WiredWX Hobby Weather ToolsLog in

 


descriptioni cannot access the internet even though i am connected Emptyi cannot access the internet even though i am connected

more_horiz
reading through one or two other topics it seems i have the same problem as one or two others. I am connected to the wireless router and all other machines such as playstation 3, family computer, other laptops all access the internet fine however my laptop does not. i have a feeling this may be some form of virus or malware because moments before this happened, a few popups appeared that you would associate with some form of infection. Any help would be greatly appreciated.

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
here is a hijack this log file if that helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:16:16, on 25/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\Iexplore.exe
F:\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = More: http://news.bbc.co.uk/sport1/hi/football/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\Users\Owner\AppData\Local\Temp\richtx64.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: 32Red Casino - D46294E9-F2D0-4227-8886-5B730B69CB91 - C:\Microgaming\Casino\32Red\Casinogame.exe (HKCU)
O9 - Extra button: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - http://www.intercasino.co.uk/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} - http://www.intercasino.co.uk/ (file missing) (HKCU)
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate1ca09f6842e3fa5) (gupdate1ca09f6842e3fa5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9462 bytes

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Now click on the Connections tab and then the Lan Settings button
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.


==

Please download ComboFix i cannot access the internet even though i am connected Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
ok, i went to disable the proxy server, however the box was already unchecked, so i had to revert to using the family computer to communicate with you whilst transferring programs and logs via a USB memory stick.

i put combofix on the storage device (and renamed it commy.exe), and then copied it on to the desktop of laptop. I clicked it and the green loading bar filled up then disappeared and nothing happened. i clicked on it again and the green loading bar went to the end and then remained motionless

I then tried the whole process again using combofix obtained from one of your alternative links, and still it didn't work. All my anti-virus and anti-spyware software was turned off, including my firewall. What should i do now?

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
i cannot access the internet even though i am connected Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
malwarebytes won't run either :S

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
Please download SpiderKill by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
ok this is the log that was produced:


SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows [Version 6.0.6001]

********************Drivers list********************


Volume in drive C is VistaOS
Volume Serial Number is F003-0F27

Directory of C:\Windows\System32\Drivers

26/12/2009 19:55 .
26/12/2009 19:55 ..
23/08/2008 22:52 0 1043_ASUSTeK_F7SR.alu
16/02/2004 16:19 0 1043_ASUSTEK_F7SR_V20_VISTA.MRK
19/01/2008 05:53 53,376 1394bus.sys
19/01/2008 07:43 266,808 acpi.sys
02/11/2006 09:51 420,968 adp94xx.sys
02/11/2006 09:51 297,576 adpahci.sys
02/11/2006 09:50 98,408 adpu160m.sys
02/11/2006 09:51 147,048 adpu320.sys
19/01/2008 05:57 273,920 afd.sys
02/11/2006 09:49 53,864 AGP440.sys
02/11/2006 09:49 14,952 aliide.sys
02/11/2006 09:49 54,888 AMDAGP.SYS
02/11/2006 09:49 15,464 amdide.sys
02/11/2006 08:30 38,912 amdk7.sys
02/11/2006 08:30 40,960 amdk8.sys
02/11/2006 09:50 67,688 arc.sys
02/11/2006 09:50 67,688 arcsas.sys
11/08/2007 03:19 29,752 AsDsm.sys
19/01/2008 05:56 17,408 asyncmac.sys
19/01/2008 07:41 21,560 atapi.sys
19/01/2008 07:43 110,136 ataport.sys
20/09/2007 15:49 49,152 ati2erec.dll
20/09/2007 16:56 3,077,632 atikmdag.sys
23/08/2006 09:26 328,162 ativcaxx.cpa
23/08/2006 09:26 929 ativcaxx.vp
18/04/2007 00:19 2,096 ativdkxx.vp
30/05/2007 03:37 2,096 ativokxx.vp
30/05/2007 03:37 2,096 ativpkxx.vp
20/09/2007 17:41 51,040 ativvpxx.vp
14/12/2006 23:11 7,680 ATKACPI.sys
29/04/2008 19:19 12,960 Awrtpd.sys
29/04/2008 19:19 15,648 Awrtrd.sys
19/01/2008 07:41 28,216 battc.sys
19/01/2008 05:53 12,288 bdasup.sys
19/01/2008 05:49 6,144 beep.sys
19/01/2008 05:28 69,632 bowser.sys
02/11/2006 08:24 13,568 BrFiltLo.sys
02/11/2006 08:24 5,248 BrFiltUp.sys
19/01/2008 06:58 93,696 bridge.sys
02/11/2006 08:25 71,808 BrSerId.sys
02/11/2006 08:24 62,336 BrSerWdm.sys
02/11/2006 08:24 12,160 BrUsbMdm.sys
02/11/2006 08:24 11,904 BrUsbSer.sys
24/08/2008 01:21 19,456 bthenum.sys
02/11/2006 08:55 39,936 bthmodem.sys
19/01/2008 05:53 92,160 bthpan.sys
24/08/2008 01:21 220,160 bthport.sys
24/08/2008 01:21 29,184 BTHUSB.SYS
19/01/2008 05:28 70,144 cdfs.sys
19/01/2008 05:49 67,072 cdrom.sys
02/11/2006 08:55 35,328 circlass.sys
19/01/2008 07:43 127,544 Classpnp.sys
19/01/2008 05:32 14,208 CmBatt.sys
02/11/2006 09:49 16,488 cmdide.sys
31/07/2008 00:28 10,537 coh_mon.cat
31/07/2008 00:28 706 COH_Mon.inf
31/07/2008 00:42 23,888 COH_Mon.sys
19/01/2008 07:41 20,792 compbatt.sys
09/08/2007 15:32 10,588 co_mon.cat
09/08/2007 00:26 550 CO_Mon.inf
09/08/2007 00:39 36,056 CO_Mon.sys
19/01/2008 07:41 36,408 crashdmp.sys
02/11/2006 09:49 22,632 crcdisk.sys
02/11/2006 08:30 38,912 crusoe.sys
19/01/2008 05:28 75,264 dfsc.sys
19/01/2008 07:42 55,352 disk.sys
19/01/2008 05:49 19,968 Diskdump.sys
02/11/2006 09:50 71,272 djsvs.sys
19/01/2008 06:53 130,048 drmk.sys
19/01/2008 05:53 5,632 drmkaud.sys
19/01/2008 07:41 29,240 Dumpata.sys
19/01/2008 05:36 13,312 dxapi.sys
19/01/2008 05:36 76,288 dxg.sys
02/08/2008 01:01 625,152 dxgkrnl.sys
02/11/2006 07:30 117,760 E1G60I32.sys
19/01/2008 07:42 143,416 ecache.sys
02/11/2006 09:51 316,520 elxstor.sys
25/12/2009 13:44 en-US
10/08/2009 21:37 etc
19/01/2008 05:28 136,192 exfat.sys
19/01/2008 05:28 143,360 fastfat.sys
02/11/2006 08:51 25,088 fdc.sys
19/01/2008 07:42 58,936 fileinfo.sys
19/01/2008 05:30 27,648 filetrace.sys
02/11/2006 08:51 20,480 flpydisk.sys
19/01/2008 07:42 192,056 fltMgr.sys
19/01/2008 05:27 12,800 fs_rec.sys
19/01/2008 07:43 101,432 FWPKCLNT.SYS
02/11/2006 09:50 58,984 GAGP30KX.SYS
18/05/2009 14:17 26,600 GEARAspiWDM.sys
18/09/2006 21:26 3,440,660 gm.dls
18/09/2006 21:26 646 gmreadme.txt
26/11/2008 23:39 25,280 hamachi.sys
19/01/2008 04:30 53,760 hdaudbus.sys
02/11/2006 07:36 235,520 HdAudio.sys
02/11/2006 08:55 29,184 hidbth.sys
02/11/2006 08:55 38,912 hidclass.sys
02/11/2006 08:55 21,504 hidir.sys
02/11/2006 08:55 25,472 hidparse.sys
02/11/2006 08:55 12,288 hidusb.sys
02/11/2006 09:50 37,480 HpCISSs.sys
09/11/2009 11:04 411,136 http.sys
02/11/2006 09:49 16,488 i2omgmt.sys
02/11/2006 09:49 27,752 i2omp.sys
19/01/2008 05:49 54,784 i8042prt.sys
29/09/2007 15:03 308,248 iaStor.sys
02/11/2006 09:51 232,040 iaStorV.sys
02/11/2006 09:50 41,576 iirsp.sys
25/08/2008 20:36 40,840 ikfilesec.sys
25/08/2008 20:36 66,952 iksysflt.sys
25/08/2008 20:36 81,288 iksyssec.sys
19/01/2008 07:41 17,976 intelide.sys
19/01/2008 05:27 41,472 intelppm.sys
19/01/2008 05:56 47,616 ipfltdrv.sys
02/11/2006 08:42 65,536 IPMIDrv.sys
19/01/2008 05:56 100,864 ipnat.sys
19/01/2008 05:55 95,744 irda.sys
19/01/2008 05:55 13,312 irenum.sys
02/11/2006 09:50 47,208 isapnp.sys
02/11/2006 09:50 35,944 iteatapi.sys
02/11/2006 09:50 35,944 iteraid.sys
07/02/2006 11:52 6,912 JGOGO.sys
11/04/2007 16:18 48,000 jraid.sys
19/01/2008 07:41 35,384 kbdclass.sys
02/11/2006 08:51 15,872 kbdhid.sys
24/01/2007 10:08 5,632 kbfiltr.sys
03/06/2008 00:19 29,576 kcom.sys
19/01/2008 05:49 148,992 ks.sys
15/06/2009 18:20 439,896 ksecdd.sys
19/01/2008 05:55 47,104 lltdio.sys
02/11/2006 09:50 65,640 lsi_fc.sys
02/11/2006 09:50 65,640 lsi_sas.sys
02/11/2006 09:50 65,640 lsi_scsi.sys
19/01/2008 05:30 84,480 luafv.sys
03/08/2009 12:36 19,096 mbam.sys
03/08/2009 12:36 38,160 mbamswissarmy.sys
19/01/2008 05:49 18,944 mcd.sys
02/11/2006 09:49 28,776 megasas.sys
19/01/2008 05:57 31,744 modem.sys
19/01/2008 05:57 18,432 MODEMCSA.sys
19/01/2008 05:52 41,984 monitor.sys
19/01/2008 07:41 34,360 mouclass.sys
02/11/2006 08:51 15,872 mouhid.sys
19/01/2008 07:42 57,400 mountmgr.sys
02/11/2006 09:50 78,952 mpio.sys
19/01/2008 05:54 64,000 mpsdrv.sys
02/11/2006 09:49 33,384 Mraid35x.sys
19/01/2008 05:28 110,080 mrxdav.sys
19/01/2008 05:28 105,472 mrxsmb.sys
27/08/2008 01:05 212,480 mrxsmb10.sys
19/01/2008 05:28 78,848 mrxsmb20.sys
02/11/2006 09:49 23,144 msahci.sys
02/11/2006 09:50 80,488 msdsm.sys
19/01/2008 05:28 22,528 msfs.sys
05/01/2008 11:31 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
19/01/2008 07:41 16,440 msisadrv.sys
19/01/2008 07:42 181,304 msiscsi.sys
19/01/2008 05:49 8,192 mskssrv.sys
19/01/2008 05:49 5,888 mspclock.sys
19/01/2008 05:49 5,504 mspqm.sys
19/01/2008 07:42 163,384 msrpc.sys
19/01/2008 07:41 31,288 mssmbios.sys
19/01/2008 05:49 6,016 mstee.sys
19/01/2008 07:42 49,720 mup.sys
19/01/2008 07:43 529,464 ndis.sys
19/01/2008 05:56 20,992 ndistapi.sys
19/01/2008 05:55 16,896 ndisuio.sys
19/01/2008 05:56 121,344 ndiswan.sys
19/01/2008 05:56 49,664 ndproxy.sys
19/01/2008 05:55 35,840 netbios.sys
19/01/2008 05:55 184,320 netbt.sys
19/01/2008 07:42 223,288 netio.sys
02/11/2006 07:30 1,781,760 NETw3v32.sys
20/06/2007 20:51 2,222,080 NETw4v32.sys
02/11/2006 09:50 45,160 nfrd960.sys
19/01/2008 05:28 34,816 npfs.sys
29/04/2008 19:20 15,648 NSDriver.sys
19/01/2008 05:55 16,384 nsiproxy.sys
19/01/2008 07:43 1,081,912 ntfs.sys
02/11/2006 07:36 20,608 ntrigdigi.sys
19/01/2008 05:49 4,608 null.sys
14/10/2006 03:04 4,422,560 nvlddmkm.sys
02/11/2006 09:50 88,680 nvraid.sys
02/11/2006 09:50 40,040 nvstor.sys
02/11/2006 09:50 106,600 NV_AGP.SYS
20/05/2008 02:07 148,480 nwifi.sys
19/01/2008 05:53 61,952 ohci1394.sys
05/04/2008 01:21 72,192 pacer.sys
02/11/2006 08:51 79,360 parport.sys
19/01/2008 07:42 56,376 partmgr.sys
02/11/2006 08:51 8,704 parvdm.sys
19/01/2008 07:42 151,096 pci.sys
02/11/2006 09:49 13,416 pciide.sys
19/01/2008 07:42 45,112 pciidex.sys
02/11/2006 09:51 167,528 pcmcia.sys
02/11/2006 09:04 878,080 PEAuth.sys
19/01/2008 05:53 167,936 portcls.sys
02/11/2006 08:30 38,400 processr.sys
02/11/2006 09:51 900,712 ql2300.sys
02/11/2006 09:50 106,088 ql40xx.sys
19/01/2008 05:56 31,232 qwavedrv.sys
19/01/2008 05:56 11,776 rasacd.sys
19/01/2008 05:56 76,288 rasl2tp.sys
19/01/2008 05:56 41,472 raspppoe.sys
19/01/2008 05:56 62,976 raspptp.sys
19/01/2008 05:56 69,120 rassstp.sys
19/01/2008 05:28 224,768 rdbss.sys
19/01/2008 06:01 6,144 RDPCDD.sys
02/11/2006 09:03 242,688 rdpdr.sys
19/01/2008 06:01 6,144 RDPENCDD.sys
19/01/2008 06:01 181,248 rdpwd.sys
18/04/2007 03:09 11,032 regi.sys
19/01/2008 05:53 49,664 rfcomm.sys
24/02/2007 21:42 39,936 rimmptsk.sys
23/01/2007 23:40 42,496 rimsptsk.sys
22/03/2007 05:02 37,376 rixdptsk.sys
24/08/2008 01:16 113,664 rmcast.sys
19/01/2008 05:56 33,280 RNDISMP.sys
19/01/2008 05:57 8,192 rootmdm.sys
19/01/2008 05:55 60,416 rspndr.sys
10/07/2007 01:59 1,792,792 RTKVHDA.sys
02/11/2006 07:30 44,544 Rtlh86.sys
02/11/2006 09:50 76,392 sbp2port.sys
19/01/2008 07:42 142,904 scsiport.sys
19/01/2008 05:32 88,576 sdbus.sys
02/11/2006 06:37 20,480 secdrv.sys
02/11/2006 08:51 17,920 serenum.sys
02/11/2006 08:51 83,456 serial.sys
19/01/2008 05:49 19,968 sermouse.sys
02/11/2006 08:51 13,312 sffdisk.sys
02/11/2006 08:51 12,800 sffp_mmc.sys
02/11/2006 08:51 12,800 sffp_sd.sys
02/11/2006 08:51 13,312 sfloppy.sys
02/11/2006 09:49 53,352 SISAGP.SYS
02/11/2006 09:50 38,504 sisraid2.sys
02/11/2006 09:50 71,784 sisraid4.sys
19/01/2008 05:55 66,560 smb.sys
19/01/2008 05:49 17,408 smclib.sys
22/11/2006 09:35 982,272 smserial.sys
09/05/2007 07:16 28,160 sncduvc.sys
25/05/2007 02:15 1,743,232 snp2uvc.sys
19/01/2008 07:41 21,048 spldr.sys
19/01/2008 04:10 681,984 spsys.sys
01/02/2008 22:55 10,545 srtsp.cat
04/02/2008 20:27 1,415 srtsp.inf
01/02/2008 01:51 279,088 srtsp.sys
01/02/2008 22:55 10,549 srtspl.cat
04/02/2008 20:27 1,430 srtspl.inf
01/02/2008 01:51 317,616 srtspl.sys
01/02/2008 22:55 10,549 srtspx.cat
04/02/2008 20:27 1,421 srtspx.inf
01/02/2008 01:51 43,696 srtspx.sys
16/12/2008 02:42 288,768 srv.sys
14/09/2009 09:44 144,896 srv2.sys
19/01/2008 05:29 98,304 srvnet.sys
19/01/2008 07:43 123,960 Storport.sys
19/01/2008 05:53 52,992 stream.sys
19/01/2008 07:41 15,288 swenum.sys
02/11/2006 09:50 35,944 symc8xx.sys
19/02/2009 11:31 13,616 symdns.sys
11/01/2009 22:46 10,635 SYMEVENT.CAT
11/01/2009 22:46 806 SYMEVENT.INF
11/01/2009 22:46 124,464 SYMEVENT.SYS
19/02/2009 11:31 96,560 symfw.sys
19/02/2009 11:31 38,576 symids.sys
19/02/2009 11:31 24,112 SymIMV.sys
19/02/2009 11:31 41,008 symndisv.sys
19/02/2009 11:31 9,844 SymRedir.cat
19/02/2009 11:31 1,611 SymRedir.inf
19/02/2009 11:31 22,320 symredrv.sys
19/02/2009 11:31 184,496 symtdi.sys
02/11/2006 09:49 31,848 sym_hi.sys
02/11/2006 09:50 34,920 sym_u3.sys
01/03/2007 13:24 182,456 SynTP.sys
19/01/2008 05:49 24,576 tape.sys
14/08/2009 17:07 897,608 tcpip.sys
19/01/2008 05:56 30,208 tcpipreg.sys
19/01/2008 05:57 20,992 tdi.sys
19/01/2008 06:01 17,920 tdpipe.sys
19/01/2008 06:01 29,184 tdtcp.sys
19/01/2008 05:55 71,680 tdx.sys
19/01/2008 07:42 54,328 termdd.sys
02/11/2006 09:50 41,064 tpm.sys
19/01/2008 06:01 23,552 tssecsrv.sys
19/01/2008 05:55 15,360 TUNMP.SYS
19/01/2008 05:55 23,040 tunnel.sys
02/11/2006 09:49 56,936 UAGP35.SYS
19/01/2008 05:28 226,816 udfs.sys
02/11/2006 09:50 58,472 ULIAGPKX.SYS
02/11/2006 09:51 235,112 uliahci.sys
02/11/2006 09:50 98,408 ulsata.sys
02/11/2006 09:50 115,816 ulsata2.sys
19/01/2008 05:53 34,816 umbus.sys
25/12/2009 13:43 UMDF
19/01/2008 05:53 7,680 umpass.sys
19/01/2008 05:56 15,872 usb8023.sys
28/08/2009 19:42 40,448 usbaapl.sys
19/01/2008 05:53 25,728 USBCAMD.sys
19/01/2008 05:53 25,728 USBCAMD2.sys
19/01/2008 05:53 73,216 usbccgp.sys
02/11/2006 08:55 68,608 usbcir.sys
19/01/2008 05:53 5,888 usbd.sys
19/01/2008 05:53 39,424 usbehci.sys
19/01/2008 05:53 194,560 usbhub.sys
02/11/2006 08:55 19,456 usbohci.sys
19/01/2008 05:53 226,304 usbport.sys
19/01/2008 06:14 18,944 usbprint.sys
19/01/2008 06:14 35,328 usbscan.sys
19/01/2008 05:53 55,296 USBSTOR.SYS
19/01/2008 05:53 23,552 usbuhci.sys
19/01/2008 05:53 134,016 usbvideo.sys
19/01/2008 05:52 25,088 vga.sys
02/11/2006 08:53 26,112 vgapnp.sys
02/11/2006 09:49 54,376 VIAAGP.SYS
02/11/2006 08:30 39,424 viac7.sys
02/11/2006 09:49 17,512 viaide.sys
19/01/2008 05:52 110,080 videoprt.sys
19/01/2008 07:42 52,792 volmgr.sys
19/01/2008 07:43 294,456 volmgrx.sys
19/01/2008 07:42 227,896 volsnap.sys
02/11/2006 09:50 112,232 vsmraid.sys
02/11/2006 08:52 20,608 wacompen.sys
19/01/2008 05:56 62,464 wanarp.sys
19/01/2008 05:35 32,768 watchdog.sys
02/11/2006 09:49 19,560 wd.sys
19/01/2008 07:43 503,864 Wdf01000.sys
19/01/2008 07:41 35,896 WdfLdr.sys
02/11/2006 08:35 11,264 wmiacpi.sys
19/01/2008 07:41 17,976 wmilib.sys
19/01/2008 06:04 39,936 WpdUsb.sys
19/01/2008 05:56 15,872 ws2ifsl.sys
19/01/2008 05:52 51,200 WUDFPf.sys
19/01/2008 05:53 83,328 WUDFRd.sys
24/05/2007 02:15 246,784 yk60x86.sys
331 File(s) 46,580,218 bytes

Directory of C:\Windows\System32\Drivers\en-US

25/12/2009 13:44 .
25/12/2009 13:44 ..
02/11/2006 12:41 9,728 acpi.sys.mui
02/11/2006 12:41 8,704 afd.sys.mui
02/11/2006 12:41 3,072 AGP440.sys.mui
02/11/2006 12:41 3,072 AMDAGP.SYS.mui
02/11/2006 12:40 2,560 amdide.sys.mui
02/11/2006 12:40 14,848 amdk7.sys.mui
02/11/2006 12:40 14,848 amdk8.sys.mui
02/11/2006 12:41 3,072 ati2mpad.sys.mui
02/11/2006 12:41 3,584 ati2mtag.sys.mui
02/11/2006 12:40 3,072 atikmdag.sys.mui
19/01/2008 07:30 5,120 b57nd60x.sys.mui
02/11/2006 12:40 7,680 battc.sys.mui
02/11/2006 12:40 5,120 bcm4sbxp.sys.mui
02/11/2006 12:40 2,560 BrParwdm.sys.mui
02/11/2006 12:41 10,240 BrSerId.sys.mui
02/11/2006 12:40 5,120 bthpan.sys.mui
02/11/2006 12:41 7,168 bthport.sys.mui
02/11/2006 12:41 3,072 cmbp0wdm.sys.mui
02/11/2006 12:40 14,848 crusoe.sys.mui
02/11/2006 12:41 3,072 cxbp0wdm.sys.mui
02/11/2006 12:40 3,072 Dot4usb.sys.mui
02/11/2006 12:40 4,096 dxgkrnl.sys.mui
02/11/2006 12:41 5,120 e100b325.sys.mui
19/01/2008 07:37 19,968 e1e6032.sys.mui
19/01/2008 07:40 16,896 E1G60I32.sys.mui
02/11/2006 12:40 5,120 fltmgr.sys.mui
02/11/2006 12:40 3,072 GAGP30KX.SYS.mui
02/11/2006 12:41 3,584 gpr400.sys.mui
02/11/2006 12:41 4,096 grserial.sys.mui
02/11/2006 12:41 3,584 hidbth.sys.mui
03/11/2009 22:18 36,864 http.sys.mui
02/11/2006 12:41 10,752 i8042prt.sys.mui
02/11/2006 12:40 14,848 intelppm.sys.mui
02/11/2006 12:41 6,144 IPMIDrv.sys.mui
02/11/2006 12:41 4,096 ipnat.sys.mui
02/11/2006 12:41 4,096 isapnp.sys.mui
02/11/2006 12:41 4,608 kbdclass.sys.mui
02/11/2006 12:41 3,072 kbdhid.sys.mui
02/11/2006 12:41 9,728 ltmdmnt.sys.mui
19/01/2008 07:30 6,656 luafv.sys.mui
02/11/2006 12:41 4,096 modem.sys.mui
02/11/2006 12:41 4,608 mouclass.sys.mui
02/11/2006 12:41 3,072 mouhid.sys.mui
19/01/2008 07:44 20,480 mpio.sys.mui
02/11/2006 12:41 4,096 msdsm.sys.mui
02/11/2006 12:41 3,584 mssmbios.sys.mui
02/11/2006 12:41 65,536 ntfs.sys.mui
02/11/2006 12:40 4,096 ntrigdigi.sys.mui
02/11/2006 12:41 5,120 nv4_mini.sys.mui
02/11/2006 12:41 3,072 NV_AGP.SYS.mui
02/11/2006 12:40 12,288 ohci1394.sys.mui
02/11/2006 12:41 3,584 pacer.sys.mui
02/11/2006 12:40 4,096 parport.sys.mui
02/11/2006 12:40 3,072 parvdm.sys.mui
02/11/2006 12:41 8,704 pci.sys.mui
02/11/2006 12:41 4,608 pcmcia.sys.mui
02/11/2006 12:41 3,072 pnpmem.sys.mui
02/11/2006 12:40 14,848 processr.sys.mui
02/11/2006 12:41 4,096 pscr.sys.mui
02/11/2006 12:41 3,072 qwavedrv.sys.mui
02/11/2006 12:40 3,584 RNDISMP.sys.mui
02/11/2006 12:41 3,584 rndismpx.sys.mui
02/11/2006 12:41 4,096 scmstcs.sys.mui
02/11/2006 12:41 4,096 SCR111.sys.mui
02/11/2006 12:41 3,584 scsiport.sys.mui
02/11/2006 12:40 10,752 serial.sys.mui
02/11/2006 12:41 5,632 sermouse.sys.mui
02/11/2006 12:41 3,072 serscan.sys.mui
02/11/2006 12:41 3,072 SISAGP.SYS.mui
02/11/2006 12:41 3,072 srv.sys.mui
02/11/2006 12:41 3,072 stcusb.sys.mui
19/01/2008 07:34 5,120 tpm.sys.mui
02/11/2006 12:40 3,072 UAGP35.SYS.mui
02/11/2006 12:41 3,072 ULIAGPKX.SYS.mui
02/11/2006 12:40 3,584 umbus.sys.mui
02/11/2006 12:41 3,072 VIAAGP.SYS.mui
02/11/2006 12:40 14,848 viac7.sys.mui
19/01/2008 07:36 32,768 volsnap.sys.mui
02/11/2006 12:41 4,608 wacompen.sys.mui
02/11/2006 12:41 2,560 wd.sys.mui
19/01/2008 07:33 3,072 wdf01000.sys.mui
02/11/2006 12:41 5,632 yk60x86.sys.mui
82 File(s) 608,256 bytes

Directory of C:\Windows\System32\Drivers\etc

10/08/2009 21:37 .
10/08/2009 21:37 ..
10/08/2009 21:37 27 hosts
18/09/2006 21:41 3,683 lmhosts.sam
18/09/2006 21:41 407 networks
18/09/2006 21:41 1,358 protocol
18/09/2006 21:41 17,244 services
5 File(s) 22,719 bytes

Directory of C:\Windows\System32\Drivers\UMDF

25/12/2009 13:43 .
25/12/2009 13:43 ..
02/11/2006 12:42 en-US
19/01/2008 07:37 220,160 WpdFs.dll
19/01/2008 07:37 664,576 WpdMtpDr.dll
2 File(s) 884,736 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

02/11/2006 12:42 .
02/11/2006 12:42 ..
02/11/2006 12:40 6,144 WpdMtpDr.dll.mui
1 File(s) 6,144 bytes

Total Files Listed:
421 File(s) 48,102,073 bytes
14 Dir(s) 92,876,664,832 bytes free


***********************Hidden Drivers********************
Volume in drive C is VistaOS
Volume Serial Number is F003-0F27

Directory of C:\Windows\System32\Drivers

23/08/2008 22:01 0 Msft_Kernel_SynTP_01000.Wdf
07/12/2008 21:31 0 Msft_User_WpdFs_01_00_00.Wdf
02/11/2009 18:23 0 Msft_User_WpdMtpDr_01_00_00.Wdf
3 File(s) 0 bytes
0 Dir(s) 92,876,664,832 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 464 Normal C:\Windows\System32\smss.exe
csrss.exe 540 Normal C:\Windows\system32\csrss.exe
wininit.exe 596 High C:\Windows\system32\wininit.exe
csrss.exe 608 Normal C:\Windows\system32\csrss.exe
services.exe 640 Normal C:\Windows\system32\services.exe
lsass.exe 652 Normal C:\Windows\system32\lsass.exe
lsm.exe 660 Normal C:\Windows\system32\lsm.exe
winlogon.exe 716 High C:\Windows\system32\winlogon.exe
svchost.exe 860 Normal C:\Windows\system32\svchost.exe
svchost.exe 936 Normal C:\Windows\system32\svchost.exe
svchost.exe 1020 Normal C:\Windows\system32\svchost.exe
svchost.exe 1064 Normal C:\Windows\System32\svchost.exe
Ati2evxx.exe 1152 Normal C:\Windows\system32\Ati2evxx.exe
svchost.exe 1176 Normal C:\Windows\System32\svchost.exe
svchost.exe 1212 Normal C:\Windows\System32\svchost.exe
svchost.exe 1236 Normal C:\Windows\system32\svchost.exe
SLsvc.exe 1336 Normal C:\Windows\system32\SLsvc.exe
Ati2evxx.exe 1416 Normal C:\Windows\system32\Ati2evxx.exe
aawservice.exe 1688 Normal C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
ADSMSrv.exe 1740 Normal C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
ASLDRSrv.exe 1772 Normal C:\Program Files\ATK Hotkey\ASLDRSrv.exe
GFNEXSrv.exe 1808 Normal C:\Program Files\ATKGFNEX\GFNEXSrv.exe
Dwm.exe 1860 High C:\Windows\system32\Dwm.exe
Explorer.EXE 1916 Normal C:\Windows\Explorer.EXE
sm56hlpr.exe 548 Normal C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
RtHDVCpl.exe 528 Normal C:\Windows\RtHDVCpl.exe
SynTPEnh.exe 692 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ASScrPro.exe 872 Normal C:\Windows\ASScrPro.exe
realsched.exe 1228 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
jusched.exe 1488 Normal C:\Program Files\Java\jre6\bin\jusched.exe
iTunesHelper.exe 1528 Normal C:\Program Files\iTunes\iTunesHelper.exe
GoogleToolbarNotifier.exe 1492 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
wmpnscfg.exe 1696 Normal C:\Program Files\Windows Media Player\wmpnscfg.exe
MOM.EXE 1900 Normal C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
Hcontrol.exe 1932 Normal C:\Program Files\ATK Hotkey\Hcontrol.exe
ATKOSD2.exe 2000 Normal C:\Program Files\ATKOSD2\ATKOSD2.exe
ACMON.exe 1628 Normal C:\Program Files\ASUS\Splendid\ACMON.exe
BatteryLife.exe 260 Normal C:\Program Files\P4G\BatteryLife.exe
ACEngSvr.exe 1676 Normal C:\Windows\System32\ACEngSvr.exe
ATKOSD.exe 2204 Normal C:\Program Files\ATK Hotkey\ATKOSD.exe
KBFiltr.exe 2320 Normal C:\Program Files\ATK Hotkey\KBFiltr.exe
WDC.exe 2332 Normal C:\Program Files\ATK Hotkey\WDC.exe
spoolsv.exe 2752 Normal C:\Windows\System32\spoolsv.exe
taskeng.exe 2776 Below Normal C:\Windows\system32\taskeng.exe
svchost.exe 2808 Normal C:\Windows\system32\svchost.exe
taskeng.exe 2888 Normal C:\Windows\system32\taskeng.exe
AppleMobileDeviceService.exe 3420 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 3452 Normal C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe 3472 Normal C:\Windows\system32\svchost.exe
iviRegMgr.exe 3840 Normal C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
KService.exe 3852 Normal C:\Program Files\Kontiki\KService.exe
svchost.exe 3908 Normal C:\Windows\system32\svchost.exe
PsiService_2.exe 3924 Normal C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
spmgr.exe 3964 Normal C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
svchost.exe 4012 Normal C:\Windows\system32\svchost.exe
svchost.exe 4072 Normal C:\Windows\System32\svchost.exe
WLIDSVC.EXE 632 Normal C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
SearchIndexer.exe 1732 Normal C:\Windows\system32\SearchIndexer.exe
wmpnetwk.exe 2852 Normal C:\Program Files\Windows Media Player\wmpnetwk.exe
iPodService.exe 504 Normal C:\Program Files\iPod\bin\iPodService.exe
wmiprvse.exe 3264 Normal C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 4020 Normal C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
unsecapp.exe 4924 Normal C:\Windows\system32\wbem\unsecapp.exe
CCC.exe 6000 Normal C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Iexplore.exe 4920 Normal C:\Program Files\Internet Explorer\Iexplore.exe
cmd.exe 5440 Normal C:\Windows\system32\cmd.exe
DllHost.exe 4040 Normal C:\Windows\system32\DllHost.exe
processes.exe 5860 Normal F:\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(1916)
MODULE BASE SIZE PATH
Explorer.EXE 7a0000 2936832 C:\Windows\Explorer.EXE 6.0.6000.16386 (vista_rtm.061101-2205) Windows Explorer
ntdll.dll 77650000 1208320 C:\Windows\system32\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NT Layer DLL
kernel32.dll 76890000 897024 C:\Windows\system32\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT BASE API Client DLL
ADVAPI32.dll 767c0000 811008 C:\Windows\system32\ADVAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Advanced Windows 32 Base API
RPCRT4.dll 76170000 794624 C:\Windows\system32\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Remote Procedure Call Runtime
GDI32.dll 76720000 307200 C:\Windows\system32\GDI32.dll 6.0.6001.18159 (vistasp1_gdr.081020-1655) GDI Client DLL
USER32.dll 76530000 643072 C:\Windows\system32\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multi-User Windows USER API Client DLL
msvcrt.dll 76320000 696320 C:\Windows\system32\msvcrt.dll 7.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT CRT DLL
SHLWAPI.dll 762c0000 360448 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
SHELL32.dll 76b40000 11599872 C:\Windows\system32\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Shell Common Dll
ole32.dll 765d0000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
OLEAUT32.dll 77820000 577536 C:\Windows\system32\OLEAUT32.dll 6.0.6001.18000 6.0.6001.18000
SHDOCVW.dll 731f0000 1077248 C:\Windows\system32\SHDOCVW.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Doc Object and Control Library
UxTheme.dll 74ae0000 258048 C:\Windows\system32\UxTheme.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft UxTheme Library
POWRPROF.dll 75250000 106496 C:\Windows\system32\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Power Profile Helper DLL
dwmapi.dll 73c20000 49152 C:\Windows\system32\dwmapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Desktop Window Manager API
gdiplus.dll 74780000 1748992 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll 5.2.6001.18175 (vistasp1_gdr.081126-1506) Microsoft GDI+
slc.dll 757b0000 237568 C:\Windows\system32\slc.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Software Licensing Client Dll
PROPSYS.dll 74530000 765952 C:\Windows\system32\PROPSYS.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Microsoft Property System
BROWSEUI.dll 730a0000 1335296 C:\Windows\system32\BROWSEUI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Browser UI Library
IMM32.dll 76970000 122880 C:\Windows\system32\IMM32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76460000 819200 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
DUser.dll 74ab0000 196608 C:\Windows\system32\DUser.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows DirectUser Engine
LPK.DLL 777c0000 36864 C:\Windows\system32\LPK.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Language Pack
USP10.dll 76240000 512000 C:\Windows\system32\USP10.dll 1.0626.6001.18000 (longhorn_rtm.080118-1840) Uniscribe Unicode script processor
comctl32.dll 74e80000 1695744 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common Controls Library
H8SRTvbxfnsqivv.dll 10000000 81920 \\?\globalroot\systemroot\system32\H8SRTvbxfnsqivv.dll
WININET.dll 75ec0000 856064 C:\Windows\system32\WININET.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Extensions for Win32
Normaliz.dll 77780000 12288 C:\Windows\system32\Normaliz.dll 6.0.6000.16386 (vista_rtm.061101-2205) Unicode Normalization DLL
iertutil.dll 76770000 286720 C:\Windows\system32\iertutil.dll 7.00.6001.18349 (vistasp1_gdr.091027-0032) Run time utility for Internet Explorer
WindowsCodecs.dll 74020000 733184 C:\Windows\system32\WindowsCodecs.dll 6.0.6001.22253 (vistasp1_ldr.080827-1507) Microsoft Windows Codecs Library
USERENV.dll 75d70000 122880 C:\Windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
Secur32.dll 75d50000 81920 C:\Windows\system32\Secur32.dll 6.0.6001.18272 (vistasp1_gdr.090615-0258) Security Support Provider Interface
apphelp.dll 75cf0000 180224 C:\Windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
CLBCatQ.DLL 763d0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6931.18000 (longhorn_rtm.080118-1840) COM+ Configuration Catalog
OverlayIconShlExt.dll 1dd0000 147456 C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll 1.4.7.615 OverlayIconShlExt
OverlayIconShlExt1.dll 2510000 143360 C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll 1.4.7.530 1.4.7.530
buShell.dll 6ed80000 581632 C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll 1.1.2.2 Backup Shell
WINMM.dll 75070000 204800 C:\Windows\system32\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205) MCI API DLL
OLEACC.dll 75030000 233472 C:\Windows\system32\OLEACC.dll 4.2.5406.0 (longhorn_rtm.080118-1840) Active Accessibility Core Component
MSVCR80.dll 72fd0000 634880 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCR80.dll 8.00.50727.4053 Microsoft®️ C Runtime Library
ccL70U.dll 6b170000 630784 C:\Program Files\Common Files\Symantec Shared\ccL70U.dll 107.0.6.4 Symantec Library
MSVCP80.dll 72f20000 552960 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCP80.dll 8.00.50727.4053 Microsoft®️ C++ Runtime Library
ws2_32.dll 77790000 184320 C:\Windows\system32\ws2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 76160000 24576 C:\Windows\system32\NSI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NSI User-mode interface DLL
ccVrTrst.dll 6bc30000 135168 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll 107.0.6.4 Symantec Trust Validation Engine
SETUPAPI.dll 75fd0000 1613824 C:\Windows\system32\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Setup API
WSOCK32.dll 72f10000 28672 C:\Windows\system32\WSOCK32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 32-Bit DLL
Crypt32.dll 757f0000 987136 C:\Windows\system32\Crypt32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 75950000 73728 C:\Windows\system32\MSASN1.dll 6.0.6001.18326 (vistasp1_gdr.090903-2340) ASN.1 Runtime APIs
WinTrust.dll 744a0000 184320 C:\Windows\system32\WinTrust.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Trust Verification APIs
imagehlp.dll 75fa0000 167936 C:\Windows\system32\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT Image Helper
ccSet.dll 6ba00000 126976 C:\Program Files\Common Files\Symantec Shared\ccSet.dll 107.0.6.4 Symantec Settings Manager Engine
ccIPC.dll 6b0a0000 163840 C:\Program Files\Common Files\Symantec Shared\ccIPC.dll 107.0.6.4 Symantec ccIPC Engine
IconCodecService.dll 72ef0000 24576 C:\Windows\system32\IconCodecService.dll 6.0.6000.16386 (vista_rtm.061101-2205) Converts a PNG part of the icon to a legacy bmp icon
rsaenh.dll 752b0000 241664 C:\Windows\system32\rsaenh.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Enhanced Cryptographic Provider
timedate.cpl 722c0000 729088 C:\Windows\system32\timedate.cpl 6.0.6001.18000 (longhorn_rtm.080118-1840) Time Date Control Panel Applet
ATL.DLL 749f0000 81920 C:\Windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
NETAPI32.dll 75bb0000 479232 C:\Windows\system32\NETAPI32.dll 6.0.6001.18157 (vistasp1_gdr.081015-1604) Net Win32 API DLL
PSAPI.DLL 75eb0000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
actxprxy.dll 72200000 339968 C:\Windows\System32\actxprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) ActiveX Interface Marshaling Library
WINBRAND.dll 75340000 880640 C:\Windows\system32\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Branding Resources
shacct.dll 74760000 90112 C:\Windows\System32\shacct.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Shell Accounts Classes
SAMLIB.dll 75980000 69632 C:\Windows\System32\SAMLIB.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) SAM Library DLL
msshsq.dll 72120000 245760 C:\Windows\System32\msshsq.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Structured Query
NaturalLanguage6.dll 718f0000 811008 C:\Windows\System32\NaturalLanguage6.dll 6.0.6001.18098 (vistasp1_gdr.080625-1507) Natural Language Development Platform 6
authui.dll 74b20000 1998848 C:\Windows\system32\authui.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Authentication UI
MSIMG32.dll 74da0000 20480 C:\Windows\system32\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDIEXT Client DLL
LINKINFO.dll 73070000 36864 C:\Windows\system32\LINKINFO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Volume Tracking
msiltcfg.dll 72f00000 28672 C:\Windows\system32\msiltcfg.dll 4.0.6000.16386 (vista_rtm.061101-2205) Windows Installer Configuration API Stub
VERSION.dll 74db0000 32768 C:\Windows\system32\VERSION.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Version Checking and File Installation Libraries
ieframe.dll 72380000 6086656 C:\Windows\system32\ieframe.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Explorer
msi.dll 72950000 2105344 C:\Windows\system32\msi.dll 4.0.6001.18000 Windows Installer
NTMARTA.DLL 751c0000 135168 C:\Windows\system32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 777d0000 303104 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
urlmon.dll 76a10000 1220608 C:\Windows\system32\urlmon.dll 7.00.6001.18000 (longhorn_rtm.080118-1840) OLE32 Extensions for Win32
ntshrui.dll 720b0000 303104 C:\Windows\system32\ntshrui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell extensions for sharing
NetworkExplorer.dll 716c0000 2240512 C:\Windows\system32\NetworkExplorer.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Explorer
cscapi.dll 746d0000 45056 C:\Windows\system32\cscapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Offline Files Win32 API
serwvdrv.dll 74670000 32768 C:\Windows\system32\serwvdrv.dll 6.0.6000.16386 (vista_rtm.061101-2205) Unimodem Serial Wave driver
umdmxfrm.dll 74660000 32768 C:\Windows\system32\umdmxfrm.dll 6.0.6000.16386 (vista_rtm.061101-2205) Unimodem Tranform Module
wdmaud.drv 71580000 192512 C:\Windows\system32\wdmaud.drv 6.0.6000.16386 (vista_rtm.061101-2205) Winmm audio system driver
ksuser.dll 74650000 16384 C:\Windows\system32\ksuser.dll 6.0.6000.16386 (vista_rtm.061101-2205) User CSA Library
MMDevAPI.DLL 74730000 159744 C:\Windows\system32\MMDevAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) MMDevice API
AVRT.dll 74940000 28672 C:\Windows\system32\AVRT.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multimedia Realtime Runtime
AUDIOSES.DLL 71530000 135168 C:\Windows\system32\AUDIOSES.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Audio Session
audioeng.dll 714c0000 417792 C:\Windows\system32\audioeng.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Audio Engine
ExplorerFrame.dll 74600000 36864 C:\Windows\system32\ExplorerFrame.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) ExplorerFrame
msacm32.drv 72de0000 36864 C:\Windows\system32\msacm32.drv 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sound Mapper
MSACM32.dll 707a0000 81920 C:\Windows\system32\MSACM32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft ACM Audio Filter
midimap.dll 72cd0000 28672 C:\Windows\system32\midimap.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft MIDI Mapper
AppMgr32.dll 6fb60000 290816 C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll 2.2.00.2 Symantec Application Core Manager
stobject.dll 6f620000 598016 C:\Windows\system32\stobject.dll 6.0.6000.16386 (vista_rtm.061101-2205) Systray shell service object
BatMeter.dll 707f0000 745472 C:\Windows\system32\BatMeter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Battery Meter Helper DLL
WTSAPI32.dll 749e0000 40960 C:\Windows\system32\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Terminal Server SDK APIs
WINSTA.dll 75540000 151552 C:\Windows\system32\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Winstation Library
es.dll 740e0000 290816 C:\Windows\system32\es.dll 2001.12.6931.18057 (vistasp1_gdr.080417-1550) COM+
SndVolSSO.dll 6f530000 196608 C:\Windows\System32\SndVolSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) SCA Volume
msxml5.dll 78800000 1425408 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll 5.20.1087.0 MSXML 5.0
ehSSO.dll 6f560000 135168 C:\Windows\ehome\ehSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Media Center Shell Service Object
HID.DLL 74930000 36864 C:\Windows\system32\HID.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Hid User Library
netshell.dll 6e450000 3190784 C:\Windows\System32\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Connections Shell
IPHLPAPI.DLL 75750000 102400 C:\Windows\System32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc.DLL 75710000 217088 C:\Windows\System32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 759a0000 180224 C:\Windows\System32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 75700000 28672 C:\Windows\System32\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Store Information RPC interface
dhcpcsvc6.DLL 756d0000 135168 C:\Windows\System32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
nlaapi.dll 75180000 61440 C:\Windows\System32\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Location Awareness 2
FirewallAPI.dll 74dc0000 417792 C:\Windows\system32\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Firewall API
pnidui.dll 6efd0000 1830912 C:\Windows\system32\pnidui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network System Icon
QUtil.dll 707d0000 94208 C:\Windows\system32\QUtil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Utilities
wevtapi.dll 75770000 262144 C:\Windows\system32\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eventing Consumption and Configuration API
wlanutil.dll 73cc0000 24576 C:\Windows\system32\wlanutil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Wireless LAN 802.11 Utility DLL
FunDisc.dll 6efa0000 159744 C:\Windows\system32\FunDisc.dll 6.0.6000.16386 (vista_rtm.061101-2205) Function Discovery Dll
fdproxy.dll 70cc0000 36864 C:\Windows\system32\fdproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Function Discovery Proxy Dll
MLANG.dll 72df0000 196608 C:\Windows\system32\MLANG.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi Language Support DLL
Cabinet.dll 74710000 86016 C:\Windows\system32\Cabinet.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft®️ Cabinet File API
MPR.dll 758f0000 81920 C:\Windows\system32\MPR.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multiple Provider Router DLL
SXS.DLL 75c30000 389120 C:\Windows\system32\SXS.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Fusion 2.5
PortableDeviceApi.dll 70a50000 253952 C:\Windows\system32\PortableDeviceApi.dll 6.0.6001.18160 (vistasp1_gdr.081021-1528) Windows Portable Device API Components
npmproxy.dll 6c150000 32768 C:\Windows\System32\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network List Manager Proxy
Wlanapi.dll 708b0000 73728 C:\Windows\system32\Wlanapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows WLAN AutoConfig Client Side API DLL
OneX.DLL 73cf0000 1556480 C:\Windows\system32\OneX.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) IEEE 802.1X supplicant library
eappprxy.dll 74430000 57344 C:\Windows\system32\eappprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft EAPHost Peer Client DLL
eappcfg.dll 73f70000 147456 C:\Windows\system32\eappcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eap Peer Config
bcrypt.dll 75630000 282624 C:\Windows\system32\bcrypt.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Cryptographic Primitives Library
AltTab.dll 66e30000 53248 C:\Windows\System32\AltTab.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Alt Tab
wpdshserviceobj.dll 65d20000 143360 C:\Windows\system32\wpdshserviceobj.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Portable Device Shell Service Object
WINHTTP.dll 6f370000 393216 C:\Windows\system32\WINHTTP.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows HTTP Services
srchadmin.dll 64a40000 315392 C:\Windows\System32\srchadmin.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Indexing Options
mssprxy.dll 70ea0000 45056 C:\Windows\system32\mssprxy.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Microsoft Search Proxy
webcheck.dll 65ca0000 245760 C:\Windows\system32\webcheck.dll 7.00.6000.16386 (vista_rtm.061101-2205) Web Site Monitor
SyncCenter.dll 664c0000 2211840 C:\Windows\System32\SyncCenter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sync Center
wscntfy.dll 65ce0000 233472 C:\Windows\system32\wscntfy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Security Center Notification App
WSCAPI.dll 672d0000 45056 C:\Windows\system32\WSCAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Security Center API
imapi2.dll 64980000 331776 C:\Windows\system32\imapi2.dll 6.0.6000.16386 (vista_rtm.061101-2205) Image Mastering API v2
bthprops.cpl 64880000 1019904 C:\Windows\system32\bthprops.cpl 6.0.6000.16386 (vista_rtm.061101-2205) Bluetooth Control Panel Applet
PortableDeviceTypes.dll 6c060000 176128 C:\Windows\system32\PortableDeviceTypes.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Portable Device (Parameter) Types Component
QAgent.dll 6bf80000 188416 C:\Windows\System32\QAgent.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Agent Proxy
fwpuclnt.dll 6c930000 614400 C:\Windows\System32\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) FWP/IPsec User-Mode API
wbemprox.dll 6df10000 45056 C:\Windows\system32\wbem\wbemprox.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) WMI
wbemcomn.dll 6de90000 372736 C:\Windows\system32\wbemcomn.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) WMI
wbemsvc.dll 6bef0000 65536 C:\Windows\system32\wbem\wbemsvc.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) WMI
fastprox.dll 67c10000 626688 C:\Windows\system32\wbem\fastprox.dll 6.0.6001.18226 (vistasp1_gdr.090302-1506) WMI Custom Marshaller
NTDSAPI.dll 75930000 98304 C:\Windows\system32\NTDSAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Active Directory Domain Services API
tiptsf.dll 6ef20000 393216 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 6.0.6000.16386 (vista_rtm.061101-2205) Tablet PC Input Panel Text Services Framework
AcroIEHelper.dll 2890000 65536 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 8.0.0.2006102200 Adobe PDF Helper for Internet Explorer
xmllite.dll 74a50000 192512 C:\Windows\system32\xmllite.dll 1.2.1009.0 Microsoft XmlLite Library
thumbcache.dll 6e410000 90112 C:\Windows\system32\thumbcache.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Thumbnail Cache
dciman32.dll 73b60000 24576 C:\Windows\system32\dciman32.dll 6.0.6001.18272 (vistasp1_gdr.090615-0258) DCI Manager
NLSData0009.dll 63590000 4886528 C:\Windows\System32\NLSData0009.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft English Natural Language Server Data and Code
NLSLexicons0009.dll 66910000 2650112 C:\Windows\System32\NLSLexicons0009.dll 6.0.6001.18098 (vistasp1_gdr.080625-1507) Microsoft English Natural Language Server Data and Code
AdsmendecExt.dll 7af0000 348160 C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll 1.6.7.807 1.6.7.807
WINSPOOL.DRV 72e20000 270336 C:\Windows\system32\WINSPOOL.DRV 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Spooler Driver
rarext.dll 4050000 188416 C:\Program Files\WinRAR\rarext.dll
mbamext.dll 3de0000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 2, 0, 0 Malwarebytes' Anti-Malware
tpShell.dll 6a8d0000 573440 C:\PROGRA~1\NORTON~1\tpShell.dll 2.0.0.242 TP Shell Extension
syncui.dll 6e080000 188416 C:\Windows\system32\syncui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Briefcase
SYNCENG.dll 6f350000 90112 C:\Windows\system32\SYNCENG.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Briefcase Engine



******************************************
EOF

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.


==

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

==

Please post the logs from GMER and DDS.

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
when i clicked on gmer after extracting it, a windows error message popped up saying "gmer has stopped working" so i was unable to run that scan.

Here is the DDS scan though.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 14:39:51.21 on 28/12/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2084 [GMT 0:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.bbc.co.uk/sport1/hi/football/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [richtx64.exe] c:\users\owner\appdata\local\temp\richtx64.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe"
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\WECPUpdate.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\aqsyo56o.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/sport1/hi/football/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\aqsyo56o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090811.002\IDSvix86.sys [2009-8-12 272432]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-6-2 611664]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-18 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 gupdate1ca09f6842e3fa5;Google Update Service (gupdate1ca09f6842e3fa5);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-11-5 149352]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-15 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-15 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-15 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-15 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-15 1079176]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-23 1245064]
SUnknown GETPADD;GETPADD; [x]

=============== Created Last 30 ================

2009-12-25 13:20:59 0 d-----w- c:\windows\system32\EventProviders
2009-12-25 12:52:19 0 d-----w- c:\program files\Malware Defense
2009-12-25 12:43:21 665 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-25 12:42:04 202 ----a-w- c:\windows\system32\srcr.dat
2009-12-12 03:00:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 03:00:41 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 03:00:40 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 03:36:51 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-10 03:36:51 244224 ----a-w- c:\windows\system32\rastls.dll

==================== Find3M ====================

2009-12-25 13:54:46 45056 ----a-w- c:\windows\system32\acovcnt.exe
2009-12-25 13:43:56 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-25 13:43:49 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-25 13:43:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-25 13:39:40 30808 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-12-25 13:31:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-12 23:25:51 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-02 18:23:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-12-07 01:20:53 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-12-11 17:24:27 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2008-12-11 17:24:27 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2008-12-11 17:24:27 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:41:25.00 ===============

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
There is a dangerous backdoor trojan on your system. This is a sign of total system compromise.
Backdoor trojans are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to: http://www.viruslist.com/en/viruses/glossary?glossid=189208417
I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer until the computer can be cleaned.
Then, access this information from a non-compromised computer to follow the steps needed.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

  • How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  • What Should I Do If I've Become A Victim Of Identity Theft?
  • Identity Theft Victims Guide - What to do

Though the backdoor has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a backdoor trojan. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove backdoor trojans cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:

  • When should I re-format? How should I reinstall?
  • Help: I Got Hacked. Now What Do I Do?
  • Help: I Got Hacked. Now What Do I Do? Part II
  • Where to draw the line? When to recommend a format and reinstall?
Guides for format and reinstall: http://www.geekpolice.net/tutorials-guides-f13/how-to-reformat-and-reinstall-your-operating-system-t15119.htm#95115

http://www.helpmyos.com/tutorials-software-alternatives-to-proprietary-f19/how-to-reformat-and-reinstall-your-operating-system-the-easy-way-t1307.htm#3143
However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
ok, about 2 hours ago now, i happened to click on combofix to see if it would work this time (remember i said it wouldn't work first time i tried?) and it happened to open up this time and it did a scan and said it removed some infections, and since this happened all the problems have gone. I can now access the internet when i couldn't before. I can now run malware-bytes when i couldn't before (and i ran a scan on malware-bytes, and no malicious infections were found), I am no longer getting any pop-ups, and my computer is working at the same speed as it was before the problems occured.

could the problem have been cured? as the laptop appears to be functioning exactly the same as it was before the problems started

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


==

Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


==

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, and post the log in your next reply.

==

Please post the following logs:
-If exist, ComboFix log. (C:\combofix.txt)
-Malwarebytes log
-SDFix log
-Dr Web Cure It log

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
ok so i ran the Dr Web Cure it scan and then after it had finished went to 'file' and clicked save report list, however this caused my laptop to crash

i then went to the SDFix folder in safe mode and clicked RunThis.bat, however nothing happened, so i assume the laptop is still infected Sad tearing

so i think i will take your earlier advice of reformatting and reinstalling the OS, however i am not too sure how to do this? can i do it myself? or must i take it somewhere and get charged by someone to do it for me?

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
Guides for format and reinstall: http://www.geekpolice.net/tutorials-guides-f13/how-to-reformat-and-reinstall-your-operating-system-t15119.htm#95115

http://www.helpmyos.com/tutorials-software-alternatives-to-proprietary-f19/how-to-reformat-and-reinstall-your-operating-system-the-easy-way-t1307.htm#3143

descriptioni cannot access the internet even though i am connected EmptyRe: i cannot access the internet even though i am connected

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum