Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Trojan: Fakespypro keeps coming back!

This is a discussion on Trojan: Fakespypro keeps coming back! within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello, I was recently browsing the internet and all of a sudden a green icon mimicking the windows update shield


Closed Thread
 
Thread Tools Search this Thread
Old 08-09-2010, 09:05 AM   #1
Registered Member
 
Join Date: Aug 2010
Location: Greater London
Posts: 11
OS: Windows XP SP3 32 bit


EEK!

Hello,
I was recently browsing the internet and all of a sudden a green icon mimicking the windows update shield appeared on the system tray. It claimed that I was infected and a fake anti-virus program ran called Antivir Pro. I didn't click on its links to an obviously dodgy website but it infected me anyway. It changed my proxys so that I could not use my browsers so I fix those so I could research what was going on.

Before I figured out about the proxys I turned on my netbook and that almost got infected too! The same situation with the fake shield but as soon as it happened I shut it down, and since scanning it, it has been fine.

My PC however is not. I restarted it after the virus infected and in normal mode the virus would not allow any .exes to execute. Therefore I could not run Malware Bytes which I found would get rid of it. Therefore I logged into safe mode ran Malware Bytes full scan and it got rid of a trojan called Fakespypro. Went back into normal mode and scanned fully again and it found some more things. After that everything was ok until the next day.

The next day I ran Microsoft Security Essentials, and did a full scan however as soon as it discovered the trojan fakespypro the virus came back AGAIN! It is almost as if because it found it, it triggered it again. My friend said it must be hiding somewhere so he suggested deleting entries in my system restore by turning it off and on then rescanning etc. I rescanned with Malware Bytes and since then it has been ok. However I need to make sure it is gone for good!

It seems this virus can travel through LAN therefore I need to make sure it is definitely gone as 4 PC systems are connected.

After looking around the internet for information on the virus it seems a lot of people have been effected in the last few days? I'm not sure how people are getting it but I think it came from browsing the net, maybe a dodgy website? All I know is I was researching photographs of 3D Modelled chairs as help on my portfolio work.

I ran GMER for 6 hours and it finished, then I tried to save the ark.txt and it froze and crashed the PC. Tried to run it again and it was working for 4 hours then crashed. Then I finally tried the basic GMER setup suggested an it restarted my PC.

DDS is below and Attach.txt is attached.

I have also got 4 logs for Malware Bytes if you would like to look at what it found!

I would really appreciate your help as I have hit a wall in my knowledge of getting rid of a virus.

Thanks,
Jess


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jess at 16:07:44.78 on 09/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1464 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\Program Files\Microsoft Security Essentials\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
I:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
I:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
I:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
I:\WINDOWS\system32\PnkBstrA.exe
I:\Program Files\CyberLink\Shared Files\RichVideo.exe
I:\WINDOWS\system32\svchost.exe -k imgsvc
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\CTXFIHLP.EXE
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\Program Files\Microsoft Security Essentials\msseces.exe
I:\Program Files\Common Files\Java\Java Update\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\FRAPS\FRAPS.EXE
I:\WINDOWS\SYSTEM32\CTXFISPI.EXE
I:\Program Files\EDIMAX\Common\RaUI.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Windows Live\Contacts\wlcomm.exe
I:\Documents and Settings\Jess\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - i:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - i:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - i:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - i:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - i:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Google Update] "i:\documents and settings\jess\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Fraps] i:\fraps\FRAPS.EXE
mRun: [IMJPMIG8.1] "i:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] i:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] i:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [StartCCC] "i:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [amd_dc_opt] i:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [MSSE] "i:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "i:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "i:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "i:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: i:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled
StartupFolder: i:\documents and settings\all users\start menu\programs\startup\Ralink Wireless Utility.lnk.disabled
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - i:\program files\edimax\common\RaUI.exe
IE: E&xport to Microsoft Excel - i:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - i:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - i:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - i:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - i:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - i:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;i:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 SASDIFSV;SASDIFSV;i:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;i:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;i:\program files\autodesk\3ds max 2009

\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
R3 CT20XUT.SYS;CT20XUT.SYS;i:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;i:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;i:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 RT80x86;Ralink 802.11n Wireless Driver;i:\windows\system32\drivers\rt2860.sys [2010-1-17 579456]
S3 ALSysIO;ALSysIO;\??\i:\docume~1\jess\locals~1\temp\alsysio.sys --> i:\docume~1\jess\locals~1\temp\ALSysIO.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;i:\program files\common files\creative labs

shared\service\CTAELicensing.exe [2008-11-13 79360]
S3 CT20XUT;CT20XUT;i:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;i:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;i:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 mdxgthkn;mdxgthkn;\??\i:\docume~1\jess\locals~1\temp\mdxgthkn.sys --> i:\docume~1\jess\locals~1\temp\mdxgthkn.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\i:\windows\system32\drivers\ndisprot.sys --> i:\windows\system32\drivers\Ndisprot.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-08-09 13:43:48 0 d-----w- i:\docume~1\jess\applic~1\SUPERAntiSpyware.com
2010-08-09 13:43:48 0 d-----w- i:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-09 13:43:38 0 d-----w- i:\program files\SUPERAntiSpyware
2010-08-08 22:34:27 0 d-----w- i:\docume~1\alluse~1\applic~1\RegCure
2010-08-08 02:27:42 0 d-----w- i:\program files\Auslogics
2010-08-08 02:27:04 0 d-----w- i:\program files\foobar2000
2010-08-07 23:11:33 0 d-----w- i:\docume~1\jess\applic~1\Malwarebytes
2010-08-07 22:55:38 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 22:55:37 0 d-----w- i:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-07 22:55:36 20952 ----a-w- i:\windows\system32\drivers\mbam.sys
2010-08-07 22:55:36 0 d-----w- i:\program files\Malwarebytes' Anti-Malware
2010-08-04 16:09:03 0 d-----w- i:\program files\Santiago Orgaz
2010-08-04 16:08:35 74072 ----a-w- i:\windows\system32\XAPOFX1_5.dll
2010-08-04 16:08:34 527192 ----a-w- i:\windows\system32\XAudio2_7.dll
2010-08-04 16:08:31 239960 ----a-w- i:\windows\system32\xactengine3_7.dll
2010-08-04 16:08:30 2106216 ----a-w- i:\windows\system32\D3DCompiler_43.dll
2010-08-04 16:08:29 1868128 ----a-w- i:\windows\system32\d3dcsx_43.dll
2010-08-04 16:08:28 470880 ----a-w- i:\windows\system32\d3dx10_43.dll
2010-08-04 16:08:28 248672 ----a-w- i:\windows\system32\d3dx11_43.dll
2010-08-04 16:08:27 1998168 ----a-w- i:\windows\system32\D3DX9_43.dll
2010-07-30 18:43:16 0 d-sh--w- i:\docume~1\alluse~1\applic~1\SecuROM
2010-07-26 18:40:50 2444656 ----a-w- i:\windows\system32\pbsvc_apb.exe
2010-07-16 01:46:15 0 d-----w- i:\docume~1\jess\applic~1\TS3Client
2010-07-16 01:45:15 0 d-----w- i:\program files\TeamSpeak 3 Client
2010-07-14 17:45:32 744448 -c----w- i:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2032-01-01 03:14:40 54776 ----a-w- i:\windows\fonts\BLOCKED_.TTF
2010-08-03 22:58:47 218464 ----a-w- i:\windows\system32\PnkBstrB.exe
2010-08-03 20:32:32 138624 ----a-w- i:\windows\system32\drivers\PnkBstrK.sys
2010-07-30 18:19:17 107888 ----a-w- i:\windows\system32\CmdLineExt.dll
2010-07-26 18:41:07 138056 ----a-w- i:\docume~1\jess\applic~1\PnkBstrK.sys
2010-07-26 18:40:51 75064 ----a-w- i:\windows\system32\PnkBstrA.exe
2010-06-25 13:47:17 30696 ---ha-w- i:\windows\system32\mlfcache.dat
2010-06-01 17:37:48 221568 ------w- i:\windows\system32\MpSigStub.exe
2010-05-18 15:35:16 91424 ----a-w- i:\windows\system32\dnssd.dll
2010-05-18 15:35:16 197920 ----a-w- i:\windows\system32\dnssdX.dll
2010-05-18 15:35:16 107808 ----a-w- i:\windows\system32\dns-sd.exe
2009-01-28 01:46:21 32768 --sha-w- i:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012820090129

\index.dat

============= FINISH: 16:07:52.20 ===============
Attached Files
File Type: txt Attach.txt (18.6 KB, 21 views)
neoncherry is offline  
Sponsored Links
Advertisement
 
Old 08-13-2010, 10:02 AM   #2
Registered Member
 
Join Date: Aug 2010
Location: Greater London
Posts: 11
OS: Windows XP SP3 32 bit



72 Hour Bump
neoncherry is offline  
Old 08-13-2010, 02:42 PM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello Jess,

I'd like for you to try this rootkit scanner before we begin. Please download Rootkit Unhooker and save it to your desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning. Please click OK to continue:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Sponsored Links
Advertisement
 
Old 08-15-2010, 08:33 AM   #4
Registered Member
 
Join Date: Aug 2010
Location: Greater London
Posts: 11
OS: Windows XP SP3 32 bit



Hey, I'm just doing the rootkit step!
neoncherry is offline  
Old 08-15-2010, 10:50 AM   #5
Registered Member
 
Join Date: Aug 2010
Location: Greater London
Posts: 11
OS: Windows XP SP3 32 bit



Hello, these are the results, btw my Windows drive is I:\



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF1CC000 I:\WINDOWS\System32\ati3duag.dll 3887104 bytes (ATI Technologies Inc. , ati3duag.dll)
0xB4DCE000 I:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3817472 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF9C5000 I:\WINDOWS\System32\ativvaxx.dll 2646016 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 I:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 I:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB05BF000 I:\WINDOWS\System32\drivers\CTEXFIFX.SYS 1339392 bytes (Creative Technology Ltd., Creative XFi Effects)
0xB083C000 I:\WINDOWS\system32\drivers\ha20x2k.sys 1191936 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))
0xB9EA6000 PCI_PNP6994 1052672 bytes
0xB9EA6000 spdl.sys 1052672 bytes
0xB9EA6000 sptd 1052672 bytes
0xB0747000 I:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xBF065000 I:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB4CBD000 I:\WINDOWS\system32\DRIVERS\RT2860.sys 581632 bytes (Ralink Technology, Corp., Ralink 802.11 Wireless Adapter Driver)
0xB9D2F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 I:\WINDOWS\System32\atikvmag.dll 536576 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB4C3E000 I:\WINDOWS\system32\drivers\ctaud2k.sys 520192 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xA42B7000 I:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB4B5F000 I:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA44AC000 I:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA1402000 I:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 I:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF181000 I:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBFFA0000 I:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA0DF5000 I:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB4BE5000 I:\WINDOWS\system32\drivers\ctoss2k.sys 217088 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB080C000 I:\WINDOWS\system32\drivers\emupia2k.sys 196608 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xB9E60000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA16AD000 I:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D02000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB0706000 I:\WINDOWS\System32\drivers\CT20XUT.SYS 180224 bytes (Creative Technology Ltd., Creative 20X Utility Effects)
0xA0877000 I:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA4327000 I:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB07E3000 I:\WINDOWS\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xB4D92000 I:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA4484000 I:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA445E000 I:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA11F6000 I:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB4C1A000 I:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB4D6E000 I:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB4D4B000 I:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA4538000 I:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xA443C000 I:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA4352000 I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 I:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DF8000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E30000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA4583000 I:\WINDOWS\system32\drivers\AtiHdmi.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xB9CE8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E18000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA429F000 I:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E8E000 I:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DCF000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB4BCE000 I:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB0732000 I:\WINDOWS\System32\drivers\CTHWIUT.SYS 86016 bytes (Creative Technology Ltd., Creative Utility Effects)
0xA15D0000 I:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB4DBA000 I:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA4505000 I:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9DBC000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 I:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DE6000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA1597000 I:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xB9E4F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB4BBD000 I:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA308000 I:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1C8000 I:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB51E2000 I:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB51F2000 I:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB5172000 I:\WINDOWS\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xBA2B8000 I:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB51D2000 I:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1D8000 I:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA1892000 I:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA238000 I:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 I:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA178000 I:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA108000 I:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB51C2000 I:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB51A2000 I:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2D8000 I:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB5202000 I:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB51B2000 I:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1F8000 I:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xA14D1000 I:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB5182000 I:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA148000 I:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB5192000 I:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2A8000 I:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA06A7000 I:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA298000 I:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA450000 I:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xBA3C0000 I:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3E0000 I:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA438000 I:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA448000 I:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3A8000 I:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 I:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3D0000 I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA440000 I:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA470000 I:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA478000 I:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3C8000 I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA3B0000 I:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA480000 I:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xBA490000 I:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA3B8000 I:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA460000 I:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA468000 I:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA458000 I:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA430000 I:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA3F0000 I:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA54C000 I:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA59C000 I:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA588000 I:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 I:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA55C000 I:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB5891000 I:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA544000 I:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA590000 I:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9CC0000 I:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA4567000 I:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe 12288 bytes (Windows (R) 2000 DDK provider, StyleXP)
0xBA58C000 I:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA644000 I:\Program Files\CyberLink\PowerDVD\000.fcl 8192 bytes (Cyberlink Corp., FCL Driver)
0xBA64C000 I:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA65A000 I:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA64A000 I:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 I:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA64E000 I:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA650000 I:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D2000 I:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5EE000 I:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 I:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6E8000 I:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7BA000 I:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6FD000 I:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA717000 I:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
0x8A8921F8 unknown_irp_handler 3592 bytes
0x88FF71F8 unknown_irp_handler 3592 bytes
0x8A6021F8 unknown_irp_handler 3592 bytes
0x8A8221F8 unknown_irp_handler 3592 bytes
0x8902E1F8 unknown_irp_handler 3592 bytes
0x8A58E500 unknown_irp_handler 2816 bytes
0x8901B500 unknown_irp_handler 2816 bytes
0x8A503500 unknown_irp_handler 2816 bytes
0x89025500 unknown_irp_handler 2816 bytes
0x88FCE500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x05980000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 102400 bytes
0x06BA0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 1150976 bytes
0x00D30000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x88BC1820 ] PID: 2316, 118784 bytes
0x01280000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 118784 bytes
0x06250000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 118784 bytes
0x06200000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 135168 bytes
0x06190000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 151552 bytes
0x06700000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 1699840 bytes
0x059A0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 217088 bytes
0x061C0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 233472 bytes
0x00F00000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x88BC1820 ] PID: 2316, 28672 bytes
0x01130000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x88BC1820 ] PID: 2316, 28672 bytes
0x05400000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x03EB0000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x00DB0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x00D80000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x03E40000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x040F0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04390000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04380000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x043B0000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04560000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04550000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04820000 Hidden Image-->Branding.dll [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04840000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x050A0000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04B30000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04B40000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04B60000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04BB0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04C60000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05230000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x050E0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x050C0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x052B0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05480000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05510000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05550000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x055F0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x055A0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05A80000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05A60000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05950000 Hidden Image-->atixclib.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05940000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05970000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x059F0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05A20000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05C90000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05C00000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05C10000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x05C40000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x064B0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 28672 bytes
0x04BF0000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 299008 bytes
0x037C0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x88BC1820 ] PID: 2316, 36864 bytes
0x037D0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x88BC1820 ] PID: 2316, 36864 bytes
0x00D50000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x038B0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x03E90000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x03ED0000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x04110000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x04830000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x04A70000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x04AE0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x04B20000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x04C50000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x052D0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x055C0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x05C20000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 36864 bytes
0x06660000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 372736 bytes
0x072B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 372736 bytes
0x05B90000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 413696 bytes
0x064F0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 413696 bytes
0x06EC0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 446464 bytes
0x00D60000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x88BC1820 ] PID: 2316, 45056 bytes
0x00DD0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x88BC1820 ] PID: 2316, 45056 bytes
0x00D70000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 45056 bytes
0x00DF0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 45056 bytes
0x03E60000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 45056 bytes
0x04AB0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 45056 bytes
0x054F0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 45056 bytes
0x05590000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 45056 bytes
0x05610000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 45056 bytes
0x04580000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x88CF24F0 ] PID: 3892, 454656 bytes
0x07230000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 462848 bytes
0x06270000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 503808 bytes
0x04690000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 512000 bytes
0x03E30000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x03E20000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x03E80000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x04120000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x044C0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x04AA0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x052C0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x05630000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x05930000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x05C30000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x05D30000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 53248 bytes
0x05CA0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 552960 bytes
0x07310000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 602112 bytes
0x04A90000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 61440 bytes
0x04AD0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 61440 bytes
0x056D0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 61440 bytes
0x05750000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 61440 bytes
WARNING: File locked for read access [I:\WINDOWS\system32\drivers\sptd.sys]
0x06FE0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 684032 bytes
0x07550000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 684032 bytes
0x00DE0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x88BC1820 ] PID: 2316, 69632 bytes
0x00DC0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 69632 bytes
0x03890000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 69632 bytes
0x04BC0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 69632 bytes
0x05450000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 69632 bytes
0x056F0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 69632 bytes
0x056A0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 69632 bytes
0x06AF0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 700416 bytes
0x062F0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 724992 bytes
0x04AF0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 77824 bytes
0x05280000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 77824 bytes
0x05570000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 77824 bytes
0x07160000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 806912 bytes
0x07480000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 823296 bytes
0x00D90000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 86016 bytes
0x03E00000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 86016 bytes
0x05520000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 86016 bytes
0x05660000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 86016 bytes
0x05A40000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 86016 bytes
0x050F0000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 94208 bytes
0x05710000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x88CF24F0 ] PID: 3892, 94208 bytes
==============================================
>Files
==============================================
!-->[Hidden] I:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{CCAC36E2-83A7-4AC4-BE8E-AEB807661181}
!-->[Hidden] I:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb::$DATA
!-->[Hidden] I:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb::$DATA
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[2044]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2044]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2044]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2044]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2044]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2044]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[2044]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
neoncherry is offline  
Old 08-15-2010, 09:23 PM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thank you. Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 08-16-2010, 09:05 AM   #7
Registered Member
 
Join Date: Aug 2010
Location: Greater London
Posts: 11
OS: Windows XP SP3 32 bit



Hello, here is the CombiFix log...


ComboFix 10-08-15.04 - Jess 16/08/2010 15:54:59.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1486 [GMT 1:00]
Running from: i:\documents and settings\Jess\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\documents and settings\All Users\Application Data\vlc-0.9.9-win32.exe
i:\documents and settings\Jess\System
i:\documents and settings\Jess\System\win_qs8.jqx
J:\resycled
j:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-15 23:05 . 2010-08-15 23:06 -------- d-----w- i:\documents and settings\Jess\Application Data\vlc
2010-08-15 01:25 . 2010-08-15 01:25 35840 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\0542BFF0C7A449DEAF051AB2D4F66F51\SkypeTwitterUpdate.exe
2010-08-15 01:25 . 2010-08-15 01:25 180224 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\0542BFF0C7A449DEAF051AB2D4F66F51\Interop.SKYPE4COMLib.dll
2010-08-15 01:23 . 2010-08-15 01:23 1585608 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-08-15 01:21 . 2010-08-15 01:21 147456 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\FAD056AD55AA4877BB40184CF49E754C\Interop.SKYPE4COMLib.dll
2010-08-15 01:21 . 2010-08-15 01:21 14328 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\FAD056AD55AA4877BB40184CF49E754C\Skype_uzrasai_ENG.vshost.exe
2010-08-15 01:21 . 2010-08-15 01:21 119808 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\FAD056AD55AA4877BB40184CF49E754C\Skype_uzrasai_ENG.exe
2010-08-10 22:05 . 2010-08-10 22:05 -------- d-----w- i:\documents and settings\Jess\Local Settings\Application Data\2K Games
2010-08-09 23:43 . 2010-08-09 23:43 -------- d-----w- i:\documents and settings\All Users\Application Data\FLEXnet
2010-08-09 18:55 . 2010-08-09 18:55 503808 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-423833c6-n\msvcp71.dll
2010-08-09 18:55 . 2010-08-09 18:55 499712 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-423833c6-n\jmc.dll
2010-08-09 18:55 . 2010-08-09 18:55 348160 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-423833c6-n\msvcr71.dll
2010-08-09 18:55 . 2010-08-09 18:55 61440 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-798b26ac-n\decora-sse.dll
2010-08-09 18:55 . 2010-08-09 18:55 12800 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-798b26ac-n\decora-d3d.dll
2010-08-09 13:49 . 2010-08-09 13:49 63488 ----a-w- i:\documents and settings\Jess\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-09 13:48 . 2010-08-09 13:48 52224 ----a-w- i:\documents and settings\Jess\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-09 13:48 . 2010-08-09 13:48 117760 ----a-w- i:\documents and settings\Jess\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-09 13:43 . 2010-08-09 13:43 -------- d-----w- i:\documents and settings\Jess\Application Data\SUPERAntiSpyware.com
2010-08-09 13:43 . 2010-08-09 13:43 -------- d-----w- i:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-09 13:43 . 2010-08-09 13:43 -------- d-----w- i:\program files\SUPERAntiSpyware
2010-08-08 22:34 . 2010-08-08 22:34 -------- d-----w- i:\documents and settings\All Users\Application Data\RegCure
2010-08-08 22:28 . 2010-08-16 14:52 -------- d---a-w- i:\documents and settings\All Users\Application Data\TEMP
2010-08-08 02:27 . 2010-08-08 02:27 -------- d-----w- i:\program files\Auslogics
2010-08-08 02:27 . 2010-08-08 02:27 -------- d-----w- i:\program files\foobar2000
2010-08-07 23:11 . 2010-08-07 23:11 -------- d-----w- i:\documents and settings\Jess\Application Data\Malwarebytes
2010-08-07 22:55 . 2010-08-07 22:55 -------- d-----w- i:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-07 22:55 . 2010-04-29 14:39 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 22:55 . 2010-08-07 22:55 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 22:55 . 2010-08-07 22:55 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2010-08-07 22:55 . 2010-04-29 14:39 20952 ----a-w- i:\windows\system32\drivers\mbam.sys
2010-08-07 22:48 . 2010-08-07 22:48 -------- d-sh--w- i:\documents and settings\Administrator\PrivacIE
2010-08-07 21:50 . 2010-08-07 21:50 35392 ----a-w- i:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-07 21:02 . 2010-08-07 21:02 297728 ----a-w- i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D96B2E11-12D1-F81F-51D3-8684FFC32947}-qruqciwtssd.exe
2010-08-07 20:43 . 2010-08-07 23:09 -------- d-----w- i:\documents and settings\Jess\Local Settings\Application Data\udqkocwys
2010-08-04 16:09 . 2010-08-04 16:09 -------- d-----w- i:\program files\Santiago Orgaz
2010-08-04 16:08 . 2010-06-02 03:55 74072 ----a-w- i:\windows\system32\XAPOFX1_5.dll
2010-08-04 16:08 . 2010-06-02 03:55 527192 ----a-w- i:\windows\system32\XAudio2_7.dll
2010-08-04 16:08 . 2010-06-02 03:55 239960 ----a-w- i:\windows\system32\xactengine3_7.dll
2010-08-04 16:08 . 2010-05-26 10:41 2106216 ----a-w- i:\windows\system32\D3DCompiler_43.dll
2010-08-04 16:08 . 2010-05-26 10:41 1868128 ----a-w- i:\windows\system32\d3dcsx_43.dll
2010-08-04 16:08 . 2010-05-26 10:41 470880 ----a-w- i:\windows\system32\d3dx10_43.dll
2010-08-04 16:08 . 2010-05-26 10:41 248672 ----a-w- i:\windows\system32\d3dx11_43.dll
2010-08-04 16:08 . 2010-05-26 10:41 1998168 ----a-w- i:\windows\system32\D3DX9_43.dll
2010-08-02 14:23 . 2010-08-02 14:23 -------- d-----w- i:\program files\Common Files\Skype
2010-07-30 18:43 . 2010-07-30 18:43 -------- d-sh--w- i:\documents and settings\All Users\Application Data\SecuROM
2010-07-26 18:40 . 2010-06-09 16:20 2444656 ----a-w- i:\windows\system32\pbsvc_apb.exe
2010-07-18 22:27 . 2010-07-18 22:27 -------- d-----w- i:\documents and settings\Jess\Local Settings\Application Data\NCSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 02:05 . 2009-05-19 00:56 -------- d-----w- i:\documents and settings\Jess\Application Data\Skype
2010-08-15 01:20 . 2009-05-19 00:57 -------- d-----w- i:\documents and settings\Jess\Application Data\skypePM
2010-08-14 03:30 . 2008-10-02 23:44 218464 ----a-w- i:\windows\system32\PnkBstrB.exe
2010-08-13 23:40 . 2008-10-02 23:45 138624 ----a-w- i:\windows\system32\drivers\PnkBstrK.sys
2010-08-13 01:20 . 2009-06-09 20:03 93 ----a-w- i:\windows\popcinfo.dat
2010-08-10 22:05 . 2009-10-08 17:21 -------- d-----w- i:\program files\NVIDIA Corporation
2010-08-10 22:05 . 2009-08-23 23:29 -------- d-----w- i:\program files\Common Files\Wise Installation Wizard
2010-08-08 22:41 . 2008-10-19 11:53 -------- d-----w- i:\program files\RegCure
2010-08-08 20:54 . 2009-03-13 14:21 -------- d-----w- i:\documents and settings\All Users\Application Data\Rosetta Stone
2010-08-08 20:54 . 2008-09-18 00:36 -------- d-----w- i:\program files\Opera
2010-08-08 05:45 . 2009-08-22 13:07 -------- d-----w- i:\program files\Common Files\Blizzard Entertainment
2010-08-08 02:49 . 2009-01-13 11:57 -------- d-----w- i:\program files\Red Kawa
2010-08-08 02:36 . 2008-09-17 20:18 -------- d--h--w- i:\program files\InstallShield Installation Information
2010-08-02 14:24 . 2009-05-19 00:56 -------- d-----r- i:\program files\Skype
2010-08-02 14:23 . 2009-05-19 00:56 -------- d-----w- i:\documents and settings\All Users\Application Data\Skype
2010-08-01 14:02 . 2008-10-02 13:04 -------- d-----w- i:\program files\Common Files\BioWare
2010-07-30 18:19 . 2008-09-21 19:14 107888 ----a-w- i:\windows\system32\CmdLineExt.dll
2010-07-26 18:41 . 2008-10-02 23:45 138056 ----a-w- i:\documents and settings\Jess\Application Data\PnkBstrK.sys
2010-07-26 18:41 . 2008-10-02 23:45 138056 ----a-w- i:\documents and settings\Jess\Application Data\PnkBstrK.sys
2010-07-26 18:40 . 2008-10-02 23:44 75064 ----a-w- i:\windows\system32\PnkBstrA.exe
2010-07-26 18:01 . 2008-10-17 09:58 214 ----a-w- i:\windows\popcinfot.dat
2010-07-25 01:32 . 2008-09-30 17:50 -------- d-----w- i:\documents and settings\Jess\Application Data\Winamp
2010-07-24 12:20 . 2008-09-30 17:50 -------- d-----w- i:\program files\Winamp
2010-07-24 12:20 . 2010-01-18 17:08 -------- d-----w- i:\program files\Winamp Detect
2010-07-16 02:21 . 2010-07-16 01:46 -------- d-----w- i:\documents and settings\Jess\Application Data\TS3Client
2010-07-16 01:45 . 2010-07-16 01:45 -------- d-----w- i:\program files\TeamSpeak 3 Client
2010-07-15 12:26 . 2008-09-21 17:35 -------- d-----w- i:\program files\ZBrush3
2010-07-03 11:16 . 2010-01-28 20:08 -------- d-----w- i:\program files\Microsoft Security Essentials
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- i:\windows\system32\schannel.dll
2010-06-25 13:47 . 2010-06-25 13:47 30696 ---ha-w- i:\windows\system32\mlfcache.dat
2010-06-25 12:23 . 2010-06-25 12:22 -------- d-----w- i:\program files\iTunes
2010-06-25 12:23 . 2010-06-25 12:22 -------- d-----w- i:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-25 12:22 . 2010-06-25 12:22 -------- d-----w- i:\program files\iPod
2010-06-25 12:22 . 2009-01-13 11:07 -------- d-----w- i:\program files\Common Files\Apple
2010-06-25 12:20 . 2010-06-25 12:20 -------- d-----w- i:\program files\QuickTime
2010-06-25 12:17 . 2008-10-04 15:43 -------- d-----w- i:\program files\Bonjour
2010-06-25 12:13 . 2010-06-25 12:13 72504 ----a-w- i:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- i:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- i:\windows\system32\win32k.sys
2010-06-21 17:03 . 2009-05-17 17:43 -------- d-----w- i:\program files\Microsoft Silverlight
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- i:\windows\system32\drivers\srv.sys
2010-06-20 21:30 . 2010-06-20 21:30 -------- d-----w- i:\program files\Common Files\Java
2010-06-20 21:30 . 2008-11-01 10:20 -------- d-----w- i:\program files\Java
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- i:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-09-17 19:56 744448 ----a-w- i:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- i:\windows\system32\msxml3.dll
2010-06-01 17:37 . 2010-01-28 20:11 221568 ------w- i:\windows\system32\MpSigStub.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- i:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- i:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- i:\windows\system32\dns-sd.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- i:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- i:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="i:\documents and settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-24 136176]
"Fraps"="i:\fraps\FRAPS.EXE" [2008-09-11 3305128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="i:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"PHIME2002ASync"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"amd_dc_opt"="i:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSSE"="i:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="i:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

i:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk.disabled [2008-9-21 1737]
Ralink Wireless Utility.lnk.disabled [2008-9-17 1621]
Wireless Utility.lnk - i:\program files\EDIMAX\Common\RaUI.exe [2010-1-17 716800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
path=
backup=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=i:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide
"Gainward"=i:\program files\EXPERTool ATI\TBPanel.exe /A
"EA Core"="i:\program files\Electronic Arts\EADM\Core.exe" -silent
"AdobeBridge"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LanguageShortcut"="i:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="i:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"NeroCheck"=i:\windows\system32\NeroCheck.exe
"VolPanel"="i:\program files\Creative\Volume Panel\VolPanlu.exe" /r
"SunJavaUpdateSched"="i:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" -atboottime
"AdobeCS4ServiceManager"="i:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"i:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"i:\\WINDOWS\\system32\\PnkBstrA.exe"=
"i:\\WINDOWS\\system32\\PnkBstrB.exe"=
"i:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"i:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"i:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"i:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"j:\\Games\\Steam\\steamapps\\jjjapan\\team fortress 2\\hl2.exe"=
"i:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"j:\\Games\\Civilization 4 Complete\\Civilization4.exe"=
"j:\\Games\\Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"j:\\Games\\Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"i:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"i:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"i:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"i:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"j:\\Games\\STEAM\\Steam.exe"=
"j:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"j:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman codename 47\\Hitman.Exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman codename 47\\Setup.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman 2 silent assassin\\hitman2.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman 2 silent assassin\\config.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\metro 2033\\metro2033.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman blood money\\configure.exe"=
"j:\\Games\\Death is Sleep\\SleepIsDeath_v15b\\SleepIsDeath.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\alien swarm\\srcds.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\all points bulletin eu\\Launcher\\APBLauncher.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\all points bulletin eu\\Binaries\\APB.exe"=
"i:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\grand theft auto san andreas\\gta-sa.exe"=
"j:\\Games\\MTA SA\\Multi Theft Auto.exe"=
"j:\\Games\\MTA SA\\server\\MTA Server.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\alien swarm\\swarm.exe"=
"j:\\Games\\STEAM\\steamapps\\jjjapan\\counter-strike source\\hl2.exe"=
"j:\\Games\\STEAM\\steamapps\\jjjapan\\garrysmod\\hl2.exe"=
"i:\\Program Files\\Crazybump\\CB.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"j:\\Games\\STEAM\\steamapps\\jjjapan\\synergy\\hl2.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\bejeweled deluxe\\WinBej.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\bookworm deluxe\\Bookworm.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hammer heads deluxe\\HammerHeads.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\pizza frenzy\\PizzaFrenzy.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\typer shark deluxe\\WinTS.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\talismania deluxe\\Talismania.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\bejeweled 2 deluxe\\WinBej2.exe"=
"i:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
"27015:TCP"= 27015:TCP:L4d2 working
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R3 CT20XUT.SYS;CT20XUT.SYS;i:\windows\system32\drivers\CT20XUT.sys [04/06/2009 02:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;i:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 02:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;i:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 02:46 72728]
R3 RT80x86;Ralink 802.11n Wireless Driver;i:\windows\system32\drivers\rt2860.sys [17/01/2010 18:04 579456]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;i:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 00:04 65536]
S3 ALSysIO;ALSysIO;\??\i:\docume~1\Jess\LOCALS~1\Temp\ALSysIO.sys --> i:\docume~1\Jess\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;i:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [13/11/2008 00:19 79360]
S3 CT20XUT;CT20XUT;i:\windows\system32\drivers\CT20XUT.sys [04/06/2009 02:46 171032]
S3 CTEXFIFX;CTEXFIFX;i:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 02:46 1324056]
S3 CTHWIUT;CTHWIUT;i:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 02:46 72728]
S3 mdxgthkn;mdxgthkn;\??\i:\docume~1\Jess\LOCALS~1\Temp\mdxgthkn.sys --> i:\docume~1\Jess\LOCALS~1\Temp\mdxgthkn.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\i:\windows\system32\drivers\Ndisprot.sys --> i:\windows\system32\drivers\Ndisprot.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 sptd;sptd;i:\windows\system32\drivers\sptd.sys [09/09/2009 16:42 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1284227242-725345543-1004Core.job
- i:\documents and settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-24 18:42]

2010-08-15 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1284227242-725345543-1004UA.job
- i:\documents and settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-24 18:42]

2010-08-16 i:\windows\Tasks\MP Scheduled Scan.job
- i:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

2010-08-15 i:\windows\Tasks\RegCure Program Check.job
- i:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-08-16 i:\windows\Tasks\SDMsgUpdate (TE).job
- i:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-04-06 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-EAX Unified - i:\program files\Creative\EAX Unified\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-08-16 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\i:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-1284227242-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d1,c3,e9,6a,99,d5,97,be,6e,3c,0d,38,b7,39,23,4f,c5,2e,7d,8b,87,92,2d,
56,55,8a,52,01,ed,8d,9a,5f,6f,ca,8a,00,f0,7e,dd,a3,e9,3a,1c,e7,03,2e,d9,bd,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a

[HKEY_USERS\S-1-5-21-583907252-1284227242-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:19,ef,27,07,16,5e,b2,a8,9e,6c,4e,ad,1d,fa,39,df,87,e4,68,f0,c9,
52,7b,44,46,f3,0a,67,e0,62,dc,ca,93,88,b0,06,df,84,8a,50,48,18,5d,ea,5b,44,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:2c,85,80,02,d2,3b,26,87,34,63,e5,7f,0c,9d,69,7c,2a,98,27,4d,ef,
02,a4,08,62,58,21,ca,07,14,f7,86,41,fe,f7,0e,78,f2,34,bd,3d,25,f5,34,33,79,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:2c,85,80,02,d2,3b,26,87,34,63,e5,7f,0c,9d,69,7c,2a,98,27,4d,ef,
02,a4,08,62,58,21,ca,07,14,f7,86,41,fe,f7,0e,78,f2,34,bd,3d,25,f5,34,33,79,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
i:\program files\SUPERAntiSpyware\SASWINLO.DLL
i:\windows\system32\WININET.dll
i:\windows\system32\Ati2evxx.dll
i:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-08-16 15:59:15
ComboFix-quarantined-files.txt 2010-08-16 14:59
ComboFix2.txt 2008-10-30 11:07

Pre-Run: 59,206,692,864 bytes free
Post-Run: 59,392,180,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
i:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 78E0646433644A949008D260FAC91E13
neoncherry is offline  
Old 08-16-2010, 11:46 AM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hi neoncherry,


Microsoft stopped supporting Microsoft Antimalware over a year ago, please uninstall it via Control Panel>Add or remove programs.


On your keyboard, press the Windows Logo key and the letter 'E' to open Windows Explorer. Navigate to, and delete the following Folders (Right click and select 'delete'):

i:\documents and settings\Jess\Local Settings\Application Data\udqkocwys
i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware

================================

What we need to do now is run this online scan to search for any remnants. It can take several hours, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

How is the system behaving now?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 08-16-2010, 02:21 PM   #9
Registered Member
 
Join Date: Aug 2010
Location: Greater London
Posts: 11
OS: Windows XP SP3 32 bit



Hello about to run Kaspersky which will, like you said, probably take about 6 hours so I will report asap.

I have run into a problem trying to delete, i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware. Apparently 'Access is denied: mpengine.dll'.

Also I think the virus may have installed that as I have never seen in in my folders before!
neoncherry is offline  
Old 08-16-2010, 08:19 PM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



No worries. Open notepad and copy/paste the text in the code box below into it:

Quote:

Folder::
i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, post the C:\ComboFix.txt in your next reply. It can wait until you have the online scan results and post both at the same time. :)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 08-17-2010, 08:20 AM   #11
Registered Member
 
Join Date: Aug 2010
Location: Greater London
Posts: 11
OS: Windows XP SP3 32 bit



Hello I am having a few problems. I ran the scan last night and it took 6 hours but then the whole computer just froze up? I am going to try again soon. HOWEVER my Microsoft Security Essentials is somehow broken now. Before and still after the combofix step. I have attached a screenshot below. MSE is permanently stuck off real time protection and settings is greyed out. Also it always errors when I click update. So I un-installed it and re downloaded the latest version. Installed it, and it is still doing the same thing.

Also this effected the combofix running as it stated MSE was on when I'm pretty sure it wasn't. I checked the task manager etc and it wasn't running...

Oh also I just looked to see if the Antimalware was gone and its still there! In this folder: i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware

Combofix log...


ComboFix 10-08-15.04 - Jess 17/08/2010 14:38:49.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1576 [GMT 1:00]
Running from: i:\documents and settings\Jess\Desktop\ComboFix.exe
Command switches used :: i:\documents and settings\Jess\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 12:56 . 2010-08-17 12:56 -------- d-----w- i:\program files\Microsoft Security Essentials
2010-08-15 23:05 . 2010-08-15 23:06 -------- d-----w- i:\documents and settings\Jess\Application Data\vlc
2010-08-15 01:25 . 2010-08-15 01:25 35840 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\0542BFF0C7A449DEAF051AB2D4F66F51\SkypeTwitterUpdate.exe
2010-08-15 01:25 . 2010-08-15 01:25 180224 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\0542BFF0C7A449DEAF051AB2D4F66F51\Interop.SKYPE4COMLib.dll
2010-08-15 01:23 . 2010-08-15 01:23 1585608 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-08-15 01:21 . 2010-08-15 01:21 147456 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\FAD056AD55AA4877BB40184CF49E754C\Interop.SKYPE4COMLib.dll
2010-08-15 01:21 . 2010-08-15 01:21 14328 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\FAD056AD55AA4877BB40184CF49E754C\Skype_uzrasai_ENG.vshost.exe
2010-08-15 01:21 . 2010-08-15 01:21 119808 ----a-w- i:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\FAD056AD55AA4877BB40184CF49E754C\Skype_uzrasai_ENG.exe
2010-08-10 22:05 . 2010-08-10 22:05 -------- d-----w- i:\documents and settings\Jess\Local Settings\Application Data\2K Games
2010-08-09 23:43 . 2010-08-09 23:43 -------- d-----w- i:\documents and settings\All Users\Application Data\FLEXnet
2010-08-09 18:55 . 2010-08-09 18:55 503808 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-423833c6-n\msvcp71.dll
2010-08-09 18:55 . 2010-08-09 18:55 499712 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-423833c6-n\jmc.dll
2010-08-09 18:55 . 2010-08-09 18:55 348160 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-423833c6-n\msvcr71.dll
2010-08-09 18:55 . 2010-08-09 18:55 61440 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-798b26ac-n\decora-sse.dll
2010-08-09 18:55 . 2010-08-09 18:55 12800 ----a-w- i:\documents and settings\Jess\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-798b26ac-n\decora-d3d.dll
2010-08-09 13:49 . 2010-08-09 13:49 63488 ----a-w- i:\documents and settings\Jess\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-09 13:48 . 2010-08-09 13:48 52224 ----a-w- i:\documents and settings\Jess\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-09 13:48 . 2010-08-09 13:48 117760 ----a-w- i:\documents and settings\Jess\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-09 13:43 . 2010-08-09 13:43 -------- d-----w- i:\documents and settings\Jess\Application Data\SUPERAntiSpyware.com
2010-08-09 13:43 . 2010-08-09 13:43 -------- d-----w- i:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-09 13:43 . 2010-08-09 13:43 -------- d-----w- i:\program files\SUPERAntiSpyware
2010-08-08 22:34 . 2010-08-08 22:34 -------- d-----w- i:\documents and settings\All Users\Application Data\RegCure
2010-08-08 22:28 . 2010-08-17 12:27 -------- d---a-w- i:\documents and settings\All Users\Application Data\TEMP
2010-08-08 02:27 . 2010-08-08 02:27 -------- d-----w- i:\program files\Auslogics
2010-08-08 02:27 . 2010-08-08 02:27 -------- d-----w- i:\program files\foobar2000
2010-08-07 23:11 . 2010-08-07 23:11 -------- d-----w- i:\documents and settings\Jess\Application Data\Malwarebytes
2010-08-07 22:55 . 2010-08-07 22:55 -------- d-----w- i:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-07 22:55 . 2010-04-29 14:39 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 22:55 . 2010-08-07 22:55 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-07 22:55 . 2010-08-07 22:55 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware
2010-08-07 22:55 . 2010-04-29 14:39 20952 ----a-w- i:\windows\system32\drivers\mbam.sys
2010-08-07 22:48 . 2010-08-07 22:48 -------- d-sh--w- i:\documents and settings\Administrator\PrivacIE
2010-08-07 21:50 . 2010-08-07 21:50 35392 ----a-w- i:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-07 20:43 . 2010-08-07 23:09 -------- d-----w- i:\documents and settings\Jess\Local Settings\Application Data\udqkocwys
2010-08-04 16:09 . 2010-08-04 16:09 -------- d-----w- i:\program files\Santiago Orgaz
2010-08-04 16:08 . 2010-06-02 03:55 74072 ----a-w- i:\windows\system32\XAPOFX1_5.dll
2010-08-04 16:08 . 2010-06-02 03:55 527192 ----a-w- i:\windows\system32\XAudio2_7.dll
2010-08-04 16:08 . 2010-06-02 03:55 239960 ----a-w- i:\windows\system32\xactengine3_7.dll
2010-08-04 16:08 . 2010-05-26 10:41 2106216 ----a-w- i:\windows\system32\D3DCompiler_43.dll
2010-08-04 16:08 . 2010-05-26 10:41 1868128 ----a-w- i:\windows\system32\d3dcsx_43.dll
2010-08-04 16:08 . 2010-05-26 10:41 470880 ----a-w- i:\windows\system32\d3dx10_43.dll
2010-08-04 16:08 . 2010-05-26 10:41 248672 ----a-w- i:\windows\system32\d3dx11_43.dll
2010-08-04 16:08 . 2010-05-26 10:41 1998168 ----a-w- i:\windows\system32\D3DX9_43.dll
2010-08-02 14:23 . 2010-08-02 14:23 -------- d-----w- i:\program files\Common Files\Skype
2010-07-30 18:43 . 2010-07-30 18:43 -------- d-sh--w- i:\documents and settings\All Users\Application Data\SecuROM
2010-07-26 18:40 . 2010-06-09 16:20 2444656 ----a-w- i:\windows\system32\pbsvc_apb.exe
2010-07-18 22:27 . 2010-07-18 22:27 -------- d-----w- i:\documents and settings\Jess\Local Settings\Application Data\NCSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 02:05 . 2009-05-19 00:56 -------- d-----w- i:\documents and settings\Jess\Application Data\Skype
2010-08-15 01:20 . 2009-05-19 00:57 -------- d-----w- i:\documents and settings\Jess\Application Data\skypePM
2010-08-14 03:30 . 2008-10-02 23:44 218464 ----a-w- i:\windows\system32\PnkBstrB.exe
2010-08-13 23:40 . 2008-10-02 23:45 138624 ----a-w- i:\windows\system32\drivers\PnkBstrK.sys
2010-08-13 01:20 . 2009-06-09 20:03 93 ----a-w- i:\windows\popcinfo.dat
2010-08-10 22:05 . 2009-10-08 17:21 -------- d-----w- i:\program files\NVIDIA Corporation
2010-08-10 22:05 . 2009-08-23 23:29 -------- d-----w- i:\program files\Common Files\Wise Installation Wizard
2010-08-08 22:41 . 2008-10-19 11:53 -------- d-----w- i:\program files\RegCure
2010-08-08 20:54 . 2009-03-13 14:21 -------- d-----w- i:\documents and settings\All Users\Application Data\Rosetta Stone
2010-08-08 20:54 . 2008-09-18 00:36 -------- d-----w- i:\program files\Opera
2010-08-08 05:45 . 2009-08-22 13:07 -------- d-----w- i:\program files\Common Files\Blizzard Entertainment
2010-08-08 02:49 . 2009-01-13 11:57 -------- d-----w- i:\program files\Red Kawa
2010-08-08 02:36 . 2008-09-17 20:18 -------- d--h--w- i:\program files\InstallShield Installation Information
2010-08-02 14:24 . 2009-05-19 00:56 -------- d-----r- i:\program files\Skype
2010-08-02 14:23 . 2009-05-19 00:56 -------- d-----w- i:\documents and settings\All Users\Application Data\Skype
2010-08-01 14:02 . 2008-10-02 13:04 -------- d-----w- i:\program files\Common Files\BioWare
2010-07-30 18:19 . 2008-09-21 19:14 107888 ----a-w- i:\windows\system32\CmdLineExt.dll
2010-07-26 18:41 . 2008-10-02 23:45 138056 ----a-w- i:\documents and settings\Jess\Application Data\PnkBstrK.sys
2010-07-26 18:41 . 2008-10-02 23:45 138056 ----a-w- i:\documents and settings\Jess\Application Data\PnkBstrK.sys
2010-07-26 18:40 . 2008-10-02 23:44 75064 ----a-w- i:\windows\system32\PnkBstrA.exe
2010-07-26 18:01 . 2008-10-17 09:58 214 ----a-w- i:\windows\popcinfot.dat
2010-07-25 01:32 . 2008-09-30 17:50 -------- d-----w- i:\documents and settings\Jess\Application Data\Winamp
2010-07-24 12:20 . 2008-09-30 17:50 -------- d-----w- i:\program files\Winamp
2010-07-24 12:20 . 2010-01-18 17:08 -------- d-----w- i:\program files\Winamp Detect
2010-07-16 02:21 . 2010-07-16 01:46 -------- d-----w- i:\documents and settings\Jess\Application Data\TS3Client
2010-07-16 01:45 . 2010-07-16 01:45 -------- d-----w- i:\program files\TeamSpeak 3 Client
2010-07-15 12:26 . 2008-09-21 17:35 -------- d-----w- i:\program files\ZBrush3
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- i:\windows\system32\schannel.dll
2010-06-25 13:47 . 2010-06-25 13:47 30696 ---ha-w- i:\windows\system32\mlfcache.dat
2010-06-25 12:23 . 2010-06-25 12:22 -------- d-----w- i:\program files\iTunes
2010-06-25 12:23 . 2010-06-25 12:22 -------- d-----w- i:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-25 12:22 . 2010-06-25 12:22 -------- d-----w- i:\program files\iPod
2010-06-25 12:22 . 2009-01-13 11:07 -------- d-----w- i:\program files\Common Files\Apple
2010-06-25 12:20 . 2010-06-25 12:20 -------- d-----w- i:\program files\QuickTime
2010-06-25 12:17 . 2008-10-04 15:43 -------- d-----w- i:\program files\Bonjour
2010-06-25 12:13 . 2010-06-25 12:13 72504 ----a-w- i:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- i:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- i:\windows\system32\win32k.sys
2010-06-21 17:03 . 2009-05-17 17:43 -------- d-----w- i:\program files\Microsoft Silverlight
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- i:\windows\system32\drivers\srv.sys
2010-06-20 21:30 . 2010-06-20 21:30 -------- d-----w- i:\program files\Common Files\Java
2010-06-20 21:30 . 2008-11-01 10:20 -------- d-----w- i:\program files\Java
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- i:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-09-17 19:56 744448 ----a-w- i:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- i:\windows\system32\msxml3.dll
2010-06-01 17:37 . 2010-01-28 20:11 221568 ------w- i:\windows\system32\MpSigStub.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- i:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- i:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [email protected]_14.57.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-17 12:27 . 2010-08-17 12:27 16384 i:\windows\temp\Perflib_Perfdata_e4.dat
+ 2006-02-28 12:00 . 2010-08-17 12:31 83098 i:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2010-08-17 12:31 471826 i:\windows\system32\perfh009.dat
+ 2010-03-25 20:30 . 2010-03-25 20:30 151216 i:\windows\system32\drivers\MpFilter.sys
- 2009-06-18 18:48 . 2010-03-25 20:30 151216 i:\windows\system32\drivers\MpFilter.sys
+ 2010-08-17 12:56 . 2010-08-17 12:56 272384 i:\windows\Installer\191e08.msi
+ 2010-08-17 12:56 . 2010-08-17 12:56 254976 i:\windows\Installer\191e01.msi
+ 2010-08-17 12:56 . 2010-08-17 12:56 301056 i:\windows\Installer\191dfa.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="i:\documents and settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-24 136176]
"Fraps"="i:\fraps\FRAPS.EXE" [2008-09-11 3305128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="i:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"PHIME2002ASync"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"amd_dc_opt"="i:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"MSSE"="i:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="i:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

i:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk.disabled [2008-9-21 1737]
Ralink Wireless Utility.lnk.disabled [2008-9-17 1621]
Wireless Utility.lnk - i:\program files\EDIMAX\Common\RaUI.exe [2010-1-17 716800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
path=
backup=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"=i:\program files\TGTSoft\StyleXP\StyleXP.exe -Hide
"Gainward"=i:\program files\EXPERTool ATI\TBPanel.exe /A
"EA Core"="i:\program files\Electronic Arts\EADM\Core.exe" -silent
"AdobeBridge"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LanguageShortcut"="i:\program files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="i:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"NeroCheck"=i:\windows\system32\NeroCheck.exe
"VolPanel"="i:\program files\Creative\Volume Panel\VolPanlu.exe" /r
"SunJavaUpdateSched"="i:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" -atboottime
"AdobeCS4ServiceManager"="i:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"i:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"i:\\WINDOWS\\system32\\PnkBstrA.exe"=
"i:\\WINDOWS\\system32\\PnkBstrB.exe"=
"i:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"i:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"i:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"i:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"j:\\Games\\Steam\\steamapps\\jjjapan\\team fortress 2\\hl2.exe"=
"i:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"j:\\Games\\Civilization 4 Complete\\Civilization4.exe"=
"j:\\Games\\Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"j:\\Games\\Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"i:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"i:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"i:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"i:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"j:\\Games\\STEAM\\Steam.exe"=
"j:\\Games\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"j:\\Games\\Mass Effect 2\\MassEffect2Launcher.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman codename 47\\Hitman.Exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman codename 47\\Setup.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman 2 silent assassin\\hitman2.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman 2 silent assassin\\config.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\metro 2033\\metro2033.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman blood money\\HitmanBloodMoney.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hitman blood money\\configure.exe"=
"j:\\Games\\Death is Sleep\\SleepIsDeath_v15b\\SleepIsDeath.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\alien swarm\\srcds.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\all points bulletin eu\\Launcher\\APBLauncher.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\all points bulletin eu\\Binaries\\APB.exe"=
"i:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\grand theft auto san andreas\\gta-sa.exe"=
"j:\\Games\\MTA SA\\Multi Theft Auto.exe"=
"j:\\Games\\MTA SA\\server\\MTA Server.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\alien swarm\\swarm.exe"=
"j:\\Games\\STEAM\\steamapps\\jjjapan\\counter-strike source\\hl2.exe"=
"j:\\Games\\STEAM\\steamapps\\jjjapan\\garrysmod\\hl2.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"j:\\Games\\STEAM\\steamapps\\jjjapan\\synergy\\hl2.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\bejeweled deluxe\\WinBej.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\bookworm deluxe\\Bookworm.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\hammer heads deluxe\\HammerHeads.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\pizza frenzy\\PizzaFrenzy.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\typer shark deluxe\\WinTS.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\talismania deluxe\\Talismania.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"j:\\Games\\STEAM\\steamapps\\common\\bejeweled 2 deluxe\\WinBej2.exe"=
"i:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"i:\\Program Files\\Crazybump\\CB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader: 3724
"27015:TCP"= 27015:TCP:L4d2 working
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R3 CT20XUT.SYS;CT20XUT.SYS;i:\windows\system32\drivers\CT20XUT.sys [04/06/2009 02:46 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;i:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 02:46 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;i:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 02:46 72728]
R3 RT80x86;Ralink 802.11n Wireless Driver;i:\windows\system32\drivers\rt2860.sys [17/01/2010 18:04 579456]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;i:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 00:04 65536]
S3 ALSysIO;ALSysIO;\??\i:\docume~1\Jess\LOCALS~1\Temp\ALSysIO.sys --> i:\docume~1\Jess\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;i:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [13/11/2008 00:19 79360]
S3 CT20XUT;CT20XUT;i:\windows\system32\drivers\CT20XUT.sys [04/06/2009 02:46 171032]
S3 CTEXFIFX;CTEXFIFX;i:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 02:46 1324056]
S3 CTHWIUT;CTHWIUT;i:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 02:46 72728]
S3 mdxgthkn;mdxgthkn;\??\i:\docume~1\Jess\LOCALS~1\Temp\mdxgthkn.sys --> i:\docume~1\Jess\LOCALS~1\Temp\mdxgthkn.sys [?]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\i:\windows\system32\drivers\Ndisprot.sys --> i:\windows\system32\drivers\Ndisprot.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 sptd;sptd;i:\windows\system32\drivers\sptd.sys [09/09/2009 16:42 721904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPFILTER
*NewlyCreated* - MSMPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1284227242-725345543-1004Core.job
- i:\documents and settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-24 18:42]

2010-08-17 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1284227242-725345543-1004UA.job
- i:\documents and settings\Jess\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-24 18:42]

2010-08-17 i:\windows\Tasks\MP Scheduled Scan.job
- i:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

2010-08-16 i:\windows\Tasks\RegCure Program Check.job
- i:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

2010-08-17 i:\windows\Tasks\SDMsgUpdate (TE).job
- i:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-04-06 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-08-17 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\i:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-1284227242-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d1,c3,e9,6a,99,d5,97,be,6e,3c,0d,38,b7,39,23,4f,c5,2e,7d,8b,87,92,2d,
56,55,8a,52,01,ed,8d,9a,5f,6f,ca,8a,00,f0,7e,dd,a3,e9,3a,1c,e7,03,2e,d9,bd,\
"??"=hex:d9,eb,e8,87,54,a1,8d,80,f0,7a,3a,0f,c2,c7,4d,2a

[HKEY_USERS\S-1-5-21-583907252-1284227242-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:19,ef,27,07,16,5e,b2,a8,9e,6c,4e,ad,1d,fa,39,df,87,e4,68,f0,c9,
52,7b,44,46,f3,0a,67,e0,62,dc,ca,93,88,b0,06,df,84,8a,50,48,18,5d,ea,5b,44,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:2c,85,80,02,d2,3b,26,87,34,63,e5,7f,0c,9d,69,7c,2a,98,27,4d,ef,
02,a4,08,62,58,21,ca,07,14,f7,86,41,fe,f7,0e,78,f2,34,bd,3d,25,f5,34,33,79,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:2c,85,80,02,d2,3b,26,87,34,63,e5,7f,0c,9d,69,7c,2a,98,27,4d,ef,
02,a4,08,62,58,21,ca,07,14,f7,86,41,fe,f7,0e,78,f2,34,bd,3d,25,f5,34,33,79,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
i:\program files\SUPERAntiSpyware\SASWINLO.DLL
i:\windows\system32\WININET.dll
i:\windows\system32\Ati2evxx.dll
i:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(932)
i:\windows\system32\WININET.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-17 14:43:07
ComboFix-quarantined-files.txt 2010-08-17 13:43
ComboFix2.txt 2010-08-16 14:59
ComboFix3.txt 2008-10-30 11:07

Pre-Run: 59,390,750,720 bytes free
Post-Run: 59,376,054,272 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
i:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 2C93EA2199D4B98130054D52A2585E98
Attached Thumbnails
Click image for larger version

Name:	MSE error issue.jpg
Views:	35
Size:	163.1 KB
ID:	76851  
neoncherry is offline  
Old 08-17-2010, 08:36 AM   #12
Registered Member
 
Join Date: Aug 2010
Location: Greater London
Posts: 11
OS: Windows XP SP3 32 bit



OK I managed to get MSE to work by manually installing the updates for it from the Windows website. Then I restarted it and now it is working! Yay!
neoncherry is offline  
Old 08-17-2010, 08:41 AM   #13
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Glad to hear it.

Since Kaspersky stalled on you, let's use a different scanner. Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:55 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts