Unkown Virus or Malware or SOMETHING???

OK,

There is something wrong with my computer. It started when my Windows OneLive Care shut off and said it was unable to open. I tried to open and it said get tech help. My internet works fine but the little boxes on the bottom left say I am not connected. I have tried to download Sptbot search and destroy, adaware, and Norton antivirus. All installed the application to the computer but when I click run or open the curser has a little circle that spins like it is loading. It NEVER loads it just does it forever. I also would click system restore and it opens the window but same thing with the curser, when I try to click the exit at the top right it dings at me and won't let me click it. Also I tried to delete my recycle bin and it won't open it. It will open games and some other stuff on my computer but it will not open any of the stuff to get rid of whatever I have. Please help

Hi

Please download ComboFix by sUBs
Link 1: Forospyware.com or Link 2: BleepingComputer.com

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Hey,

I tried to save both programs like described below. Nether program will save, when I click the link it pops up with a screen that says run, save, cancel. I click save, the links close and nothing happens.

Hi

Rooter Rootkit Detector - Download

Download Rooter.exe to your desktop

1. Double click it to start the tool.
   
2. A Notepad file containing the report will open, also found at
   %systemdrive%(usually C:)\Rooter.txt. Post that log in your next reply.
   

I tried to download rooter.exe. A box pops up and says run, save, cancel. I tried to click save the box then just disappears. I did it again and clicked run, it started to load, it got about 3/4 finished and the box disappeared and closed. Nothing happened, I am unable to download anything.

Hi

Please download this file from another computer and transfer it to the infected computer.

Please download ComboFix by sUBs
Link 1: Forospyware.com or Link 2: BleepingComputer.com

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Hey,

I downloaded bleepingcomputer.com on my computer in safe mode I received the post in notepad. Now I can't access anything!!!! I can't open any of my internet programs, or access any form of internet through my computer. I am currently using my girlfriends computer to write but I can't post you what I have in notepad, What do I do now. PLease help.

Hi

Did you reboot your computer and see if you have Internet? Try rebooting your computer again.

If you can, transfer the log file from the infected computer to another computer via flash drive or external drive, then post it in your next reply.

Hey
I rebooted my computer and the internet works again I was also able to transfer the log to a non infected computer via external drive. Here it is.



ComboFix 09-09-28.01 - Justin 09/28/2009 19:17.1.2 - NTFSx86 NETWORK
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3061.2531 [GMT -7:00]
Running from: c:\users\Justin\Downloads\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.
ADS - Windows: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2736256951-2955079388-750801876-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\windows\system32\oem8.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 02:22 . 2009-09-29 02:23 -------- d-----w- c:\users\Justin\AppData\Local\temp
2009-09-29 02:22 . 2009-09-29 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-16 22:43 . 2009-09-16 22:43 -------- d-----w- c:\programdata\NortonInstaller
2009-09-15 00:38 . 2009-09-15 00:38 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-09-14 21:48 . 2009-09-14 21:48 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-14 21:43 . 2009-09-14 21:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-14 21:43 . 2009-09-14 21:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-14 18:00 . 2009-09-14 18:00 -------- d-----w- c:\program files\iPod(85)
2009-09-14 18:00 . 2009-09-14 18:01 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 18:00 . 2009-09-14 18:01 -------- d-----w- c:\program files\iTunes(86)
2009-09-14 17:58 . 2009-09-14 17:59 -------- d-----w- c:\program files\QuickTime(87)
2009-09-14 02:01 . 2009-09-14 02:01 -------- d-----w- c:\programdata\WindowsSearch
2009-08-31 03:27 . 2009-08-31 03:27 -------- d-----w- c:\users\Justin\AppData\Local\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 01:35 . 2009-07-04 20:37 -------- d-----w- c:\program files\QuickTime
2009-09-17 01:35 . 2009-07-29 00:18 -------- d-----w- c:\program files\iTunes
2009-09-17 01:35 . 2009-04-10 04:42 -------- d-----w- c:\program files\Dl_cats
2009-09-17 01:35 . 2009-07-06 13:00 -------- d-----w- c:\program files\Common Files\Apple
2009-09-17 01:33 . 2009-07-29 00:18 -------- d-----w- c:\program files\iPod
2009-09-15 00:58 . 2009-08-17 05:10 5972 ----a-w- c:\users\Justin\AppData\Local\d3d9caps.dat
2009-09-14 17:55 . 2009-04-09 15:07 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-14 16:13 . 2009-07-04 20:47 -------- d-----w- c:\users\Justin\AppData\Roaming\LimeWire
2009-09-14 16:13 . 2009-04-13 03:58 -------- d-----w- c:\programdata\Google Updater
2009-08-17 05:09 . 2009-08-17 05:09 -------- d-----w- c:\users\Justin\AppData\Roaming\Atari
2009-08-17 03:43 . 2009-08-17 03:43 -------- d-----w- c:\users\Justin\AppData\Roaming\Leadertech
2009-08-17 03:37 . 2009-08-17 03:37 -------- d-----w- c:\program files\Atari
2009-08-17 03:37 . 2009-04-06 23:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 10:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-18 16:06 . 2009-07-29 01:13 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 01:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 01:13 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-11 21:40 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-11 21:38 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-11 21:38 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-11 21:38 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-11 21:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-06 23:50 . 2009-04-06 23:50 76 --sh--r- c:\windows\CT4CET.bin
2009-04-03 20:56 . 2009-04-03 20:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-13 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom reƖ Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-05-31 202016]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"DLCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-21 73728]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2007-01-12 435696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-13 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-4-6 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DB222A50-1E48-44F8-A281-D2661B09F1E9}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{5F9B3D53-A0D7-41B0-AB47-49A6B38DF86B}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A0573EA4-7CD6-4A6F-B216-12E9847BA2CD}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{C32F3262-4FFF-4DB2-AA44-586C40A2D035}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{25A07C2B-FFAB-4396-92E9-7F6A58B22F8D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CB602235-91F7-404A-BABF-DEE05016D3C6}"= UDP:c:\program files\Qwest\QuickConnect\QuickConnect.exe:QuickConnect
"{92A842E2-70CA-4822-BB48-0A494026BF7D}"= TCP:c:\program files\Qwest\QuickConnect\QuickConnect.exe:QuickConnect
"{987342AA-1E47-467B-A1A4-86860BE6EF4F}"= UDP:c:\program files\Qwest\QuickConnect\QuickConnect.exe:QuickConnect
"{83A8EBD9-3342-48CB-8A75-0956466EA6DC}"= TCP:c:\program files\Qwest\QuickConnect\QuickConnect.exe:QuickConnect
"{A759C494-A255-4407-8953-CB6AE01F70FD}"= UDP:63331:Windows Live OneCare
"{CFE0D6BE-2367-4F4A-97A1-2FD08AF87771}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{703534CC-5D63-4CFF-A466-8A8AEF0A1924}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{32F7A676-6054-4F7B-A6C8-F5AFADD33672}"= UDP:c:\windows\System32\dlcicoms.exe:Lexmark Communications System
"{EB9CE631-F44A-4703-9E50-05DB7508EF64}"= TCP:c:\windows\System32\dlcicoms.exe:Lexmark Communications System
"{E366CA3F-B7B3-4F48-984A-5F889D7A65B4}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlcipswx.exe:Printer Status Window
"{1922D13F-7ECC-4668-B713-7076E91191C1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlcipswx.exe:Printer Status Window
"{5C13D10C-B522-486D-930A-FE52765F9486}"= UDP:c:\program files\Dell AIO Printer 946\DLCImon.exe:Device Monitor
"{2CD73BF9-47BB-4BDB-859F-B3734DDD66DF}"= TCP:c:\program files\Dell AIO Printer 946\DLCImon.exe:Device Monitor
"{5263A76C-ED92-4790-9275-23F0E46EE10B}"= UDP:c:\program files\Dell AIO Printer 946\DLCIaiox.exe:All In One Center
"{3A4FCD4C-649B-4565-A027-74A36E913E3D}"= TCP:c:\program files\Dell AIO Printer 946\DLCIaiox.exe:All In One Center
"{7BB3D5CD-0A6C-4E2D-B8EB-EAF8EC9A9FB1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4460C96F-56E9-4428-8E9F-AD49312E8AE0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{416AC3EE-C9A3-4359-BEDC-1FBC402D0E0C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{679D4D73-B1C0-4245-9DC5-49D60BE8CAE6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB403C9D-AA38-4DB6-9301-AED298722DA6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2CD266C0-9884-4F37-8307-997820DA8BBB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2F09D0E-8165-4FE8-BCAF-F6030673C165}"= UDP:63331:Windows Live OneCare
"{96F83C32-9A94-42C9-BC6D-A4050F430757}"= UDP:63331:Windows Live OneCare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [4/6/2009 11:32 AM 73728]
S2 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
S2 gupdate1c9bbec7f4b67f0;Google Update Service (gupdate1c9bbec7f4b67f0);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 9:01 PM 133104]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [4/3/2009 2:22 PM 111616]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [4/3/2009 2:22 PM 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [4/3/2009 2:22 PM 7424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2009-09-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-13 03:58]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 04:01]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 04:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1245510126&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
mStart Page = hxxp://qwest.live.com
uInternet Settings,ProxyOverride = ;*.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 19:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-29 19:24
ComboFix-quarantined-files.txt 2009-09-29 02:24

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 85,332,733,952 bytes free

198 --- E O F --- 2009-08-26 10:01

Hi

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Hey,

Do I download this in safe mode or normal mode?

If you cannot download in Normal Mode, then Safe Mode with Networking will work.

Hey,

Ii had to boot in safe mode, I attempted to do it in normal mode but no luck. I couldn't even log on the screen turned black after I entered my password. Anyways it worked in Safe mode but scan said no malicious files. Here is the log.


Malwarebytes' Anti-Malware 1.41
Database version: 2874
Windows 6.0.6001 Service Pack 1 (Safe Mode)

9/29/2009 9:14:29 PM
mbam-log-2009-09-29 (21-14-29).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 226578
Time elapsed: 35 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi

Please download SpiderKill and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows [Version 6.0.6001]

********************Drivers list********************


Volume in drive C is OS
Volume Serial Number is 6AA8-DE52

Directory of C:\Windows\System32\Drivers

09/29/2009 08:04 PM .
09/29/2009 08:04 PM ..
04/03/2009 01:47 PM 5,127 1028_Dell_INS_1525.mrk
01/20/2008 07:23 PM 53,376 1394bus.sys
04/03/2009 01:51 PM 266,808 acpi.sys
01/20/2008 07:23 PM 422,968 adp94xx.sys
01/20/2008 07:23 PM 300,600 adpahci.sys
01/20/2008 07:23 PM 101,432 adpu160m.sys
01/20/2008 07:23 PM 149,560 adpu320.sys
01/20/2008 07:24 PM 273,920 afd.sys
01/20/2008 07:23 PM 56,376 AGP440.sys
01/20/2008 07:23 PM 17,464 aliide.sys
01/20/2008 07:23 PM 57,400 AMDAGP.SYS
01/20/2008 07:23 PM 17,976 amdide.sys
01/20/2008 07:23 PM 41,472 amdk7.sys
01/20/2008 07:23 PM 44,032 amdk8.sys
05/04/2008 02:25 AM 164,400 Apfiltr.sys
01/20/2008 07:23 PM 79,416 arc.sys
01/20/2008 07:23 PM 79,928 arcsas.sys
01/20/2008 07:24 PM 17,408 asyncmac.sys
04/03/2009 01:51 PM 21,560 atapi.sys
01/20/2008 07:23 PM 110,136 ataport.sys
11/02/2006 12:36 AM 2,028,032 atikmdag.sys
10/01/2006 02:10 PM 328,162 ativcaxx.cpa
10/01/2006 02:10 PM 929 ativcaxx.vp
10/01/2006 02:10 PM 2,096 ativokxx.vp
10/01/2006 02:10 PM 2,096 ativpkxx.vp
10/15/2006 02:11 PM 34,656 ativvpxx.vp
01/20/2008 07:23 PM 28,216 battc.sys
12/18/2008 02:55 AM 18,424 bcm42rly.sys
12/18/2008 02:57 AM 1,331,192 BCMWL6.SYS
01/20/2008 07:23 PM 12,288 bdasup.sys
01/20/2008 07:23 PM 6,144 beep.sys
01/20/2008 07:23 PM 45,568 blbdrive.sys
01/20/2008 07:23 PM 69,632 bowser.sys
11/02/2006 01:24 AM 13,568 BrFiltLo.sys
11/02/2006 01:24 AM 5,248 BrFiltUp.sys
01/20/2008 07:23 PM 93,696 bridge.sys
11/02/2006 01:25 AM 71,808 BrSerId.sys
11/02/2006 01:24 AM 62,336 BrSerWdm.sys
11/02/2006 01:24 AM 12,160 BrUsbMdm.sys
11/02/2006 01:24 AM 11,904 BrUsbSer.sys
11/02/2006 01:55 AM 39,936 bthmodem.sys
01/20/2008 07:23 PM 70,144 cdfs.sys
02/02/2007 03:00 AM 9,336 cdr4_xp.sys
02/02/2007 03:00 AM 9,464 cdralw2k.sys
01/20/2008 07:23 PM 67,072 cdrom.sys
01/20/2008 07:23 PM 35,328 circlass.sys
01/20/2008 07:24 PM 127,544 Classpnp.sys
01/20/2008 07:23 PM 14,208 CmBatt.sys
01/20/2008 07:23 PM 19,000 cmdide.sys
01/20/2008 07:23 PM 20,792 compbatt.sys
01/20/2008 07:23 PM 36,408 crashdmp.sys
01/20/2008 07:23 PM 24,632 crcdisk.sys
01/20/2008 07:23 PM 40,960 crusoe.sys
06/23/2008 05:45 AM 146,146 del1028.cty
01/20/2008 07:24 PM 75,264 dfsc.sys
01/20/2008 07:23 PM 55,352 disk.sys
01/20/2008 07:24 PM 19,968 Diskdump.sys
11/02/2006 02:50 AM 71,272 djsvs.sys
04/03/2009 01:51 PM 130,048 drmk.sys
04/03/2009 01:51 PM 5,632 drmkaud.sys
01/20/2008 07:24 PM 29,240 Dumpata.sys
01/20/2008 07:24 PM 13,312 dxapi.sys
01/20/2008 07:24 PM 76,288 dxg.sys
04/03/2009 02:17 PM 625,152 dxgkrnl.sys
01/20/2008 07:23 PM 220,672 e1e6032.sys
01/20/2008 07:23 PM 118,784 E1G60I32.sys
01/20/2008 07:23 PM 143,416 ecache.sys
01/20/2008 07:23 PM 342,584 elxstor.sys
01/20/2008 07:34 PM en-US
01/20/2008 07:23 PM 6,656 errdev.sys
09/16/2009 06:35 PM etc
01/20/2008 07:25 PM 136,192 exfat.sys
01/20/2008 07:24 PM 143,360 fastfat.sys
01/20/2008 07:23 PM 25,088 fdc.sys
01/20/2008 07:24 PM 58,936 fileinfo.sys
01/20/2008 07:24 PM 27,648 filetrace.sys
01/20/2008 07:23 PM 20,480 flpydisk.sys
01/20/2008 07:24 PM 192,056 fltMgr.sys
01/20/2008 07:24 PM 12,800 fs_rec.sys
01/20/2008 07:23 PM 101,432 FWPKCLNT.SYS
01/20/2008 07:23 PM 61,496 GAGP30KX.SYS
03/19/2009 04:32 PM 23,400 GEARAspiWDM.sys
09/18/2006 02:26 PM 3,440,660 gm.dls
09/18/2006 02:26 PM 646 gmreadme.txt
01/20/2008 07:23 PM 53,760 hdaudbus.sys
11/02/2006 01:55 AM 29,184 hidbth.sys
01/20/2008 07:23 PM 38,912 hidclass.sys
11/02/2006 01:55 AM 21,504 hidir.sys
01/20/2008 07:23 PM 25,472 hidparse.sys
01/20/2008 07:23 PM 12,288 hidusb.sys
01/20/2008 07:23 PM 40,504 HpCISSs.sys
06/23/2008 05:45 AM 208,384 HSXHWAZL.sys
06/23/2008 05:45 AM 661,504 HSX_CNXT.sys
06/23/2008 05:45 AM 980,992 HSX_DPV.sys
01/20/2008 07:23 PM 401,408 http.sys
01/20/2008 07:23 PM 19,000 i2omgmt.sys
01/20/2008 07:23 PM 30,264 i2omp.sys
01/20/2008 07:23 PM 54,784 i8042prt.sys
09/06/2007 09:43 AM 304,920 iaStor.sys
01/20/2008 07:23 PM 235,064 iaStorV.sys
03/06/2008 12:58 AM 2,016,256 igdkmd32.sys
11/02/2006 02:50 AM 41,576 iirsp.sys
03/06/2008 12:58 AM 111,616 IntcHdmi.sys
01/20/2008 07:23 PM 17,976 intelide.sys
01/20/2008 07:23 PM 41,472 intelppm.sys
01/20/2008 07:24 PM 47,616 ipfltdrv.sys
01/20/2008 07:23 PM 64,512 IPMIDrv.sys
01/20/2008 07:24 PM 100,864 ipnat.sys
01/20/2008 07:24 PM 95,744 irda.sys
01/20/2008 07:23 PM 13,312 irenum.sys
01/20/2008 07:23 PM 49,720 isapnp.sys
11/02/2006 02:50 AM 35,944 iteatapi.sys
11/02/2006 02:50 AM 35,944 iteraid.sys
01/20/2008 07:23 PM 35,384 kbdclass.sys
01/20/2008 07:23 PM 15,872 kbdhid.sys
01/20/2008 07:24 PM 148,992 ks.sys
06/15/2009 11:20 AM 439,896 ksecdd.sys
01/20/2008 07:24 PM 47,104 lltdio.sys
01/20/2008 07:23 PM 96,312 lsi_fc.sys
01/20/2008 07:23 PM 89,656 lsi_sas.sys
01/20/2008 07:23 PM 96,312 lsi_scsi.sys
01/20/2008 07:24 PM 84,480 luafv.sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
01/20/2008 07:24 PM 18,944 mcd.sys
06/23/2008 05:45 AM 12,672 mdmxsdk.sys
01/20/2008 07:23 PM 31,288 megasas.sys
01/20/2008 07:23 PM 386,616 MegaSR.sys
01/20/2008 07:24 PM 31,744 modem.sys
01/20/2008 07:23 PM 41,984 monitor.sys
01/20/2008 07:23 PM 34,360 mouclass.sys
01/20/2008 07:23 PM 15,872 mouhid.sys
01/20/2008 07:23 PM 57,400 mountmgr.sys
05/15/2008 04:15 PM 53,168 MpFilter.sys
01/20/2008 07:23 PM 105,016 mpio.sys
01/20/2008 07:24 PM 64,000 mpsdrv.sys
11/02/2006 02:49 AM 33,384 Mraid35x.sys
01/20/2008 07:23 PM 110,080 mrxdav.sys
01/20/2008 07:24 PM 105,472 mrxsmb.sys
04/03/2009 01:55 PM 212,480 mrxsmb10.sys
01/20/2008 07:24 PM 78,848 mrxsmb20.sys
04/03/2009 01:51 PM 28,728 msahci.sys
01/20/2008 07:23 PM 94,776 msdsm.sys
01/20/2008 07:23 PM 22,528 msfs.sys
01/20/2008 07:23 PM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
11/27/2007 10:45 PM 91,200 msfwdrv.sys
11/27/2007 10:44 PM 37,440 msfwhlpr.sys
01/20/2008 07:23 PM 16,440 msisadrv.sys
01/20/2008 07:23 PM 181,304 msiscsi.sys
01/20/2008 07:24 PM 8,192 mskssrv.sys
01/20/2008 07:24 PM 5,888 mspclock.sys
01/20/2008 07:24 PM 5,504 mspqm.sys
01/20/2008 07:24 PM 163,384 msrpc.sys
01/20/2008 07:23 PM 31,288 mssmbios.sys
01/20/2008 07:24 PM 6,016 mstee.sys
01/20/2008 07:24 PM 49,720 mup.sys
02/07/2008 09:25 PM 529,464 ndis.sys
01/20/2008 07:24 PM 20,992 ndistapi.sys
01/20/2008 07:24 PM 16,896 ndisuio.sys
01/20/2008 07:24 PM 121,344 ndiswan.sys
01/20/2008 07:24 PM 49,664 ndproxy.sys
01/20/2008 07:24 PM 35,840 netbios.sys
01/20/2008 07:24 PM 184,320 netbt.sys
04/03/2009 01:51 PM 223,288 netio.sys
11/02/2006 02:50 AM 45,160 nfrd960.sys
01/20/2008 07:23 PM 34,816 npfs.sys
01/20/2008 07:24 PM 16,384 nsiproxy.sys
01/20/2008 07:23 PM 1,081,912 ntfs.sys
11/02/2006 12:36 AM 20,608 ntrigdigi.sys
01/20/2008 07:23 PM 4,608 null.sys
01/20/2008 07:23 PM 102,968 nvraid.sys
01/20/2008 07:23 PM 45,112 nvstor.sys
01/20/2008 07:23 PM 109,112 NV_AGP.SYS
04/03/2009 02:17 PM 148,480 nwifi.sys
08/27/2007 10:51 PM 141,376 OEM02Afx.sys
08/27/2007 10:51 PM 235,520 OEM02Dev.sys
08/27/2007 10:51 PM 57,656 OEM02PC.bmp
08/27/2007 10:51 PM 57,656 OEM02Pvc.bmp
08/27/2007 10:51 PM 7,424 OEM02Vfx.sys
01/20/2008 07:23 PM 61,952 ohci1394.sys
04/03/2009 01:57 PM 72,192 pacer.sys
11/02/2006 01:51 AM 79,360 parport.sys
01/20/2008 07:24 PM 56,376 partmgr.sys
11/02/2006 01:51 AM 8,704 parvdm.sys
01/20/2008 07:23 PM 151,096 pci.sys
01/20/2008 07:23 PM 16,440 pciide.sys
01/20/2008 07:23 PM 45,112 pciidex.sys
11/02/2006 02:51 AM 167,528 pcmcia.sys
11/02/2006 02:04 AM 878,080 PEAuth.sys
04/03/2009 01:51 PM 167,424 portcls.sys
01/20/2008 07:23 PM 40,960 processr.sys
11/14/2007 01:00 AM 43,840 pxhelp20.sys
01/20/2008 07:23 PM 1,122,360 ql2300.sys
11/02/2006 02:50 AM 106,088 ql40xx.sys
01/20/2008 07:23 PM 31,232 qwavedrv.sys
01/20/2008 07:24 PM 11,776 rasacd.sys
01/20/2008 07:24 PM 76,288 rasl2tp.sys
01/20/2008 07:24 PM 41,472 raspppoe.sys
01/20/2008 07:24 PM 62,976 raspptp.sys
01/20/2008 07:25 PM 69,120 rassstp.sys
01/20/2008 07:24 PM 224,768 rdbss.sys
01/20/2008 07:24 PM 6,144 RDPCDD.sys
01/20/2008 07:23 PM 248,832 rdpdr.sys
01/20/2008 07:24 PM 6,144 RDPENCDD.sys
01/20/2008 07:24 PM 181,248 rdpwd.sys
09/06/2007 09:35 AM 39,936 rimmptsk.sys
09/06/2007 09:35 AM 42,496 rimsptsk.sys
09/06/2007 09:35 AM 37,376 rixdptsk.sys
04/03/2009 01:53 PM 113,664 rmcast.sys
01/20/2008 07:24 PM 33,280 RNDISMP.sys
01/20/2008 07:24 PM 8,192 rootmdm.sys
01/20/2008 07:24 PM 60,416 rspndr.sys
11/02/2006 02:50 AM 76,392 sbp2port.sys
01/20/2008 07:23 PM 142,904 scsiport.sys
01/20/2008 07:23 PM 88,576 sdbus.sys
11/01/2006 11:37 PM 20,480 secdrv.sys
11/02/2006 01:51 AM 17,920 serenum.sys
11/02/2006 01:51 AM 83,456 serial.sys
01/20/2008 07:23 PM 19,968 sermouse.sys
01/20/2008 07:23 PM 13,312 sffdisk.sys
01/20/2008 07:23 PM 12,288 sffp_mmc.sys
01/20/2008 07:23 PM 11,776 sffp_sd.sys
11/02/2006 01:51 AM 13,312 sfloppy.sys
01/20/2008 07:23 PM 55,864 SISAGP.SYS
01/20/2008 07:23 PM 41,016 sisraid2.sys
01/20/2008 07:23 PM 74,808 sisraid4.sys
01/20/2008 07:25 PM 66,560 smb.sys
01/20/2008 07:24 PM 17,408 smclib.sys
01/20/2008 07:24 PM 21,048 spldr.sys
01/20/2008 07:24 PM 681,984 spsys.sys
04/03/2009 02:07 PM 288,768 srv.sys
01/20/2008 07:24 PM 144,384 srv2.sys
01/20/2008 07:23 PM 98,304 srvnet.sys
01/20/2008 07:24 PM 123,960 Storport.sys
01/20/2008 07:24 PM 52,992 stream.sys
11/12/2007 04:07 AM 330,240 stwrt.sys
01/20/2008 07:23 PM 15,288 swenum.sys
11/02/2006 02:50 AM 35,944 symc8xx.sys
11/02/2006 02:49 AM 31,848 sym_hi.sys
11/02/2006 02:50 AM 34,920 sym_u3.sys
01/20/2008 07:24 PM 24,576 tape.sys
04/03/2009 01:57 PM 891,448 tcpip.sys
01/20/2008 07:23 PM 30,208 tcpipreg.sys
01/20/2008 07:24 PM 20,992 tdi.sys
01/20/2008 07:24 PM 17,920 tdpipe.sys
01/20/2008 07:24 PM 29,184 tdtcp.sys
01/20/2008 07:24 PM 71,680 tdx.sys
01/20/2008 07:23 PM 54,328 termdd.sys
01/20/2008 07:24 PM 23,552 tssecsrv.sys
01/20/2008 07:24 PM 15,360 TUNMP.SYS
01/20/2008 07:24 PM 23,040 tunnel.sys
01/20/2008 07:23 PM 59,448 UAGP35.SYS
01/20/2008 07:23 PM 226,816 udfs.sys
01/20/2008 07:23 PM 60,984 ULIAGPKX.SYS
01/20/2008 07:23 PM 238,648 uliahci.sys
11/02/2006 02:50 AM 98,408 ulsata.sys
01/20/2008 07:23 PM 115,816 ulsata2.sys
01/20/2008 07:23 PM 34,816 umbus.sys
09/16/2009 06:35 PM UMDF
01/20/2008 07:23 PM 7,680 umpass.sys
01/20/2008 07:24 PM 15,872 usb8023.sys
06/05/2009 11:42 AM 39,424 usbaapl.sys
01/20/2008 07:24 PM 25,728 USBCAMD.sys
01/20/2008 07:24 PM 25,728 USBCAMD2.sys
04/03/2009 01:51 PM 73,216 usbccgp.sys
11/02/2006 01:55 AM 68,608 usbcir.sys
04/03/2009 01:51 PM 5,888 usbd.sys
04/03/2009 01:51 PM 39,936 usbehci.sys
04/03/2009 01:51 PM 196,608 usbhub.sys
11/02/2006 01:55 AM 19,456 usbohci.sys
04/03/2009 01:51 PM 225,792 usbport.sys
01/20/2008 07:23 PM 18,944 usbprint.sys
01/20/2008 07:23 PM 35,328 usbscan.sys
01/20/2008 07:23 PM 55,296 USBSTOR.SYS
04/03/2009 01:51 PM 23,552 usbuhci.sys
01/20/2008 07:24 PM 25,088 vga.sys
01/20/2008 07:23 PM 26,112 vgapnp.sys
01/20/2008 07:23 PM 56,888 VIAAGP.SYS
01/20/2008 07:23 PM 41,472 viac7.sys
01/20/2008 07:23 PM 20,024 viaide.sys
01/20/2008 07:23 PM 110,080 videoprt.sys
01/20/2008 07:23 PM 52,792 volmgr.sys
01/20/2008 07:24 PM 294,456 volmgrx.sys
01/20/2008 07:23 PM 227,896 volsnap.sys
01/20/2008 07:23 PM 130,616 vsmraid.sys
11/02/2006 01:52 AM 20,608 wacompen.sys
01/20/2008 07:24 PM 62,464 wanarp.sys
01/20/2008 07:24 PM 32,768 watchdog.sys
01/20/2008 07:23 PM 22,072 wd.sys
01/20/2008 07:23 PM 503,864 Wdf01000.sys
01/20/2008 07:23 PM 35,896 WdfLdr.sys
01/20/2008 07:23 PM 11,264 wmiacpi.sys
01/20/2008 07:23 PM 17,976 wmilib.sys
01/20/2008 07:24 PM 15,872 ws2ifsl.sys
01/20/2008 07:24 PM 51,200 WUDFPf.sys
01/20/2008 07:24 PM 83,328 WUDFRd.sys
06/23/2008 05:45 AM 386,560 XAudio.exe
06/23/2008 05:45 AM 8,704 XAudio.sys
09/28/2007 10:31 PM 278,528 yk60x86.sys
296 File(s) 37,985,945 bytes

Directory of C:\Windows\System32\Drivers\en-US

01/20/2008 07:34 PM .
01/20/2008 07:34 PM ..
11/02/2006 05:41 AM 9,728 acpi.sys.mui
11/02/2006 05:41 AM 8,704 afd.sys.mui
11/02/2006 05:41 AM 3,072 AGP440.sys.mui
11/02/2006 05:41 AM 3,072 AMDAGP.SYS.mui
11/02/2006 05:40 AM 2,560 amdide.sys.mui
11/02/2006 05:40 AM 14,848 amdk7.sys.mui
11/02/2006 05:40 AM 14,848 amdk8.sys.mui
11/02/2006 05:41 AM 3,072 ati2mpad.sys.mui
11/02/2006 05:41 AM 3,584 ati2mtag.sys.mui
11/02/2006 05:40 AM 3,072 atikmdag.sys.mui
01/20/2008 07:25 PM 5,120 b57nd60x.sys.mui
11/02/2006 05:40 AM 7,680 battc.sys.mui
11/02/2006 05:40 AM 5,120 bcm4sbxp.sys.mui
11/02/2006 05:40 AM 2,560 BrParwdm.sys.mui
11/02/2006 05:41 AM 10,240 BrSerId.sys.mui
11/02/2006 05:40 AM 5,120 bthpan.sys.mui
11/02/2006 05:41 AM 7,168 bthport.sys.mui
11/02/2006 05:41 AM 3,072 cmbp0wdm.sys.mui
11/02/2006 05:40 AM 14,848 crusoe.sys.mui
11/02/2006 05:41 AM 3,072 cxbp0wdm.sys.mui
11/02/2006 05:40 AM 3,072 Dot4usb.sys.mui
11/02/2006 05:40 AM 4,096 dxgkrnl.sys.mui
11/02/2006 05:41 AM 5,120 e100b325.sys.mui
01/20/2008 07:25 PM 19,968 e1e6032.sys.mui
01/20/2008 07:25 PM 16,896 E1G60I32.sys.mui
11/02/2006 05:40 AM 5,120 fltmgr.sys.mui
11/02/2006 05:40 AM 3,072 GAGP30KX.SYS.mui
11/02/2006 05:41 AM 3,584 gpr400.sys.mui
11/02/2006 05:41 AM 4,096 grserial.sys.mui
11/02/2006 05:41 AM 3,584 hidbth.sys.mui
01/20/2008 07:25 PM 36,864 http.sys.mui
11/02/2006 05:41 AM 10,752 i8042prt.sys.mui
11/02/2006 05:40 AM 14,848 intelppm.sys.mui
11/02/2006 05:41 AM 6,144 IPMIDrv.sys.mui
11/02/2006 05:41 AM 4,096 ipnat.sys.mui
11/02/2006 05:41 AM 4,096 isapnp.sys.mui
11/02/2006 05:41 AM 4,608 kbdclass.sys.mui
11/02/2006 05:41 AM 3,072 kbdhid.sys.mui
11/02/2006 05:41 AM 9,728 ltmdmnt.sys.mui
01/20/2008 07:25 PM 6,656 luafv.sys.mui
11/02/2006 05:41 AM 4,096 modem.sys.mui
11/02/2006 05:41 AM 4,608 mouclass.sys.mui
11/02/2006 05:41 AM 3,072 mouhid.sys.mui
01/20/2008 07:25 PM 20,480 mpio.sys.mui
11/02/2006 05:41 AM 4,096 msdsm.sys.mui
11/02/2006 05:41 AM 3,584 mssmbios.sys.mui
11/02/2006 05:41 AM 65,536 ntfs.sys.mui
11/02/2006 05:40 AM 4,096 ntrigdigi.sys.mui
11/02/2006 05:41 AM 5,120 nv4_mini.sys.mui
11/02/2006 05:41 AM 3,072 NV_AGP.SYS.mui
11/02/2006 05:40 AM 12,288 ohci1394.sys.mui
11/02/2006 05:41 AM 3,584 pacer.sys.mui
11/02/2006 05:40 AM 4,096 parport.sys.mui
11/02/2006 05:40 AM 3,072 parvdm.sys.mui
11/02/2006 05:41 AM 8,704 pci.sys.mui
11/02/2006 05:41 AM 4,608 pcmcia.sys.mui
11/02/2006 05:41 AM 3,072 pnpmem.sys.mui
11/02/2006 05:40 AM 14,848 processr.sys.mui
11/02/2006 05:41 AM 4,096 pscr.sys.mui
11/02/2006 05:41 AM 3,072 qwavedrv.sys.mui
11/02/2006 05:40 AM 3,584 RNDISMP.sys.mui
11/02/2006 05:41 AM 3,584 rndismpx.sys.mui
11/02/2006 05:41 AM 4,096 scmstcs.sys.mui
11/02/2006 05:41 AM 4,096 SCR111.sys.mui
11/02/2006 05:41 AM 3,584 scsiport.sys.mui
11/02/2006 05:40 AM 10,752 serial.sys.mui
11/02/2006 05:41 AM 5,632 sermouse.sys.mui
11/02/2006 05:41 AM 3,072 serscan.sys.mui
11/02/2006 05:41 AM 3,072 SISAGP.SYS.mui
11/02/2006 05:41 AM 3,072 srv.sys.mui
11/02/2006 05:41 AM 3,072 stcusb.sys.mui
01/20/2008 07:25 PM 5,120 tpm.sys.mui
11/02/2006 05:40 AM 3,072 UAGP35.SYS.mui
11/02/2006 05:41 AM 3,072 ULIAGPKX.SYS.mui
11/02/2006 05:40 AM 3,584 umbus.sys.mui
11/02/2006 05:41 AM 3,072 VIAAGP.SYS.mui
11/02/2006 05:40 AM 14,848 viac7.sys.mui
01/20/2008 07:25 PM 32,768 volsnap.sys.mui
11/02/2006 05:41 AM 4,608 wacompen.sys.mui
11/02/2006 05:41 AM 2,560 wd.sys.mui
01/20/2008 07:25 PM 3,072 wdf01000.sys.mui
11/02/2006 05:41 AM 5,632 yk60x86.sys.mui
82 File(s) 608,256 bytes

Directory of C:\Windows\System32\Drivers\etc

09/16/2009 06:35 PM .
09/16/2009 06:35 PM ..
09/18/2006 02:41 PM 761 hosts
09/18/2006 02:41 PM 3,683 lmhosts.sam
09/18/2006 02:41 PM 407 networks
09/18/2006 02:41 PM 1,358 protocol
09/18/2006 02:41 PM 17,244 services
5 File(s) 23,453 bytes

Directory of C:\Windows\System32\Drivers\UMDF

09/16/2009 06:35 PM .
09/16/2009 06:35 PM ..
11/02/2006 05:42 AM en-US
01/20/2008 07:23 PM 220,160 WpdFs.dll
1 File(s) 220,160 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

11/02/2006 05:42 AM .
11/02/2006 05:42 AM ..
11/02/2006 05:40 AM 6,144 WpdMtpDr.dll.mui
1 File(s) 6,144 bytes

Total Files Listed:
385 File(s) 38,843,958 bytes
14 Dir(s) 85,216,194,560 bytes free


***********************Hidden Drivers********************
Volume in drive C is OS
Volume Serial Number is 6AA8-DE52

Directory of C:\Windows\System32\Drivers

04/06/2009 11:32 AM 0 Msft_Kernel_Apfiltr_01005.Wdf
05/26/2009 05:00 PM 0 Msft_User_WpdFs_01_00_00.Wdf
2 File(s) 0 bytes
0 Dir(s) 85,216,202,752 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 404 Normal C:\Windows\System32\smss.exe
csrss.exe 528 Normal C:\Windows\system32\csrss.exe
csrss.exe 564 Normal C:\Windows\system32\csrss.exe
wininit.exe 572 High C:\Windows\system32\wininit.exe
winlogon.exe 616 High C:\Windows\system32\winlogon.exe
services.exe 648 Normal C:\Windows\system32\services.exe
lsass.exe 660 Normal C:\Windows\system32\lsass.exe
lsm.exe 668 Normal C:\Windows\system32\lsm.exe
svchost.exe 804 Normal C:\Windows\system32\svchost.exe
svchost.exe 860 Normal C:\Windows\system32\svchost.exe
MsMpEng.exe 944 Normal C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
svchost.exe 1048 Normal C:\Windows\System32\svchost.exe
svchost.exe 1072 Normal C:\Windows\system32\svchost.exe
svchost.exe 1100 Normal C:\Windows\System32\svchost.exe
svchost.exe 1124 Normal C:\Windows\system32\svchost.exe
svchost.exe 1140 Normal C:\Windows\system32\svchost.exe
svchost.exe 1320 Normal C:\Windows\system32\svchost.exe
Explorer.EXE 1604 Normal C:\Windows\Explorer.EXE
svchost.exe 1680 Normal C:\Windows\system32\svchost.exe
wmpnscfg.exe 1448 Normal C:\Program Files\Windows Media Player\wmpnscfg.exe
iexplore.exe 1260 Normal C:\Program Files\Internet Explorer\iexplore.exe
cmd.exe 1796 Normal C:\Windows\system32\cmd.exe
processes.exe 1164 Normal C:\Users\Justin\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(1604)
MODULE BASE SIZE PATH
Explorer.EXE d60000 2936832 C:\Windows\Explorer.EXE 6.0.6000.16386 (vista_rtm.061101-2205) Windows Explorer
ntdll.dll 77860000 1208320 C:\Windows\system32\ntdll.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NT Layer DLL
kernel32.dll 76680000 897024 C:\Windows\system32\kernel32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT BASE API Client DLL
ADVAPI32.dll 765b0000 811008 C:\Windows\system32\ADVAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Advanced Windows 32 Base API
RPCRT4.dll 76210000 794624 C:\Windows\system32\RPCRT4.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Remote Procedure Call Runtime
GDI32.dll 76810000 307200 C:\Windows\system32\GDI32.dll 6.0.6001.18159 (vistasp1_gdr.081020-1655) GDI Client DLL
USER32.dll 77a10000 643072 C:\Windows\system32\USER32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multi-User Windows USER API Client DLL
msvcrt.dll 77550000 696320 C:\Windows\system32\msvcrt.dll 7.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT CRT DLL
SHLWAPI.dll 763c0000 360448 C:\Windows\system32\SHLWAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Light-weight Utility Library
SHELL32.dll 769f0000 11599872 C:\Windows\system32\SHELL32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Shell Common Dll
ole32.dll 77690000 1327104 C:\Windows\system32\ole32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft OLE for Windows
OLEAUT32.dll 77600000 577536 C:\Windows\system32\OLEAUT32.dll 6.0.6001.18000 6.0.6001.18000
SHDOCVW.dll 737e0000 1077248 C:\Windows\system32\SHDOCVW.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Doc Object and Control Library
UxTheme.dll 74de0000 258048 C:\Windows\system32\UxTheme.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft UxTheme Library
POWRPROF.dll 75410000 106496 C:\Windows\system32\POWRPROF.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Power Profile Helper DLL
dwmapi.dll 74450000 49152 C:\Windows\system32\dwmapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Desktop Window Manager API
gdiplus.dll 74a80000 1748992 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll 5.2.6001.18065 (vistasp1_gdr.080429-1705) Microsoft GDI+
slc.dll 75960000 237568 C:\Windows\system32\slc.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Software Licensing Client Dll
PROPSYS.dll 74980000 765952 C:\Windows\system32\PROPSYS.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Microsoft Property System
BROWSEUI.dll 73690000 1335296 C:\Windows\system32\BROWSEUI.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell Browser UI Library
IMM32.dll 779a0000 122880 C:\Windows\system32\IMM32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multi-User Windows IMM32 API Client DLL
MSCTF.dll 76420000 819200 C:\Windows\system32\MSCTF.dll 6.0.6000.16386 (vista_rtm.061101-2205) MSCTF Server DLL
DUser.dll 74d60000 196608 C:\Windows\system32\DUser.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows DirectUser Engine
LPK.DLL 762e0000 36864 C:\Windows\system32\LPK.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Language Pack
USP10.dll 777e0000 512000 C:\Windows\system32\USP10.dll 1.0626.6001.18000 (longhorn_rtm.080118-1840) Uniscribe Unicode script processor
comctl32.dll 74e20000 1695744 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll 5.82 (longhorn_rtm.080118-1840) Common Controls Library
WindowsCodecs.dll 735d0000 733184 C:\Windows\system32\WindowsCodecs.dll 6.0.6001.18131 (vistasp1_gdr.080827-1507) Microsoft Windows Codecs Library
IconCodecService.dll 74440000 24576 C:\Windows\system32\IconCodecService.dll 6.0.6000.16386 (vista_rtm.061101-2205) Converts a PNG part of the icon to a legacy bmp icon
CLBCatQ.DLL 764f0000 540672 C:\Windows\system32\CLBCatQ.DLL 2001.12.6931.18000 (longhorn_rtm.080118-1840) COM+ Configuration Catalog
rsaenh.dll 754d0000 241664 C:\Windows\system32\rsaenh.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Enhanced Cryptographic Provider
timedate.cpl 73510000 729088 C:\Windows\system32\timedate.cpl 6.0.6001.18000 (longhorn_rtm.080118-1840) Time Date Control Panel Applet
ATL.DLL 74dc0000 81920 C:\Windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
NETAPI32.dll 75ca0000 479232 C:\Windows\system32\NETAPI32.dll 6.0.6001.18157 (vistasp1_gdr.081015-1604) Net Win32 API DLL
PSAPI.DLL 76040000 28672 C:\Windows\system32\PSAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Process Status Helper
OLEACC.dll 74600000 233472 C:\Windows\system32\OLEACC.dll 4.2.5406.0 (longhorn_rtm.080118-1840) Active Accessibility Core Component
WINBRAND.dll 75560000 880640 C:\Windows\system32\WINBRAND.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Branding Resources
USERENV.dll 75f90000 122880 C:\Windows\system32\USERENV.dll 6.0.6000.16386 (vista_rtm.061101-2205) Userenv
Secur32.dll 75f70000 81920 C:\Windows\system32\Secur32.dll 6.0.6001.18272 (vistasp1_gdr.090615-0258) Security Support Provider Interface
SAMLIB.dll 75b90000 69632 C:\Windows\System32\SAMLIB.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) SAM Library DLL
apphelp.dll 73050000 180224 C:\Windows\system32\apphelp.dll 6.0.6000.16386 (vista_rtm.061101-2205) Application Compatibility Client Library
msshsq.dll 72f80000 245760 C:\Windows\System32\msshsq.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Structured Query
NaturalLanguage6.dll 72de0000 811008 C:\Windows\System32\NaturalLanguage6.dll 6.0.6001.18098 (vistasp1_gdr.080625-1507) Natural Language Development Platform 6
CRYPT32.dll 75a00000 987136 C:\Windows\System32\CRYPT32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Crypto API32
MSASN1.dll 75b70000 73728 C:\Windows\System32\MSASN1.dll 6.0.6000.16386 (vista_rtm.061101-2205) ASN.1 Runtime APIs
NLSData0009.dll 72480000 4886528 C:\Windows\System32\NLSData0009.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft English Natural Language Server Data and Code
NLSLexicons0009.dll 721f0000 2650112 C:\Windows\System32\NLSLexicons0009.dll 6.0.6001.18098 (vistasp1_gdr.080625-1507) Microsoft English Natural Language Server Data and Code
authui.dll 74fc0000 1998848 C:\Windows\system32\authui.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Authentication UI
MSIMG32.dll 75400000 20480 C:\Windows\system32\MSIMG32.dll 6.0.6000.16386 (vista_rtm.061101-2205) GDIEXT Client DLL
ieframe.dll 71c20000 6086656 C:\Windows\system32\ieframe.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Explorer
iertutil.dll 77500000 286720 C:\Windows\system32\iertutil.dll 7.00.6001.18294 (vistasp1_gdr.090717-2341) Run time utility for Internet Explorer
LINKINFO.dll 73120000 36864 C:\Windows\system32\LINKINFO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Volume Tracking
WININET.dll 762f0000 851968 C:\Windows\system32\WININET.dll 7.00.6000.16386 (vista_rtm.061101-2205) Internet Extensions for Win32
Normaliz.dll 77990000 12288 C:\Windows\system32\Normaliz.dll 6.0.6000.16386 (vista_rtm.061101-2205) Unicode Normalization DLL
ExplorerFrame.dll 73040000 36864 C:\Windows\system32\ExplorerFrame.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) ExplorerFrame
urlmon.dll 760e0000 1216512 C:\Windows\system32\urlmon.dll 7.00.6001.18000 (longhorn_rtm.080118-1840) OLE32 Extensions for Win32
NTMARTA.DLL 75430000 135168 C:\Windows\system32\NTMARTA.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Windows NT MARTA provider
WLDAP32.dll 779c0000 303104 C:\Windows\system32\WLDAP32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Win32 LDAP API DLL
WS2_32.dll 76580000 184320 C:\Windows\system32\WS2_32.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Socket 2.0 32-Bit DLL
NSI.dll 77ab0000 24576 C:\Windows\system32\NSI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) NSI User-mode interface DLL
WINMM.dll 74580000 204800 C:\Windows\system32\WINMM.dll 6.0.6000.16386 (vista_rtm.061101-2205) MCI API DLL
wdmaud.drv 72ef0000 192512 C:\Windows\system32\wdmaud.drv 6.0.6000.16386 (vista_rtm.061101-2205) Winmm audio system driver
ksuser.dll 72fc0000 16384 C:\Windows\system32\ksuser.dll 6.0.6000.16386 (vista_rtm.061101-2205) User CSA Library
MMDevAPI.DLL 72ec0000 159744 C:\Windows\system32\MMDevAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) MMDevice API
AVRT.dll 72f50000 28672 C:\Windows\system32\AVRT.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Multimedia Realtime Runtime
ntshrui.dll 72d90000 303104 C:\Windows\system32\ntshrui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Shell extensions for sharing
cscapi.dll 72f40000 45056 C:\Windows\system32\cscapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Offline Files Win32 API
stobject.dll 72c50000 598016 C:\Windows\system32\stobject.dll 6.0.6000.16386 (vista_rtm.061101-2205) Systray shell service object
BatMeter.dll 72b90000 745472 C:\Windows\system32\BatMeter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Battery Meter Helper DLL
SETUPAPI.dll 76860000 1613824 C:\Windows\system32\SETUPAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Setup API
WTSAPI32.dll 74d90000 40960 C:\Windows\system32\WTSAPI32.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Terminal Server SDK APIs
WINSTA.dll 75f40000 151552 C:\Windows\system32\WINSTA.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Winstation Library
MLANG.dll 74c90000 196608 C:\Windows\system32\MLANG.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multi Language Support DLL
es.dll 72cf0000 290816 C:\Windows\system32\es.dll 2001.12.6931.18057 (vistasp1_gdr.080417-1550) COM+
SndVolSSO.dll 72b60000 196608 C:\Windows\System32\SndVolSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) SCA Volume
msiltcfg.dll 74a70000 28672 C:\Windows\system32\msiltcfg.dll 4.0.6000.16386 (vista_rtm.061101-2205) Windows Installer Configuration API Stub
VERSION.dll 75900000 32768 C:\Windows\system32\VERSION.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Version Checking and File Installation Libraries
msi.dll 72950000 2105344 C:\Windows\system32\msi.dll 4.0.6001.18000 Windows Installer
ehSSO.dll 71bf0000 135168 C:\Windows\ehome\ehSSO.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Media Center Shell Service Object
HID.DLL 74a60000 36864 C:\Windows\system32\HID.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Hid User Library
netshell.dll 715d0000 3190784 C:\Windows\System32\netshell.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network Connections Shell
IPHLPAPI.DLL 759a0000 102400 C:\Windows\System32\IPHLPAPI.DLL 6.0.6000.16386 (vista_rtm.061101-2205) IP Helper API
dhcpcsvc.DLL 75920000 217088 C:\Windows\System32\dhcpcsvc.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCP Client Service
DNSAPI.dll 75bb0000 180224 C:\Windows\System32\DNSAPI.dll 6.0.6000.16386 (vista_rtm.061101-2205) DNS Client API DLL
WINNSI.DLL 75b20000 28672 C:\Windows\System32\WINNSI.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Store Information RPC interface
dhcpcsvc6.DLL 758b0000 135168 C:\Windows\System32\dhcpcsvc6.DLL 6.0.6000.16386 (vista_rtm.061101-2205) DHCPv6 Client
nlaapi.dll 75330000 61440 C:\Windows\System32\nlaapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Network Location Awareness 2
pnidui.dll 71a30000 1830912 C:\Windows\system32\pnidui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network System Icon
QUtil.dll 72d70000 94208 C:\Windows\system32\QUtil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Utilities
wevtapi.dll 759c0000 262144 C:\Windows\system32\wevtapi.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eventing Consumption and Configuration API
wlanutil.dll 745f0000 24576 C:\Windows\system32\wlanutil.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows reƖ LAN 802.11 Utility DLL
FirewallAPI.dll 75340000 417792 C:\Windows\system32\FirewallAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Firewall API
fdproxy.dll 72eb0000 36864 C:\Windows\system32\fdproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Function Discovery Proxy Dll
npmproxy.dll 73110000 32768 C:\Windows\System32\npmproxy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Network List Manager Proxy
Wlanapi.dll 71540000 73728 C:\Windows\system32\Wlanapi.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows WLAN AutoConfig Client Side API DLL
OneX.DLL 74640000 1556480 C:\Windows\system32\OneX.DLL 6.0.6001.18000 (longhorn_rtm.080118-1840) IEEE 802.1X supplicant library
eappprxy.dll 74ce0000 57344 C:\Windows\system32\eappprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft EAPHost Peer Client DLL
eappcfg.dll 748c0000 147456 C:\Windows\system32\eappcfg.dll 6.0.6000.16386 (vista_rtm.061101-2205) Eap Peer Config
bcrypt.dll 75820000 282624 C:\Windows\system32\bcrypt.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Cryptographic Primitives Library
AltTab.dll 718e0000 53248 C:\Windows\System32\AltTab.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Shell Alt Tab
wpdshserviceobj.dll 714e0000 143360 C:\Windows\system32\wpdshserviceobj.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Portable Device Shell Service Object
WINHTTP.dll 73080000 389120 C:\Windows\system32\WINHTTP.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows HTTP Services
srchadmin.dll 712d0000 315392 C:\Windows\System32\srchadmin.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Indexing Options
webcheck.dll 71330000 245760 C:\Windows\system32\webcheck.dll 7.00.6000.16386 (vista_rtm.061101-2205) Web Site Monitor
SyncCenter.dll 70ae0000 2211840 C:\Windows\System32\SyncCenter.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Sync Center
wscntfy.dll 714a0000 233472 C:\Windows\system32\wscntfy.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Security Center Notification App
WSCAPI.dll 72d40000 45056 C:\Windows\system32\WSCAPI.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Security Center API
imapi2.dll 70ec0000 331776 C:\Windows\system32\imapi2.dll 6.0.6000.16386 (vista_rtm.061101-2205) Image Mastering API v2
actxprxy.dll 70e60000 339968 C:\Windows\System32\actxprxy.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) ActiveX Interface Marshaling Library
WINTRUST.dll 75210000 184320 C:\Windows\system32\WINTRUST.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Microsoft Trust Verification APIs
imagehlp.dll 76760000 167936 C:\Windows\system32\imagehlp.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows NT Image Helper
PortableDeviceTypes.dll 711d0000 176128 C:\Windows\system32\PortableDeviceTypes.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 70de0000 253952 C:\Windows\system32\PortableDeviceApi.dll 6.0.6001.18160 (vistasp1_gdr.081021-1528) Windows Portable Device API Components
QAgent.dll 70e30000 188416 C:\Windows\System32\QAgent.dll 6.0.6000.16386 (vista_rtm.061101-2205) Quarantine Agent Proxy
fwpuclnt.dll 74470000 614400 C:\Windows\System32\fwpuclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) FWP/IPsec User-Mode API
SXS.DLL 75e80000 389120 C:\Windows\system32\SXS.DLL 6.0.6000.16386 (vista_rtm.061101-2205) Fusion 2.5
bthprops.cpl 709e0000 1019904 C:\Windows\system32\bthprops.cpl 6.0.6000.16386 (vista_rtm.061101-2205) Bluetooth Control Panel Applet
MPR.dll 75b00000 81920 C:\Windows\system32\MPR.dll 6.0.6000.16386 (vista_rtm.061101-2205) Multiple Provider Router DLL
ntlanman.dll 70da0000 77824 C:\Windows\System32\ntlanman.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Lan Manager
drprov.dll 71320000 32768 C:\Windows\System32\drprov.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Terminal Server Network Provider
davclnt.dll 71210000 61440 C:\Windows\System32\davclnt.dll 6.0.6000.16386 (vista_rtm.061101-2205) Web DAV Client DLL
zipfldr.dll 71030000 356352 C:\Windows\system32\zipfldr.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Compressed (zipped) Folders
AVShellExt.dll 23f0000 40960 C:\Program Files\Microsoft Windows OneCare Live\AVShellExt.dll 2.5.2788.1 Windows Live OneCare AV Shell Extension
ATL80.DLL 71a10000 110592 C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL 8.00.50727.4053 ATL Module for Windows (Unicode)
MSVCR80.dll 71400000 634880 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\MSVCR80.dll 8.00.50727.3053 Microsoft C Runtime Library
mbamext.dll 10000000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 2, 0, 0 Malwarebytes' Anti-Malware
syncui.dll 71140000 188416 C:\Windows\system32\syncui.dll 6.0.6000.16386 (vista_rtm.061101-2205) Windows Briefcase
SYNCENG.dll 71520000 90112 C:\Windows\system32\SYNCENG.dll 6.0.6001.18000 (longhorn_rtm.080118-1840) Windows Briefcase Engine
MpOav.dll 70d00000 90112 C:\Program Files\Windows Defender\MpOav.dll 1.1.1600.0 IOfficeAntiVirus Module
thumbcache.dll 71010000 90112 C:\Windows\system32\thumbcache.dll 6.0.6000.16386 (vista_rtm.061101-2205) Microsoft Thumbnail Cache
tiptsf.dll 71170000 393216 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 6.0.6000.16386 (vista_rtm.061101-2205) Tablet PC Input Panel Text Services Framework
xmllite.dll 74d30000 192512 C:\Windows\system32\xmllite.dll 1.2.1009.0 Microsoft XmlLite Library
MSISIP.DLL 72f30000 32768 C:\Windows\system32\MSISIP.DLL 4.0.6001.18000 (longhorn_rtm.080118-1840) MSI Signature SIP Provider
wshext.dll 70ff0000 90112 C:\Windows\system32\wshext.dll 5.7.0.6000 Microsoft (R) Shell Extension for Windows script Host



******************************************
EOF

Hi

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

==

Can you boot back in to Normal Mode now? How is your computer running?

Hey,

I am still unable to use normal mode. When I log on in normal mode the screen turns black and there is not activity that pops up, (icons, start menu, etc.) Here is the report log for you.

KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 2, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 02, 2009 06:20:30
Records in database: 2888270


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Objects scanned 130630
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:28:50

No threats found. Scanned area is clean.
Selected area has been scanned.

Restore Permissions for explorer.exe

Please download Inherit by sUBs

1. Drag and drop explorer.exe onto Inherit
   
2. This shall restore permissions to the application
   
3. The application should now run normally
   

Please indicate in your next post if this was successful.

Hey,

I clicked on Inherit to download, it installed it on the computer. I clicked Run and nothing happened. I found the file on desktop and clicked on it again, a pop up said run or cancel. I clicked run and nothing happened. Also where do I find explore.exe?

Hi

Please navigate to C:\Windows and find explorer.exe.
Drag and drop Explorer.exe on to Inherit. Like so:

Hey,

I did the drag and drop and it said do you want to run I clicked Run and it said finished and thats all that happened. Now what?

Hi

Are you able to access Normal Mode yet?

Hi,

No I am not able to access normal mode. I logged in and the screen turns black and the cursor appears. I thought maybe it froze but I pressed Control, Alt, Delete and that popped up just fine. I noticed there are only about 6 processes running, normally there is like 20. Anyways to answer your question No I can not access normal mode, I'm still in safe mode.

Hi

Please go back to Safe Mode and do the following:

Go Start type in CMD and right-click on it in the results pane and select Run as Administrator.
Type in: sfc /scannow
Press enter.

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

Please try to boot in to Normal Mode. Is this possible?

Hi,

I scanned and rebooted and scanned did second run. Everything seemed to work fine but I am still unable to start in normal mode.

Hi

Please do the following to backup your computer: Vista Complete PC Backup (using Vista backup utility is the alternative).

Then, please reinstall (in-place upgrade) Windows Vista. Follow this article, and read this section only: "To reinstall Windows Vista."

All of your data is usually fine when doing a reinstall. However, I gave you backup instructions first to ensure your would not lose any data. Failure to backup your data will result in a possible loss of any documents, pictures, videos, special files, or any other important thing you need to save.

Please tell me whether or not you have completed this task or are able to. Thank you!

Hey,

I re installed windows vista, i tried to back up my stuff and when I finished with the back up it said it completed successfully. When I reinstalled windows vista all of my stuff is gone including numerous drivers and utilities. I also tried to get my stuff from my back up and my back up disk is blank so I lost all of my stuff. No big deal really because I didn't have to much for pictures, music, etc. I just don't have any of my drivers. Other than that I believe everything else works. I am now in normal mode and everything works like before. I can install and download online.

Hi

I am sorry that happened. That is usually rare, but Vista does have reliability issues. At least you attempted the backup.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?