.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 69632 bytes0x067E0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 69632 bytes0x06640000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 749568 bytes0x012A0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x89CD7400 ] PID: 2216, 77824 bytes0x03300000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 77824 bytes0x055F0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 77824 bytes0x05780000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 77824 bytes0x05B20000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 77824 bytes0x05CB0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 77824 bytes0x05D50000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 77824 bytes0x06350000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 77824 bytes0x7AAE0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x8936B9E0 ] PID: 512, 847872 bytes0x03A40000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 86016 bytes0x05C80000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 86016 bytes0x06320000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 86016 bytes0x07760000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x89C2D260 ] PID: 2408, 888832 bytes Link to post Share on other sites More sharing options...
Gammo Posted January 12, 2011 ID:373124 Share Posted January 12, 2011 Hi,Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them: Click meIf you can't disable them then just continue on.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. Link to post Share on other sites More sharing options...
pikay2k Posted January 14, 2011 Author ID:373751 Share Posted January 14, 2011 C:\ComboFix.txtComboFix 11-01-12.04 - pikay2k 3/2011 Thu 19:43:55.1.4 - x86Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.1791.568 [GMT -5:00]Running from: c:\documents and settings\pikay2k\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}. Error: Cfiles.dat((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\pikay2k\Recent\Thumbs.dbc:\progra~1\COMMON~1\{B0587~1c:\progra~1\COMMON~1\{B0587~2c:\program files\Common Files\ppatch~1c:\program files\icroso~1.netc:\program files\safety barc:\program files\safety bar\Uninstall.batc:\program files\WinPCapc:\program files\WinPCap\daemon_mgm.exec:\program files\WinPCap\NetMonInstaller.exec:\program files\WinPCap\npf_mgm.exec:\program files\WinPCap\rpcapd.exec:\program files\WinPCap\Uninstall.exec:\windows\fnts~1c:\windows\system32\componentsc:\windows\system32\ymante~1.((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 ))))))))))))))))))))))))))))))).2011-01-13 20:19 . 2010-11-10 01:33 6273872 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E874325E-ECC5-43F3-B674-69F2E7958280}\mpengine.dll2011-01-13 09:39 . 2008-02-27 15:54 20480 ----a-w- c:\windows\system32\drivers\WLNdis50.sys2011-01-13 09:39 . 2008-06-10 04:29 637312 ----a-w- c:\windows\system32\drivers\rt2860.sys2011-01-13 09:39 . 2008-06-10 04:28 438272 ----a-w- c:\windows\system32\RaCoInst.dll2011-01-07 06:11 . 2011-01-07 06:11 -------- d-----w- c:\documents and settings\pikay2k\Application Data\Malwarebytes2011-01-07 06:10 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-01-07 06:10 . 2011-01-07 06:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes2011-01-07 06:10 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-01-07 06:10 . 2011-01-07 06:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-01-07 00:36 . 2011-01-07 01:23 -------- d-----w- C:\Mame32UIFX2011-01-07 00:21 . 2011-01-07 00:21 73216 ----a-w- c:\windows\ST6UNST.EXE2011-01-04 22:39 . 2011-01-04 22:39 -------- d-----w- c:\program files\LogMeIn Hamachi2011-01-01 19:33 . 2002-08-15 15:11 344064 ----a-r- c:\windows\system32\msvcr70.dll2011-01-01 19:33 . 2002-01-05 08:40 487424 ----a-r- c:\windows\system32\msvcp70.dll2010-12-25 18:05 . 2010-12-25 18:05 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer2010-12-25 17:57 . 2010-12-25 17:57 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll2010-12-25 17:57 . 2010-12-25 17:57 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll2010-12-25 17:57 . 2010-12-25 17:57 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll2010-12-25 17:57 . 2010-12-25 17:57 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll2010-12-25 17:57 . 2010-12-25 17:57 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll2010-12-25 17:57 . 2010-12-25 17:57 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll2010-12-25 17:57 . 2010-12-25 17:57 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll2010-12-25 17:54 . 2010-12-25 17:54 -------- d-----w- c:\program files\Bonjour2010-12-18 21:46 . 2010-12-18 21:46 -------- d-----w- c:\program files\Common Files\Skype2010-12-15 23:41 . 2009-03-18 21:35 26176 ---ha-w- c:\windows\system32\hamachi.sys2010-12-15 01:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2010-12-15 01:19 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-08 10:53 . 2010-12-08 10:53 1247360 ----a-w- c:\windows\system32\GIMEJa.ime2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-11-18 18:12 . 2008-12-24 12:31 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-10 01:33 . 2010-11-29 16:00 6273872 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2010-11-09 14:52 . 2002-08-29 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll2010-11-06 00:34 . 2002-08-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:34 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll2010-11-06 00:34 . 2002-08-29 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl2010-11-06 00:34 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll2010-11-03 12:25 . 2004-08-04 05:59 389120 ------w- c:\windows\system32\html.iec2010-11-02 15:17 . 2002-08-29 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys2010-10-28 13:13 . 2002-08-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25 . 2002-08-29 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys2010-10-19 20:51 . 2010-11-26 01:12 222080 ------w- c:\windows\system32\MpSigStub.exe2008-03-27 19:54 . 2007-03-18 23:17 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll2008-03-27 19:54 . 2007-03-18 23:17 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll2008-03-27 19:54 . 2007-03-18 23:17 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll2008-03-27 19:54 . 2007-03-18 23:18 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll2008-03-27 19:54 . 2007-03-18 23:18 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2009-12-09 01:19 94208 ----a-w- c:\documents and settings\pikay2k\Application Data\Dropbox\bin\DropboxExt.13.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2009-12-09 01:19 94208 ----a-w- c:\documents and settings\pikay2k\Application Data\Dropbox\bin\DropboxExt.13.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2009-12-09 01:19 94208 ----a-w- c:\documents and settings\pikay2k\Application Data\Dropbox\bin\DropboxExt.13.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-02-19 418632]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]"Google Update"="c:\documents and settings\pikay2k\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-24 135664][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]"BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]"nwiz"="nwiz.exe" [2008-09-18 1657376]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]"Arctosa"="c:\program files\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]"Salmosa"="c:\program files\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe" [2010-10-11 273672]"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]c:\documents and settings\pikay2k\Start Menu\Programs\Startup\Dropbox.lnk - c:\documents and settings\pikay2k\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]Shortcut to UltraMon.lnk - c:\program files\UltraMon\UltraMon.exe [2008-9-29 731648]c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-623PI\WlanCU.exe [2011-1-13 368640][HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]Source= c:\documents and settings\pikay2k\my documents\My Pictures\Boot\Desktops\1236552402862.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]Source= c:\documents and settings\pikay2k\my documents\My Pictures\1239646305223.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\10]Source= c:\documents and settings\pikay2k\My Documents\My Pictures\1232332158473.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]Source= c:\documents and settings\pikay2k\my documents\My Pictures\1240675005735.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]Source= c:\documents and settings\pikay2k\my documents\My Pictures\1236461980096.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]Source= c:\documents and settings\pikay2k\my documents\My Pictures\1231620193344.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]Source= c:\documents and settings\pikay2k\My Documents\My Pictures\1229821083979.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]Source= c:\documents and settings\pikay2k\My Documents\My Pictures\Boot\tmpphpjKlhHd.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]Source= c:\documents and settings\pikay2k\My Documents\My Pictures\1227056810829.jpgFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]Source= c:\documents and settings\pikay2k\my documents\My Pictures\1236468919251.pngFriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\9]Source= c:\documents and settings\pikay2k\My Documents\My Pictures\1237512686665.jpgFriendlyName= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210411] Ime File REG_SZ GIMEJA.IME[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\utorrent\\utorrent.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Songbird\\songbird.exe"="c:\\Program Files\\Songbird-1.1.0pre_935\\songbird.exe"="c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"="c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"="g:\\Downloads\\[shanghai Alice] Touhou 01-9.5\\Phatasmagoria of Flower View\\kaei\\kaei\\th09e.exe"="c:\\Program Files\\iPhoneBrowser\\iPhoneBrowser.exe"="c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"="c:\\Program Files\\AIM7\\aim.exe"="c:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\ApacheMonitor.exe"="c:\\Program Files\\Abyss Web Server X2 v 2.5\\abyssws.exe"="c:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\Messenger Plus! Live\\Scripts\\File Transfer Plus 1.1\\transferplus.exe"="c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"="c:\\Documents and Settings\\pikay2k\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Desktop\\Touhou\\th123\\th123\\th123.exe"="c:\\Program Files\\SHOUTcast\\sc_serv.exe"="c:\\Program Files\\Adobe\\Adobe Flash Builder 4\\FlashBuilder.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="c:\\Program Files\\Pale Moon\\palemoon.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\07th_Expansion\\?????\\GameMain.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\07th_Expansion\\ Link to post Share on other sites More sharing options...
Gammo Posted January 15, 2011 ID:374472 Share Posted January 15, 2011 Hi,Download TFC to your desktopOpen the file and close any other windows.It will close all programs itself when run, make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its jobOnce its finished it should reboot your machine, if not, do this yourself to ensure a complete clean~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Start Malwarebytes' Anti-MalwareOnce the program has loaded, click the "Update" tab and click the "Check For updates" button.Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push Link to post Share on other sites More sharing options...
pikay2k Posted January 20, 2011 Author ID:376965 Share Posted January 20, 2011 Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5534Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.131/16/2011 6:09:14 PMmbam-log-2011-01-16 (18-09-14).txtScan type: Quick scanObjects scanned: 441Time elapsed: 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)ESETC:\agth\agth.dll probably a variant of Win32/AGTH.A application cleaned by deleting - quarantinedC:\Desktop\Translation Aggregator 0.3.4\AGTH TUTORIAL\AGTH TUTORIAL\agth.rar probably a variant of Win32/AGTH.A application deleted - quarantinedC:\System Volume Information\_restore{03DB89BF-96AC-4D4D-A8C4-9AED85603B9B}\RP782\A0162979.dll probably a variant of Win32/AGTH.A application cleaned by deleting - quarantinedI do know what agth.dll is, actually. I know the file is clean, it just uses the .dll to hook onto certain programs in order to extract text. Link to post Share on other sites More sharing options...
Gammo Posted January 20, 2011 ID:376994 Share Posted January 20, 2011 Hi,Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. Remove Combofix now that we're done with it.Please press the Windows Key and R on your keyboard. This will bring up the Run... command.Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")Please follow the prompts to uninstall Combofix.You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Download OTC to your desktop and run itA list of tool components used in the Cleanup of malware will be downloaded.If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.Click Yes to begin the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Keep a backup of your important filesNow, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Make proper use of your anti-virus and firewallYou should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Keep all your software updatedIt is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Use a safer web browserInternet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Some other security programsIt is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.SpywareBlaster to help prevent spyware from installing in the first place.MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Be carefulHaving security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Slow computer?If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!Cheers,Gammo Link to post Share on other sites More sharing options...
Staff screen317 Posted February 8, 2011 Staff ID:386349 Share Posted February 8, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts