Active Google problem after Windows Updates

[Active] Google problem after Windows Updates

Everything was fine until Windows decided it would download itself some 'updates'. Now everything has changed. Here is a list of some of the problems;

- Google search redirects
- Links on google opens in new tabs, not in the same window
- AVG, SBS&D, Spyware Guard, Zone Alarm, Lavasoft all cannot access updates.


My DDS logs are below, dds.txt followed by attach.txt in the next post;


DDS (Ver_09-02-01.01) - NTFSx86
Run by Gray at 20:04:01.18 on 11/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.498 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Philips\SA28XX Device Manager\main.exe
C:\Program Files\Belkin\Flip\flip.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gray\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\gray\startm~1\programs\startup\flip.lnk - c:\program files\belkin\flip\flip.exe
StartupFolder: c:\docume~1\gray\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\sa28xx device manager\main.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-30 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-30 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-30 107272]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-30 353680]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2008-12-5 464264]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-30 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-30 298264]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [1980-1-1 296179]
R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [1980-1-1 231983]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-11-30 14095]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-11-30 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-11-30 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-11-30 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-11-30 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-11-30 98568]

=============== Created Last 30 ================


==================== Find3M ====================

2009-01-31 13:05 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 13:05 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-31 13:05 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-12 16:17 33,320 a------- c:\docume~1\gray\applic~1\GDIPFONTCACHEV1.DAT
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-05 17:50 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-11-30 20:25 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-30 17:34 81,920 -----r-- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2008-11-30 16:54 2,678 a------- c:\windows\java\packages\data\ACDNNLVN.DAT
2008-11-30 16:54 2,678 a------- c:\windows\java\packages\data\PZ57XRVT.DAT
2008-11-30 16:54 2,678 a------- c:\windows\java\packages\data\LNXJPBDB.DAT
2008-11-30 16:54 2,678 a------- c:\windows\java\packages\data\XJXZ7RD7.DAT
2008-11-30 16:54 2,678 a------- c:\windows\java\packages\data\FBPBFRNR.DAT

============= FINISH: 20:05:02.32 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 30/11/2008 14:14:18
System Uptime: 02/11/2009 19:44:38 (-6335 hours ago)

Motherboard: NEC | | N4-IBFGL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | SOCKET 478 M/B | 2789/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 27.815 GiB free.
D: is FIXED (NTFS) - 153 GiB total, 106.053 GiB free.
Q: is CDROM ()
R: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 30/11/2008 14:14:20 - System Checkpoint
RP2: 30/11/2008 14:31:42 - Installed Windows XP Service Pack 2.
RP3: 30/11/2008 15:48:35 - Installed AVG Free 8.0
RP4: 30/11/2008 15:51:39 - Installed Sony Ericsson PC Suite.
RP5: 30/11/2008 15:53:40 - Installed Windows IDNMitigationAPIs.
RP6: 30/11/2008 15:54:57 - Installed Windows Internet Explorer 7.
RP7: 30/11/2008 16:14:46 - Software Distribution Service 3.0
RP8: 30/11/2008 16:18:42 - Installed AntispywareBot
RP9: 30/11/2008 16:19:16 - Avg8 Update
RP10: 30/11/2008 16:20:59 - Avg8 Update
RP11: 30/11/2008 16:22:40 - Installed Windows Media Player 11
RP12: 30/11/2008 16:24:55 - Software Distribution Service 3.0
RP13: 30/11/2008 16:50:40 - Software Distribution Service 3.0
RP14: 30/11/2008 17:04:39 - Installed Adobe Reader 9.
RP15: 30/11/2008 17:07:56 - Installed Flip.
RP16: 30/11/2008 17:27:58 - Installed Nero 7 Premium
RP17: 30/11/2008 17:34:01 - Installed Logitech Desktop Messenger
RP18: 30/11/2008 17:53:30 - Installed Ad-Aware
RP19: 30/11/2008 17:56:45 - Installed SA28xx Device Manager
RP20: 30/11/2008 17:59:23 - Installed Microsoft Office XP Professional with FrontPage
RP21: 30/11/2008 18:09:09 - Removed AntispywareBot
RP22: 30/11/2008 19:45:18 - Software Distribution Service 3.0
RP23: 01/12/2008 19:48:20 - System Checkpoint
RP24: 02/12/2008 18:05:03 - Software Distribution Service 3.0
RP25: 05/12/2008 16:23:38 - System Checkpoint
RP26: 06/12/2008 11:46:23 - Installed ATI Catalyst Control Center
RP27: 07/12/2008 12:31:44 - System Checkpoint
RP28: 08/12/2008 13:09:33 - System Checkpoint
RP29: 08/12/2008 21:40:52 -
RP30: 08/12/2008 21:41:29 - Shockwave Player
RP31: 08/12/2008 21:42:30 - Shockwave Player
RP32: 10/12/2008 11:20:55 - System Checkpoint
RP33: 11/12/2008 15:04:51 - System Checkpoint
RP34: 12/12/2008 15:58:46 - Software Distribution Service 3.0
RP35: 12/12/2008 16:31:15 - Avg8 Update
RP36: 13/12/2008 21:00:45 - System Checkpoint
RP37: 15/12/2008 18:09:04 - System Checkpoint
RP38: 17/12/2008 19:25:45 - System Checkpoint
RP39: 18/12/2008 11:16:29 - Software Distribution Service 3.0
RP40: 19/12/2008 12:21:51 - System Checkpoint
RP41: 20/12/2008 13:32:26 - System Checkpoint
RP42: 27/12/2008 13:27:52 - System Checkpoint
RP43: 28/12/2008 17:03:07 - System Checkpoint
RP44: 29/12/2008 17:49:36 - System Checkpoint
RP45: 30/12/2008 18:05:44 - System Checkpoint
RP46: 31/12/2008 18:47:58 - System Checkpoint
RP47: 01/01/2009 18:50:40 - System Checkpoint
RP48: 02/01/2009 18:58:46 - System Checkpoint
RP49: 04/01/2009 10:53:27 - System Checkpoint
RP50: 07/01/2009 18:48:53 - System Checkpoint
RP51: 09/01/2009 15:52:37 - System Checkpoint
RP52: 10/01/2009 20:23:23 - System Checkpoint
RP53: 12/01/2009 18:58:26 - System Checkpoint
RP54: 15/01/2009 19:21:55 - System Checkpoint
RP55: 16/01/2009 14:40:08 - Software Distribution Service 3.0
RP56: 17/01/2009 20:48:11 - System Checkpoint
RP57: 19/01/2009 18:28:07 - System Checkpoint
RP58: 22/01/2009 19:57:38 - System Checkpoint
RP59: 24/01/2009 11:44:28 - System Checkpoint
RP60: 25/01/2009 11:59:52 - System Checkpoint
RP61: 26/01/2009 20:29:37 - System Checkpoint
RP62: 28/01/2009 19:30:19 - System Checkpoint
RP63: 30/01/2009 18:06:23 - System Checkpoint
RP64: 31/01/2009 13:01:47 - Avg8 Update
RP65: 31/01/2009 13:05:51 - Avg8 Update
RP66: 01/02/2009 11:51:59 - Installed SA28xx Device Manager
RP67: 04/02/2009 19:51:22 - System Checkpoint
RP68: 07/02/2009 09:23:33 - System Checkpoint
RP69: 08/02/2009 10:17:29 - System Checkpoint
RP70: 09/02/2009 18:49:00 - System Checkpoint
RP71: 10/02/2009 22:47:23 - Avg8 Update
RP72: 11/02/2009 19:12:37 - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Shockwave Player
Alex Buturuga - Muti ID3 Tag Editor 1.3b1
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.0
Flip
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Ethernet Adapter and Software
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.75
Logitech Resource Center
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
Nero 7 Premium
SA28xx Device Manager
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shockwave
SigmaTel C-Major Audio
Sonic RecordNow!
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Spybot - Search & Destroy
SpywareGuard v2.2
UnderCoverXP 1.19
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VC 9.0 Runtime
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar

==== Event Viewer Messages From Past Week ========

09/02/2009 18:33:01, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.

==== End Of File ===========================

 

Hi gray916

Please do this.

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
  
  • c:\windows\bwUnin-6.1.4.36-8876480L.exe
• Click on the submit button
  
• Please post the results in your next reply.

Now this.

Download RootRepeal.zip to your Desktop.

• Extract the compressed file to it's own folder.
• Open the folder and doubleclick on RootRepeal.exe to run it.
• Click on the Report tab, and then click on: Scan
• A window opens asking what to include in the scan.
• Check the following boxes then click OK:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• You will then be asked which drive to scan.
• Check C: (or the drive your operating system is installed on, if not C)
• Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here

Please post the Jotti results and the Rootrepeal.txt.

Thanks
Geri

 

Thanks Geri, Below is my results from the Jotti online scan, I don't know how to create a report so i i just copies and pasted what i think are the results. Root Repeal is running now and i shall post the log when its finished

If you need anything else please let me know

Scan taken on 12 Feb 2009 19:09:15 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

 

Root Repeal Log

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/02/12 19:10
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2BA1000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A35000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB1CFA000 Size: 45056 File Visible: No
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF727C000 Size: 81920 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP2\change.log.4
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Gray\Local Settings\Temporary Internet Files\Content.IE5\3Z4X3YU5\maps[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Gray\Local Settings\Temporary Internet Files\Content.IE5\3Z4X3YU5\chunks[1].jsp
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Gray\Local Settings\Temporary Internet Files\Content.IE5\3Z4X3YU5\news[2].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Gray\Local Settings\Temporary Internet Files\Content.IE5\3Z4X3YU5\news[3].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Gray\Local Settings\Temporary Internet Files\Content.IE5\7FC7I978\ig[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Gray\Local Settings\Temporary Internet Files\Content.IE5\7FC7I978\chunks[2].jsp
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Gray\Local Settings\Temporary Internet Files\Content.IE5\7FC7I978\uds[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Gray\Local Settings\Temporary Internet Files\Content.IE5\7FC7I978\__utm[2].gif
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e148d0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e116e0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1e490

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e14e90

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1bc80

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1be90

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1fd50

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e14f80

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e11c70

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1ed10

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1eac0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1b600

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1f230

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1f2b0

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e11ad0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1d4f0

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1d2b0

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1f970

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1f3d0

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e144f0

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1f7c0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e14aa0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e11ea0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1e800

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1c580

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xb2e1c400

Stealth Objects
-------------------
Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04bb0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04b00000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04660000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.MultiVPU.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x040f0000 Size: 36864

Object: Hidden Module [Name: APM.Foundation.dll]
Process: cli.exe (PID: 2376) Address: 0x03ad0000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Runtime.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x03830000 Size: 45056

Object: Hidden Module [Name: AEM.Foundation.dll]
Process: cli.exe (PID: 2376) Address: 0x03650000 Size: 36864

Object: Hidden Module [Name: CLI.Implementation.dll]
Process: cli.exe (PID: 2376) Address: 0x00d20000 Size: 45056

Object: Hidden Module [Name: LOG.Foundation.dll]
Process: cli.exe (PID: 2376) Address: 0x01220000 Size: 45056

Object: Hidden Module [Name: CLI.Foundation.dll]
Process: cli.exe (PID: 2376) Address: 0x01250000 Size: 77824

Object: Hidden Module [Name: LOG.Foundation.Service.dll]
Process: cli.exe (PID: 2376) Address: 0x01280000 Size: 53248

Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: cli.exe (PID: 2376) Address: 0x032f0000 Size: 307200

Object: Hidden Module [Name: CLI.Foundation.XManifestation.dll]
Process: cli.exe (PID: 2376) Address: 0x032d0000 Size: 36864

Object: Hidden Module [Name: LOG.Foundation.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x032b0000 Size: 28672

Object: Hidden Module [Name: ATICCCom.dll]
Process: cli.exe (PID: 2376) Address: 0x03630000 Size: 28672

Object: Hidden Module [Name: CLI.Component.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x03600000 Size: 94208

Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x03770000 Size: 61440

Object: Hidden Module [Name: CLI.Caste.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x037d0000 Size: 307200

Object: Hidden Module [Name: DEM.Graphics.I0601.dll]
Process: cli.exe (PID: 2376) Address: 0x03870000 Size: 53248

Object: Hidden Module [Name: DEM.Foundation.dll]
Process: cli.exe (PID: 2376) Address: 0x03850000 Size: 28672

Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x03890000 Size: 36864

Object: Hidden Module [Name: System.Management.dll]
Process: cli.exe (PID: 2376) Address: 0x03c70000 Size: 380928

Object: Hidden Module [Name: ATIDEMGR.dll]
Process: cli.exe (PID: 2376) Address: 0x03c20000 Size: 299008

Object: Hidden Module [Name: CLI.Aspect.MultiVPU2.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04080000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.MultiVPU2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x040a0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.MultiVPU.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x040d0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.VideoOverlay.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04470000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x043a0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04330000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04310000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04350000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.Radeon3DLegacy.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04380000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04400000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x043e0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x043c0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04420000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04450000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04550000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x044d0000 Size: 36864

Object: Hidden Module [Name: ACE.Graphics.VideoOverlay.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x044b0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.VideoOverlay.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04490000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04510000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x044f0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04530000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x045b0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04580000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04620000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x045f0000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04640000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04920000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x046c0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x046a0000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04680000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceCV2.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04700000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.CustomFormats.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x046e0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceCV2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04720000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x047a0000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceTV2.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04760000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x048f0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x048d0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.PowerPlay3.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04a10000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.OverDrive3.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x049a0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.OverDrive3.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04970000 Size: 86016

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04940000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.OverDrive2.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x049c0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.PowerPlay3.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x049f0000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04a70000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04a50000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04a30000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll]
Process: cli.exe (PID: 2376) Address: 0x04ab0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04a90000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04ad0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04b40000 Size: 61440

Object: Hidden Module [Name: DEM.Graphics.I0600.dll]
Process: cli.exe (PID: 2376) Address: 0x04b70000 Size: 28672

Object: Hidden Module [Name: DEM.Graphics.I0602.dll]
Process: cli.exe (PID: 2376) Address: 0x04c00000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.WorkstationConfig.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04be0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04c20000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04cc0000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceTV2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04c80000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04c50000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04d60000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.OverDrive2.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04d20000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Shared.dll]
Process: cli.exe (PID: 2376) Address: 0x04d40000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD2.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04880000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x045b0000 Size: 471040

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x03df0000 Size: 421888

Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x03830000 Size: 36864

Object: Hidden Module [Name: CLI.Foundation.Clients.dll]
Process: cli.exe (PID: 3752) Address: 0x03740000 Size: 53248

Object: Hidden Module [Name: CLI.Implementation.dll]
Process: cli.exe (PID: 3752) Address: 0x00d30000 Size: 45056

Object: Hidden Module [Name: LOG.Foundation.dll]
Process: cli.exe (PID: 3752) Address: 0x01230000 Size: 45056

Object: Hidden Module [Name: CLI.Foundation.dll]
Process: cli.exe (PID: 3752) Address: 0x01260000 Size: 77824

Object: Hidden Module [Name: LOG.Foundation.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x032c0000 Size: 28672

Object: Hidden Module [Name: LOG.Foundation.Service.dll]
Process: cli.exe (PID: 3752) Address: 0x032a0000 Size: 53248

Object: Hidden Module [Name: CLI.Foundation.XManifestation.dll]
Process: cli.exe (PID: 3752) Address: 0x032e0000 Size: 36864

Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: cli.exe (PID: 3752) Address: 0x03300000 Size: 307200

Object: Hidden Module [Name: CLI.Component.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x03690000 Size: 634880

Object: Hidden Module [Name: ATICCCom.dll]
Process: cli.exe (PID: 3752) Address: 0x037d0000 Size: 28672

Object: Hidden Module [Name: CLI.Component.Wizard.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x03760000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Runtime.dll]
Process: cli.exe (PID: 3752) Address: 0x037a0000 Size: 94208

Object: Hidden Module [Name: AEM.Foundation.dll]
Process: cli.exe (PID: 3752) Address: 0x03810000 Size: 36864

Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x037f0000 Size: 61440

Object: Hidden Module [Name: CLI.Caste.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x03870000 Size: 94208

Object: Hidden Module [Name: CLI.Caste.Graphics.Wizard.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x038a0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceCV2.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x03c50000 Size: 1241088

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x039f0000 Size: 1241088

Object: Hidden Module [Name: CLI.Aspect.DisplaysManager.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x04250000 Size: 2371584

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x03f70000 Size: 159744

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD2.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x03ed0000 Size: 421888

Object: Hidden Module [Name: CLI.Aspect.DeviceTV2.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x03fd0000 Size: 159744

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x044d0000 Size: 135168

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x044c0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCV2.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04820000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x04790000 Size: 339968

Object: Hidden Module [Name: CLI.Aspect.TransCode.Local.Wizard.dll]
Process: cli.exe (PID: 3752) Address: 0x046b0000 Size: 520192

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04800000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04860000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty2.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04840000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04940000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x048c0000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceTV2.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04900000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.TransCode.Local.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x049e0000 Size: 299008

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04980000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Shared.dll]
Process: cli.exe (PID: 3752) Address: 0x04a60000 Size: 36864

Object: Hidden Module [Name: atixclib.dll]
Process: cli.exe (PID: 3752) Address: 0x04a40000 Size: 28672

Object: Hidden Module [Name: APM.Foundation.dll]
Process: cli.exe (PID: 3760) Address: 0x037c0000 Size: 36864

Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.dll]
Process: cli.exe (PID: 3760) Address: 0x036e0000 Size: 61440

Object: Hidden Module [Name: CLI.Implementation.dll]
Process: cli.exe (PID: 3760) Address: 0x00d30000 Size: 45056

Object: Hidden Module [Name: LOG.Foundation.dll]
Process: cli.exe (PID: 3760) Address: 0x01230000 Size: 45056

Object: Hidden Module [Name: CLI.Foundation.dll]
Process: cli.exe (PID: 3760) Address: 0x01260000 Size: 77824

Object: Hidden Module [Name: LOG.Foundation.Shared.dll]
Process: cli.exe (PID: 3760) Address: 0x032c0000 Size: 28672

Object: Hidden Module [Name: LOG.Foundation.Service.dll]
Process: cli.exe (PID: 3760) Address: 0x032a0000 Size: 53248

Object: Hidden Module [Name: CLI.Foundation.XManifestation.dll]
Process: cli.exe (PID: 3760) Address: 0x032e0000 Size: 36864

Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: cli.exe (PID: 3760) Address: 0x03300000 Size: 307200

Object: Hidden Module [Name: CLI.Component.Systemtray.dll]
Process: cli.exe (PID: 3760) Address: 0x03660000 Size: 438272

Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.dll]
Process: cli.exe (PID: 3760) Address: 0x03770000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Runtime.dll]
Process: cli.exe (PID: 3760) Address: 0x03720000 Size: 94208

Object: Hidden Module [Name: ATICCCom.dll]
Process: cli.exe (PID: 3760) Address: 0x03750000 Size: 28672

Object: Hidden Module [Name: AEM.Foundation.dll]
Process: cli.exe (PID: 3760) Address: 0x03790000 Size: 36864

 

Hi
OK not seeing anything in those logs.

Lets get a on line scan. Please do the following.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

When trying to run the online scanner I get the message that update has failed and programme can start. I have disabled all other AV and firewalls etc. It says failed to authorise on proxy server

Any other ideas?

 

Hi
OK lets try this one.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

 

Sorry I haven't been on for a while. My modem has given up the ghost and I am waiting for a new one. I am writing this from my work computer. I shall try the virus scan when my home computer is back online (2-3 days).

Thanks

Graeme

 

Hi
Ok not a problem.
Geri

 

Hi Geri

I am now back online with my new router. However, everything seems to have settled down for some reason. All my virus stuff updates now and I dont seem to be having the redirect problem. While my internet was 'down' I ran virus scans on all the programmes I had (with out do date definitions due to them not being able to update) and cleared out anything it found.

Is there anything you want me to do to check?

Thanks for your patience

Gray

 

Hi

Yes,
I would like to see either a Kaspersky scan or a Panda scan.

Geri

 

Hi Geri, here is my panda log;

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-03-01 13:41:59
PROTECTIONS: 1
MALWARE: 18
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@tradedoubler[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@tribalfusion[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@anm.co[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@apmebf[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@www.burstbeacon[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@media.adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@statse.webtrendslive[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@bravenet[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@adviva[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Gray\Cookies\gray@atwola[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location ci
;===================================================================================================================================================================================
No D:\RECYCLER\S-1-5-21-2421759750-1776631112-652727987-1005\Dd22.rar[FIFA08.exe] ci
No D:\System Volume Information\_restore{C22B14BA-0F7A-4766-83A2-7274B59F78F3}\RP93\A0013677.exe ci
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ci
;===================================================================================================================================================================================
;===================================================================================================================================================================================


thanks

Graeme

 

Hi
OK nothing showing in the log except some cookies.

Surf for a few days and then run a AV scan again and let me know if anything is found.

Thanks
Geri