Inactive PC RX Invasion?

virginia · 2010/11/27

[Inactive] PC RX Invasion?

I'm helping a friend who has apparently been invaded by something called PC Rx. His system is Vista Home Premium. His Norton had expired so I uninstalled it installed Microsoft Security Essentials but am not able to scan with it because we can't update through the internet - the bug has apparently captured the connection.

I was able to install and run Malwarebytes and SuperAntiSpyware via flash drive - non updated due to internet connection problem. I have included the log files if they are of any use.

Other actions that were unsuccessful:

Windows Firewall - Can't turn on.

TFC - Wouldn't run to completion. Kept getting "Not responding ".

GMER - Couldn't run, even in Safe mode. Message said "....has stopped... ".

What could we do to clean the machine up enough to let us get to the internet so we can begin downloading the proper tools to work on deep cleaning this thing up.

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/23/2010 9:41:21 PM
mbam-log-2010-11-23 (21-41-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 306226
Time elapsed: 59 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\Neal\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.

Files Infected:
C:\Users\Betty\AppData\LocalLow\24MusicBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll (Trojan.PriceGong) -> Quarantined and deleted successfully.
C:\Users\Neal\AppData\LocalLow\24MusicBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll (Trojan.PriceGong) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.

SAS Log File:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/23/2010 at 07:55 PM

Application Version : 4.40.1002

Core Rules Database Version : 5134
Trace Rules Database Version: 2946

Scan type : Quick Scan
Total Scan Time : 00:17:14

Memory items scanned : 452
Memory threats detected : 0
Registry items scanned : 2489
Registry threats detected : 7
File items scanned : 24091
File threats detected : 94

Adware.Tracking Cookie
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@track.survey-giveaway-group[1].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@content.licenseacquisition[3].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@cts.zroitracker[2].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@www.googleadservices[3].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@adserve.brandsamplecenter[1].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@cts.metricsdirect[2].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@www.googleadservices[2].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@media.licenseacquisition[3].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@track.prize-pending[1].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@wandascountryhome[1].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@atdmt[1].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@adserve.brandgivewaycentre[1].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@pointroll[2].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@track.freebieape[1].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@adserve.amazingrewardsonline[2].txt
C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Cookies\neal@track.freezinger[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@invitemedia[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@questionmarket[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@ad.yieldmanager[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@content.yieldmanager[3].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@content.yieldmanager[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@burstnet[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@atdmt[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@tribalfusion[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@msnaccountservices.112.2o7[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@insightexpressai[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@a1.interclick[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@adopt.specificclick[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@linksynergy[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@media.adrevolver[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@zedo[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@fastclick[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@2o7[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@ad.wsod[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@realmedia[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@adxpose[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@adbrite[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@interclick[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@revsci[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@doubleclick[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@mediaplex[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@adopt.euroclick[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@apmebf[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@247realmedia[1].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@adrevolver[2].txt
C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Cookies\Low\betty@advertising[1].txt
.atdmt.com [ C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads1.msn.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
atdmt.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
cdn4.specificclick.net [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
content.oddcast.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
core.insightexpressai.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
googleads.g.doubleclick.net [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
ia.media-imdb.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
interclick.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
m1.2mdn.net [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
media.alot.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
media.cnbc.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
media.mtvnservices.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
msnbcmedia.msn.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
oddcast.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
richmedia247.com [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
s0.2mdn.net [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
udn.specificclick.net [ C:\Users\Neal\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LNU25STX ]
.doubleclick.net [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]
.2o7.net [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]
.atdmt.com [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]
media.adrevolver.com [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]
www.mynortonaccount.com [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]
www.mynortonaccount.com [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]
.advertising.com [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]
.realnetworks.112.2o7.net [ C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\lowxx2al.default\cookies.txt ]

Adware.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts\Installer
HKLM\SOFTWARE\FunWebProducts\Installer#Dir
HKLM\SOFTWARE\FunWebProducts\Installer#PluginPath
HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
HKLM\SOFTWARE\FunWebProducts\Installer#sr
HKLM\SOFTWARE\FunWebProducts\Installer#pl
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
C:\Program Files\FunWebProducts\Installr\1.bin
C:\Program Files\FunWebProducts\Installr
C:\Program Files\FunWebProducts

Adware.Flash Tracking Cookie
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\IA.MEDIA-IMDB.COM
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\MEDIA.CNBC.COM
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\MSNBCMEDIA.MSN.COM
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\RICHMEDIA247.COM
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\INTERCLICK.COM
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\UDN.SPECIFICCLICK.NET
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\ADS1.MSN.COM
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\ATDMT.COM
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\M1.2MDN.NET
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\S0.2MDN.NET
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\CONTENT.ODDCAST.COM
C:\Users\Neal\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LNU25STX\ODDCAST.COM

Adware.MyWebSearch
C:\USERS\NEAL\DOWNLOADS\SMILEYCENTRALPFSETUP2.3.50.10.EXE

broni · 2010/11/27

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

virginia · 2010/11/27

Broni,

Disaster may be at hand. I was able to download Combofix to the desktop and run it without a hitch. It created the logfile at C:/Combofix.txt. However, after I closed it I couldn't locate it using Windows Explorer. I looked at All Programs to see if it was an installed program - I didn't think it was. So I clicked on the Combofix icon hoping to see the txt file as a folder but Combofix started running again.

Wasn't sure what to do so I let it run to completion. It created a log file that didn't have nearly as much in it as the first one. I tried to do a copy/paste of the text to put it in a file I could easily locate but when I tried to open Notepad to paste, I got a message that said, "Illegal operation attempted on a registry key that has been marked for deletion ". After that, everything I tried to open resulted in that same message - IE, Word, etc.

I started to try a Restart but before I do anything I thought I would report back and see what you had to suggest. For what it's worth, most of the stuff deleted in the first run of Combofix was a series of entries about "HBLite SA ".

broni · 2010/11/27

Always read my instructions very carefully:

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
Click to expand...

virginia · 2010/11/27

Thanks for not using the term "Dunce ". Not only had I read that note but I had a printed copy in front of me while all this was going on.

Got the computer restarted and found the C:\Combofix folder but the txt logs were not to be found. These files were all that were in the folder:

pev.exe App I think this is a Combofix file
snapshot.00.dat DAT File Tried opening but didn't know how.

As I mentioned in the previous post, I did look at the first Combofix log file before I lost it and it listed several files that it deleted that were in the HBLite SA group.

One thing I did notice is that several of the folders have a shortcut icon on them and when I try to open one of them I get a message such as:

C:\Users\Neal\MyDocuments is not accessible.

If I open just the Documents folder, I can see all the subfolders that are usually in My Documents.

Still can't access the internet. What next?

broni · 2010/11/27

combofix.txt file would be in C:\ directory, not in C:\Combofix directory.

If it's not there, re-run Combofix.

virginia · 2010/11/28

Right where you said it would be.

ComboFix Log:

ComboFix 10-11-27.01 - Neal 11/27/2010 16:36:29.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1983 [GMT -5:00]
Running from: c:\users\Neal\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 21:40 . 2010-11-27 21:40 -------- d-----w- c:\users\Neal\AppData\Local\temp
2010-11-27 21:40 . 2010-11-27 21:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-11-27 21:40 . 2010-11-27 21:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-27 21:40 . 2010-11-27 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-27 21:40 . 2010-11-27 21:40 -------- d-----w- c:\users\Betty\AppData\Local\temp
2010-11-24 00:36 . 2010-11-24 00:36 -------- d-----w- c:\users\Neal\AppData\Roaming\SUPERAntiSpyware.com
2010-11-24 00:36 . 2010-11-24 00:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-24 00:36 . 2010-11-24 00:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-24 00:13 . 2010-11-24 00:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-23 19:28 . 2010-11-23 19:28 -------- d-----w- c:\users\Neal\AppData\Roaming\Malwarebytes
2010-11-23 19:28 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-23 19:28 . 2010-11-23 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 19:28 . 2010-11-23 19:28 -------- d-----w- c:\programdata\Malwarebytes
2010-11-23 19:28 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 19:47 . 2010-11-19 19:47 -------- d-----w- c:\users\Betty\AppData\Roaming\PCRx
2010-11-19 13:18 . 2010-11-19 20:14 2708 ----a-w- c:\windows\crpf.bin
2010-11-10 16:46 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 13:56 . 2010-10-14 17:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 17:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 17:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 17:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 17:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-14 17:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-14 17:28 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 17:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 17:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-14 17:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 17:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 17:29 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 17:29 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 17:29 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 17:28 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 17:28 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 17:28 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 17:28 2038272 ----a-w- c:\windows\system32\win32k.sys
2008-08-02 16:07 . 2007-12-19 18:48 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c9881ab-280a-43df-8e13-8655994b16e9} "= "c:\program files\Classical_Music_Radio\tbCla0.dll" [2010-03-17 2355224]
"{54d0da58-64e7-4408-be1f-72659f70fcbe} "= "c:\program files\24MusicBar\tb24M1.dll" [2010-07-20 2393184]

[HKEY_CLASSES_ROOT\clsid\{2c9881ab-280a-43df-8e13-8655994b16e9}]

[HKEY_CLASSES_ROOT\clsid\{54d0da58-64e7-4408-be1f-72659f70fcbe}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{066ee30f-9dad-42bf-84f1-8ccbc2f0d817}]
2010-02-22 16:22 2349080 ----a-w- c:\program files\New_York_Radio\tbNew1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c9881ab-280a-43df-8e13-8655994b16e9}]
2010-03-17 19:45 2355224 ----a-w- c:\program files\Classical_Music_Radio\tbCla0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54d0da58-64e7-4408-be1f-72659f70fcbe}]
2010-07-20 14:04 2393184 ----a-w- c:\program files\24MusicBar\tb24M1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]
2009-12-31 16:53 2349080 ----a-w- c:\program files\Free_Radio_TV\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c9881ab-280a-43df-8e13-8655994b16e9} "= "c:\program files\Classical_Music_Radio\tbCla0.dll" [2010-03-17 2355224]
"{066ee30f-9dad-42bf-84f1-8ccbc2f0d817} "= "c:\program files\New_York_Radio\tbNew1.dll" [2010-02-22 2349080]
"{9dbb9aeb-5a16-4989-a66f-c0f1c909d647} "= "c:\program files\Free_Radio_TV\tbFree.dll" [2009-12-31 2349080]
"{54d0da58-64e7-4408-be1f-72659f70fcbe} "= "c:\program files\24MusicBar\tb24M1.dll" [2010-07-20 2393184]

[HKEY_CLASSES_ROOT\clsid\{2c9881ab-280a-43df-8e13-8655994b16e9}]

[HKEY_CLASSES_ROOT\clsid\{066ee30f-9dad-42bf-84f1-8ccbc2f0d817}]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_CLASSES_ROOT\clsid\{54d0da58-64e7-4408-be1f-72659f70fcbe}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C9881AB-280A-43DF-8E13-8655994B16E9} "= "c:\program files\Classical_Music_Radio\tbCla0.dll" [2010-03-17 2355224]
"{066EE30F-9DAD-42BF-84F1-8CCBC2F0D817} "= "c:\program files\New_York_Radio\tbNew1.dll" [2010-02-22 2349080]
"{9DBB9AEB-5A16-4989-A66F-C0F1C909D647} "= "c:\program files\Free_Radio_TV\tbFree.dll" [2009-12-31 2349080]
"{54D0DA58-64E7-4408-BE1F-72659F70FCBE} "= "c:\program files\24MusicBar\tb24M1.dll" [2010-07-20 2393184]

[HKEY_CLASSES_ROOT\clsid\{2c9881ab-280a-43df-8e13-8655994b16e9}]

[HKEY_CLASSES_ROOT\clsid\{066ee30f-9dad-42bf-84f1-8ccbc2f0d817}]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_CLASSES_ROOT\clsid\{54d0da58-64e7-4408-be1f-72659f70fcbe}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-15 30192]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

c:\users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-27 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-15 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 crpf;crpf;c:\windows\System32\drivers\crpf.sys [2009-04-30 37920]
S0 csdf;cdsf;c:\windows\System32\drivers\csdf.sys [2009-04-30 40480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 21:25]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 21:25]

2010-11-19 c:\windows\Tasks\User_Feed_Synchronization-{06D25A4B-108D-4D04-9982-FB3495F7EE48}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80119
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 16:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-11-27 16:41:39
ComboFix-quarantined-files.txt 2010-11-27 21:41
ComboFix2.txt 2010-11-27 21:30

Pre-Run: 224,462,016,512 bytes free
Post-Run: 224,432,517,120 bytes free

- - End Of File - - 4832539D21AB8EEBC985BEBB1154DD15

broni · 2010/11/28

OK, this is a log from the second run.
Go to C:\Qoobox and post the content of ComboFix2.txt log.

virginia · 2010/11/28

Broni - Right on again.

Combofix2:

ComboFix 10-11-27.01 - Neal 11/27/2010 16:16:51.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2346 [GMT -5:00]
Running from: c:\users\Neal\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\HBLite
c:\program files\HBLite\bin\11.0.258.0\firefox\extensions\install.rdf
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA.dat
c:\programdata\HBLiteSA\HBLiteSA_hpk.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAAbout.mht
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\programdata\HBLiteSA\HBLiteSAEULA.mht
c:\users\Neal\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 21:23 . 2010-11-27 21:28 -------- d-----w- c:\users\Neal\AppData\Local\temp
2010-11-27 21:23 . 2010-11-27 21:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-11-27 21:23 . 2010-11-27 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-27 21:23 . 2010-11-27 21:23 -------- d-----w- c:\users\Betty\AppData\Local\temp
2010-11-24 00:36 . 2010-11-24 00:36 -------- d-----w- c:\users\Neal\AppData\Roaming\SUPERAntiSpyware.com
2010-11-24 00:36 . 2010-11-24 00:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-24 00:36 . 2010-11-24 00:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-24 00:13 . 2010-11-24 00:14 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-23 19:28 . 2010-11-23 19:28 -------- d-----w- c:\users\Neal\AppData\Roaming\Malwarebytes
2010-11-23 19:28 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-23 19:28 . 2010-11-23 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 19:28 . 2010-11-23 19:28 -------- d-----w- c:\programdata\Malwarebytes
2010-11-23 19:28 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-19 19:47 . 2010-11-19 19:47 -------- d-----w- c:\users\Betty\AppData\Roaming\PCRx
2010-11-19 13:18 . 2010-11-19 20:14 2708 ----a-w- c:\windows\crpf.bin
2010-11-10 16:46 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 13:56 . 2010-10-14 17:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 17:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 17:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 17:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 17:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-14 17:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-14 17:28 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 17:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 17:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-14 17:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 17:29 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 17:29 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 17:29 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 17:29 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 17:28 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 17:28 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 17:28 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 17:28 2038272 ----a-w- c:\windows\system32\win32k.sys
2008-08-02 16:07 . 2007-12-19 18:48 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2c9881ab-280a-43df-8e13-8655994b16e9} "= "c:\program files\Classical_Music_Radio\tbCla0.dll" [2010-03-17 2355224]
"{54d0da58-64e7-4408-be1f-72659f70fcbe} "= "c:\program files\24MusicBar\tb24M1.dll" [2010-07-20 2393184]

[HKEY_CLASSES_ROOT\clsid\{2c9881ab-280a-43df-8e13-8655994b16e9}]

[HKEY_CLASSES_ROOT\clsid\{54d0da58-64e7-4408-be1f-72659f70fcbe}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{066ee30f-9dad-42bf-84f1-8ccbc2f0d817}]
2010-02-22 16:22 2349080 ----a-w- c:\program files\New_York_Radio\tbNew1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2c9881ab-280a-43df-8e13-8655994b16e9}]
2010-03-17 19:45 2355224 ----a-w- c:\program files\Classical_Music_Radio\tbCla0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54d0da58-64e7-4408-be1f-72659f70fcbe}]
2010-07-20 14:04 2393184 ----a-w- c:\program files\24MusicBar\tb24M1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]
2009-12-31 16:53 2349080 ----a-w- c:\program files\Free_Radio_TV\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2c9881ab-280a-43df-8e13-8655994b16e9} "= "c:\program files\Classical_Music_Radio\tbCla0.dll" [2010-03-17 2355224]
"{066ee30f-9dad-42bf-84f1-8ccbc2f0d817} "= "c:\program files\New_York_Radio\tbNew1.dll" [2010-02-22 2349080]
"{9dbb9aeb-5a16-4989-a66f-c0f1c909d647} "= "c:\program files\Free_Radio_TV\tbFree.dll" [2009-12-31 2349080]
"{54d0da58-64e7-4408-be1f-72659f70fcbe} "= "c:\program files\24MusicBar\tb24M1.dll" [2010-07-20 2393184]

[HKEY_CLASSES_ROOT\clsid\{2c9881ab-280a-43df-8e13-8655994b16e9}]

[HKEY_CLASSES_ROOT\clsid\{066ee30f-9dad-42bf-84f1-8ccbc2f0d817}]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_CLASSES_ROOT\clsid\{54d0da58-64e7-4408-be1f-72659f70fcbe}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C9881AB-280A-43DF-8E13-8655994B16E9} "= "c:\program files\Classical_Music_Radio\tbCla0.dll" [2010-03-17 2355224]
"{066EE30F-9DAD-42BF-84F1-8CCBC2F0D817} "= "c:\program files\New_York_Radio\tbNew1.dll" [2010-02-22 2349080]
"{9DBB9AEB-5A16-4989-A66F-C0F1C909D647} "= "c:\program files\Free_Radio_TV\tbFree.dll" [2009-12-31 2349080]
"{54D0DA58-64E7-4408-BE1F-72659F70FCBE} "= "c:\program files\24MusicBar\tb24M1.dll" [2010-07-20 2393184]

[HKEY_CLASSES_ROOT\clsid\{2c9881ab-280a-43df-8e13-8655994b16e9}]

[HKEY_CLASSES_ROOT\clsid\{066ee30f-9dad-42bf-84f1-8ccbc2f0d817}]

[HKEY_CLASSES_ROOT\clsid\{9dbb9aeb-5a16-4989-a66f-c0f1c909d647}]

[HKEY_CLASSES_ROOT\clsid\{54d0da58-64e7-4408-be1f-72659f70fcbe}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter "= "c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-15 30192]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

c:\users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-27 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-15 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 crpf;crpf;c:\windows\System32\drivers\crpf.sys [2009-04-30 37920]
S0 csdf;cdsf;c:\windows\System32\drivers\csdf.sys [2009-04-30 40480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 21:25]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 21:25]

2010-11-19 c:\windows\Tasks\User_Feed_Synchronization-{06D25A4B-108D-4D04-9982-FB3495F7EE48}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80119
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 16:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP0000005B8DC3421810E55225 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-11-27 16:30:36
ComboFix-quarantined-files.txt 2010-11-27 21:30

Pre-Run: 224,341,663,744 bytes free
Post-Run: 224,421,167,104 bytes free

- - End Of File - - 370FC9E3041F5DDEFCDDA724A9840DFB

broni · 2010/11/28

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

==============================================================

Please download Rootkit Unhooker . Save it to your desktop.

Alternative download: http://www.softpedia.com/progDownload/Rootkit-Unhooker-Download-61519.html

Now double-click on RKUnhookerLE.exe to run it.

Click the Report tab, then click Scan.

Checkmark Drivers, Stealth. Uncheck the rest. Click OK.

Wait till the scanner has finished and then click File, Save Report.

Save the report to some known location. Click Close.

Copy the entire content of the report and paste it in a reply here.

Note. You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay? "

virginia · 2010/11/28

I have attached the log file from the TDSSKiller. It apparently didn't find any infections. Only took about 17 seconds to run.

I couldn't download the first link for the Rootkit Unhooker. I tried IE, Firefox, Opera, and Chrome with the same result - Couldn't connect to the site.

The alternative site link downloaded OK. I couldn't run it directly. It extracted the files first and installed as a program. When I click on the Start Menu icon to open it, I get the following dialog boxes:

Failed to enable debug privileg, not critical issue.
Error, load driver privielge not adjusted.

Then - no more options after I close those dialog boxes.

2010/11/28 18:41:12.0032 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
2010/11/28 18:41:12.0032 ================================================================================
2010/11/28 18:41:12.0032 SystemInfo:
2010/11/28 18:41:12.0032
2010/11/28 18:41:12.0032 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/28 18:41:12.0032 Product type: Workstation
2010/11/28 18:41:12.0032 ComputerName: NEAL-PC
2010/11/28 18:41:12.0032 UserName: Neal
2010/11/28 18:41:12.0032 Windows directory: C:\Windows
2010/11/28 18:41:12.0032 System windows directory: C:\Windows
2010/11/28 18:41:12.0032 Processor architecture: Intel x86
2010/11/28 18:41:12.0032 Number of processors: 2
2010/11/28 18:41:12.0032 Page size: 0x1000
2010/11/28 18:41:12.0032 Boot type: Normal boot
2010/11/28 18:41:12.0032 ================================================================================
2010/11/28 18:41:12.0313 Initialize success
2010/11/28 18:41:27.0913 ================================================================================
2010/11/28 18:41:27.0913 Scan started
2010/11/28 18:41:27.0913 Mode: Manual;
2010/11/28 18:41:27.0913 ================================================================================
2010/11/28 18:41:29.0099 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/28 18:41:29.0146 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/11/28 18:41:29.0177 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/11/28 18:41:29.0208 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/11/28 18:41:29.0255 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/11/28 18:41:29.0333 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/28 18:41:29.0426 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/11/28 18:41:29.0473 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/28 18:41:29.0520 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2010/11/28 18:41:29.0567 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/11/28 18:41:29.0614 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2010/11/28 18:41:29.0692 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/11/28 18:41:29.0754 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/28 18:41:29.0848 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/11/28 18:41:29.0926 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/11/28 18:41:29.0972 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/28 18:41:30.0019 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/28 18:41:30.0160 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/28 18:41:30.0284 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/28 18:41:30.0378 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/28 18:41:30.0596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/28 18:41:30.0674 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/28 18:41:30.0737 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/28 18:41:30.0877 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/28 18:41:30.0940 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/28 18:41:31.0002 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/28 18:41:31.0174 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/28 18:41:31.0236 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/28 18:41:31.0283 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/11/28 18:41:31.0330 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/28 18:41:31.0408 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2010/11/28 18:41:31.0454 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/11/28 18:41:31.0517 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/28 18:41:31.0579 crpf (86bf31a650116e050f22301784d3e400) C:\Windows\system32\drivers\crpf.sys
2010/11/28 18:41:31.0626 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/11/28 18:41:31.0673 csdf (9c8c79bd961cc7a49413b50d6cf4554a) C:\Windows\system32\drivers\csdf.sys
2010/11/28 18:41:31.0720 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/28 18:41:31.0798 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/28 18:41:31.0876 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2010/11/28 18:41:31.0891 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2010/11/28 18:41:31.0922 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2010/11/28 18:41:31.0954 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2010/11/28 18:41:32.0000 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2010/11/28 18:41:32.0063 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2010/11/28 18:41:32.0110 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2010/11/28 18:41:32.0172 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2010/11/28 18:41:32.0219 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2010/11/28 18:41:32.0234 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2010/11/28 18:41:32.0344 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/28 18:41:32.0375 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2010/11/28 18:41:32.0422 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2010/11/28 18:41:32.0484 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/28 18:41:32.0562 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/11/28 18:41:32.0609 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/28 18:41:32.0671 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/28 18:41:32.0734 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/11/28 18:41:32.0827 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/28 18:41:32.0890 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/28 18:41:32.0968 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/28 18:41:33.0061 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/28 18:41:33.0108 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/28 18:41:33.0155 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/28 18:41:33.0186 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/28 18:41:33.0311 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/28 18:41:33.0373 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/28 18:41:33.0436 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/28 18:41:33.0514 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/28 18:41:33.0545 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/28 18:41:33.0592 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/28 18:41:33.0685 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/28 18:41:33.0732 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/11/28 18:41:33.0810 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/11/28 18:41:33.0841 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/11/28 18:41:33.0888 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/28 18:41:33.0919 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/11/28 18:41:34.0013 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/28 18:41:34.0060 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/11/28 18:41:34.0138 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/28 18:41:34.0278 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/28 18:41:34.0325 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
2010/11/28 18:41:34.0356 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/28 18:41:34.0434 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/28 18:41:34.0543 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/28 18:41:34.0606 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/28 18:41:34.0668 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/28 18:41:34.0715 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/11/28 18:41:34.0777 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/28 18:41:34.0840 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/28 18:41:34.0886 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/28 18:41:34.0964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/28 18:41:35.0042 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/28 18:41:35.0105 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/28 18:41:35.0198 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/28 18:41:35.0276 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/28 18:41:35.0354 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/28 18:41:35.0432 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/28 18:41:35.0495 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/28 18:41:35.0900 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\Windows\system32\DRIVERS\LVcKap.sys
2010/11/28 18:41:36.0041 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2010/11/28 18:41:36.0134 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
2010/11/28 18:41:36.0212 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\lvusbsta.sys
2010/11/28 18:41:36.0290 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/28 18:41:36.0337 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/11/28 18:41:36.0400 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/28 18:41:36.0462 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/28 18:41:36.0509 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/28 18:41:36.0556 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/28 18:41:36.0602 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/28 18:41:36.0712 MpFilter (eb950bfe2432d4fdcd2dda9ca7665055) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/11/28 18:41:36.0790 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/11/28 18:41:36.0852 MpNWMon (bfd981f12c8c6beebdca70efbfdd0a08) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/11/28 18:41:36.0899 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/28 18:41:36.0977 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/28 18:41:37.0024 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/28 18:41:37.0086 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/28 18:41:37.0102 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/28 18:41:37.0133 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/28 18:41:37.0164 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
2010/11/28 18:41:37.0211 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/11/28 18:41:37.0273 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/28 18:41:37.0351 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/28 18:41:37.0414 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/28 18:41:37.0476 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/28 18:41:37.0523 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/28 18:41:37.0585 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/28 18:41:37.0632 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/28 18:41:37.0663 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/28 18:41:37.0710 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/28 18:41:37.0819 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/28 18:41:37.0897 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/28 18:41:37.0975 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/28 18:41:38.0038 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/28 18:41:38.0100 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/28 18:41:38.0147 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/28 18:41:38.0272 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/28 18:41:38.0318 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/28 18:41:38.0396 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/28 18:41:38.0459 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/28 18:41:38.0506 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/28 18:41:38.0584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/28 18:41:38.0662 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/28 18:41:38.0708 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/28 18:41:38.0818 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/11/28 18:41:39.0067 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/28 18:41:39.0176 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/11/28 18:41:39.0270 nvrd32 (dcdecb11b5a8ad813fee68fd98c60e0a) C:\Windows\system32\drivers\nvrd32.sys
2010/11/28 18:41:39.0332 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/11/28 18:41:39.0395 nvstor32 (215816305e18c3305ed3407fc375b3fd) C:\Windows\system32\drivers\nvstor32.sys
2010/11/28 18:41:39.0457 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/11/28 18:41:39.0629 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/28 18:41:39.0691 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/28 18:41:39.0722 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/28 18:41:39.0769 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/28 18:41:39.0816 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/28 18:41:39.0878 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2010/11/28 18:41:39.0941 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/28 18:41:40.0034 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/28 18:41:40.0081 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
2010/11/28 18:41:40.0206 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\Windows\system32\DRIVERS\LV302V32.SYS
2010/11/28 18:41:40.0300 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/28 18:41:40.0378 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/11/28 18:41:40.0440 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/28 18:41:40.0518 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2010/11/28 18:41:40.0580 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/11/28 18:41:40.0658 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/28 18:41:40.0705 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/28 18:41:40.0814 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/28 18:41:40.0955 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/28 18:41:41.0048 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/28 18:41:41.0095 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/28 18:41:41.0142 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/28 18:41:41.0173 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/28 18:41:41.0236 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/28 18:41:41.0298 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/11/28 18:41:41.0329 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/28 18:41:41.0407 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/28 18:41:41.0501 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/28 18:41:41.0610 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/28 18:41:41.0657 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/28 18:41:41.0719 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/28 18:41:41.0797 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/28 18:41:41.0860 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/28 18:41:41.0922 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/28 18:41:41.0984 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/28 18:41:42.0062 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/11/28 18:41:42.0109 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/28 18:41:42.0156 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/28 18:41:42.0203 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/28 18:41:42.0265 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/11/28 18:41:42.0296 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/11/28 18:41:42.0328 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/11/28 18:41:42.0390 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/28 18:41:42.0484 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/28 18:41:42.0530 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/28 18:41:42.0562 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/28 18:41:42.0593 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/28 18:41:42.0671 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/28 18:41:42.0718 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/28 18:41:42.0733 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/28 18:41:42.0780 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/28 18:41:42.0874 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/28 18:41:42.0967 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/28 18:41:43.0014 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/28 18:41:43.0045 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/28 18:41:43.0092 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/28 18:41:43.0139 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/28 18:41:43.0186 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/28 18:41:43.0248 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/28 18:41:43.0326 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/28 18:41:43.0373 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/28 18:41:43.0420 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/11/28 18:41:43.0482 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/28 18:41:43.0529 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/28 18:41:43.0576 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/11/28 18:41:43.0638 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/28 18:41:43.0700 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/28 18:41:43.0763 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/28 18:41:43.0841 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/11/28 18:41:43.0888 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/28 18:41:43.0934 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/28 18:41:43.0966 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/28 18:41:44.0012 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/28 18:41:44.0044 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/28 18:41:44.0075 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/28 18:41:44.0106 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/28 18:41:44.0153 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/28 18:41:44.0215 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/28 18:41:44.0231 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/28 18:41:44.0278 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/11/28 18:41:44.0293 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/11/28 18:41:44.0340 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2010/11/28 18:41:44.0387 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/28 18:41:44.0434 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/28 18:41:44.0480 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/28 18:41:44.0512 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/11/28 18:41:44.0558 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/28 18:41:44.0590 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/28 18:41:44.0621 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/28 18:41:44.0668 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/11/28 18:41:44.0730 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/28 18:41:44.0855 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/11/28 18:41:44.0980 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/28 18:41:45.0089 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/28 18:41:45.0198 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/28 18:41:45.0260 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/11/28 18:41:45.0370 ================================================================================
2010/11/28 18:41:45.0370 Scan finished
2010/11/28 18:41:45.0370 ================================================================================
2010/11/28 18:45:25.0938 Deinitialize success

broni · 2010/11/28

See, if you can install/update Malwarebytes, turn Windows firewall on.

virginia · 2010/11/28

Still no internet connection. Malwarebytes would open but when I tried to update I got and Error Code 732 (1215,0). Couldn't turn the Windows Firewall on - got a message to the effect that "...the Firewall Associated Service is not running..." I rebooted the modem and restarted the computer but that had no effect.

broni · 2010/11/28

1. Click Start>Run (Start> "Start search" in Vista).

2. Type in (or copy and paste):

cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

and press Enter.

3. Notepad will open.

4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.

virginia · 2010/11/28

Not much there:

Unable to initialize Windows Sockets interface, error code 10107.

broni · 2010/11/28

It looks like winsock is messed up.

What type of connection is it?

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
See, if the "ping" command will work now.

virginia · 2010/11/29

The connection is a broadband cable. I will take my laptop down later and try it just to make sure there is no problem with his connection. I am on the same internet provider and am having no problems from the provider.

I followed your latest instruction and this is the message we got:

Initialization Function IniHelper.Dll in NSHHTTP.DLL failed to start with the error code 10107
Resetting Echo Request, failed
Access is denied
Resetting Interface, OK!
A reboot is required to complete this action

C:\Windows\system32>
Click to expand...

As the message indicated a reboot was in order, I closed out the Command Prompt dialog box and rebooted the computer. I brought the Command Prompt up again and repeated the instructions and got the above message again.

virginia · 2010/11/29

Broni,

Before you do any more on this, I want to try another modem on my friend's setup. I just took my laptop to his place and was not able to access the internet. When I brought it back to my apartment, I was able to access the internet so I am suspecting his modem.

I just located a known good modem I can use temporarily and will check this out tomorrow. If this turns out to be the problem, you can shoot me.

broni · 2010/11/29

Aha....keep me posted.
My gun is ready.....LOL

virginia · 2010/11/30

False alarm on the modem as the problem. The good modem had no impact on his computer. When I put his modem back in line, I was able to access the internet with my laptop. Don't know what the problem was yesterday - you probably suspect incompetence but I'm not pleading guilty yet.

So it appears we are back to the issue of WinSock problem and the results I posted after your instructions there (Posts #16 and #17).

Log in or Sign up

Inactive PC RX Invasion?

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

Share This Page

Log in or Sign up

Inactive PC RX Invasion?

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

virginia Geek Member Thread Starter

broni Moderator Malware Analyst

virginia Geek Member Thread Starter

Share This Page

Useful Searches