Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE 8 Crashes then Recovers Every Few Minutes

Started by Joe Lo , Mar 05 2011 04:32 PM

  • This topic is locked This topic is locked

#1
Joe Lo
Posted 05 March 2011 - 04:32 PM

Joe Lo

    New Member

  • Member
  • Pip
  • 4 posts
Here are the symptons:

In IE 8:

Every few minutes IE message comes up "IE has stopped working."
Then "tab has been recovered."
Then "Data Execution Program has blocked a script"

Microsoft updates cannot be updated.

Also, pages load very, very slowly.
Also, text boxes hang-up. For example, as I started to type this, I had to pause between letters and retype many letters after long pauses.

Has infected second wireless network computer.

Downloaded Hitman and it closed the program after a 15% review. It identified BHO.dll and Relevant Knowledge Files as problems.
Help!@?
  • 0

Advertisements

#2
Gammo
Posted 14 March 2011 - 11:08 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
  • 0

#3
Joe Lo
Posted 14 March 2011 - 10:45 PM

Joe Lo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here's the OTL, the Extras file didn't come up. Did I miss a setting?

OTL logfile created on: 3/14/2011 9:39:01 PM - Run 3
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\LoBasso Family\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 189.92 Gb Free Space | 42.14% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.38 Gb Free Space | 55.85% Space Free | Partition Type: NTFS

Computer Name: LOBASSO | User Name: LoBasso Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 21:54:43 | 002,250,024 | ---- | M] () -- c:\LoBasso Programs\mw2\SteamApps\common\far cry 2\installers\PunkBuster\pbsvc.exe
PRC - [2011/03/04 21:46:35 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\LoBasso Family\Desktop\OTL.exe
PRC - [2011/03/02 17:47:13 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\LoBasso Programs\mw2\bin\SteamService.exe
PRC - [2011/01/13 00:40:20 | 003,252,880 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/01/13 00:40:20 | 000,931,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/12/25 09:48:18 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/12/12 16:18:15 | 000,028,766 | ---- | M] (FilmFanatic) -- C:\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe
PRC - [2010/12/12 16:18:15 | 000,020,480 | ---- | M] (FilmFanatic) -- C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe
PRC - [2010/10/16 01:01:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe
PRC - [2010/09/17 22:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/04/07 13:57:42 | 000,099,896 | R--- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/08/21 23:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 11:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/07/18 05:42:10 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/18 05:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/06/13 09:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2008/06/13 09:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe
PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 21:46:35 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\LoBasso Family\Desktop\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
SRV - [2011/03/02 17:47:13 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/13 00:40:20 | 003,252,880 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/12/12 16:18:15 | 000,028,766 | ---- | M] (FilmFanatic) [Auto | Running] -- C:\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe -- (FilmFanaticService)
SRV - [2010/09/17 22:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/07 13:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/08/21 23:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/07/23 23:34:42 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/03/03 17:27:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/18 05:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/02/27 17:53:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 23:47:10 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/08/19 08:32:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/19 08:32:06 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/05 16:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2010/02/05 06:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2010/01/27 16:52:40 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/10/28 15:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/08/21 23:37:16 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/21 23:37:16 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/21 23:37:16 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/21 23:37:16 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/21 23:37:16 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/21 23:37:16 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/21 23:37:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/18 18:47:09 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 11:59:24 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/17 03:24:48 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/10/17 03:24:48 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/21 04:18:20 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/07/10 04:28:50 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 19:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myyahoo.com/
IE - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\URLSearchHook: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (FilmFanatic)
IE - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FilmFanatic\bar\1.bin [2010/12/12 16:18:17 | 000,000,000 | ---D | M]

[2010/12/31 09:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LoBasso Family\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll (PlaySushi LLC)
O2 - BHO: (Toolbar BHO) - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O2 - BHO: (Facetheme) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files\Object\bho_project.dll (Facetheme.com)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Search Assistant BHO) - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (FilmFanatic)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (FilmFanatic) - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\Toolbar\ShellBrowser: (FilmFanatic) - {0B84B4B4-8AF8-4F1F-91FE-074A666F6425} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O3 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\Toolbar\WebBrowser: (FilmFanatic) - {0B84B4B4-8AF8-4F1F-91FE-074A666F6425} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O3 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [FilmFanatic Browser Plugin Loader] C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe (FilmFanatic)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003..\Run: [{527BD3AD-6E31-7316-10B9-24758F1C2FC4}] File not found
O4 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003..\Run: [ISUSPM] File not found
O4 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003..\Run: [ktmudisc] C:\Users\LoBasso Family\AppData\Local\Temp\p2phKEYs.dll ()
O4 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003..\Run: [Steam] c:\lobasso programs\mw2\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\LoBasso Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealm...msInstaller.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\LoBasso Family\Pictures\11 01 Rose Parade\Rose Parade.jpg
O24 - Desktop BackupWallPaper: C:\Users\LoBasso Family\Pictures\11 01 Rose Parade\Rose Parade.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{76bad080-1033-11de-a064-0021704b527e}\Shell - "" = AutoRun
O33 - MountPoints2\{76bad080-1033-11de-a064-0021704b527e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{aa28bad6-376f-11e0-b8d9-0021704b527e}\Shell - "" = AutoRun
O33 - MountPoints2\{aa28bad6-376f-11e0-b8d9-0021704b527e}\Shell\AutoRun\command - "" = M:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/12 18:34:51 | 000,000,000 | ---D | C] -- C:\Users\LoBasso Family\Documents\New Folder
[2011/03/11 22:05:03 | 000,000,000 | ---D | C] -- C:\Users\LoBasso Family\Documents\Call of Juarez - Bound in Blood
[2011/03/10 23:59:11 | 000,000,000 | ---D | C] -- C:\Users\LoBasso Family\Desktop\FMPA_Updater
[2011/03/04 23:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/04 21:46:22 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\LoBasso Family\Desktop\OTL.exe
[2011/03/02 00:50:14 | 000,000,000 | ---D | C] -- C:\Users\LoBasso Family\AppData\Roaming\CA Solutions Constructability
[2011/02/28 22:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/02/25 08:21:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/25 00:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark 3600-4600 Series
[2011/02/25 00:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/02/19 11:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2010
[2011/02/15 12:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/02/13 10:31:32 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/02/13 10:26:23 | 000,000,000 | ---D | C] -- C:\Users\LoBasso Family\{64972d2e-4bf9-4742-bacf-772f96ac77c8}
[2011/02/13 10:18:31 | 000,017,408 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\System32\drivers\mvusbews.sys
[2009/09/12 17:15:26 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2009/09/12 17:15:25 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2009/09/12 17:15:25 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2009/09/12 17:15:25 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2009/09/12 17:15:24 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2009/09/12 17:15:24 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2009/09/12 17:15:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2009/09/12 17:15:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2009/09/12 17:15:23 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe
[2009/09/12 17:15:22 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2009/09/12 17:15:21 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe
[2009/09/12 17:15:20 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2009/09/12 17:15:20 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2009/09/12 17:15:20 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/14 21:18:45 | 000,065,556 | ---- | M] () -- C:\Users\LoBasso Family\Desktop\Rootkit Unhooker
[2011/03/14 21:17:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 21:17:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 13:39:35 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D4CF394A-5614-4897-A477-F6515673A8B0}.job
[2011/03/10 07:23:45 | 000,650,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/10 07:23:45 | 000,121,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/09 06:40:01 | 000,022,328 | ---- | M] () -- C:\Users\LoBasso Family\AppData\Roaming\PnkBstrK.sys
[2011/03/09 06:37:38 | 000,107,832 | ---- | M] () -- C:\Users\LoBasso Family\AppData\Roaming\PnkBstrB.exe
[2011/03/09 06:37:32 | 002,250,024 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011/03/07 17:17:09 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/03/07 17:17:03 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011/03/07 17:16:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/07 17:16:53 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 21:50:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/04 23:47:10 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/04 21:46:35 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\LoBasso Family\Desktop\OTL.exe
[2011/03/04 06:16:21 | 000,459,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/02 00:22:39 | 000,006,836 | ---- | M] () -- C:\Users\LoBasso Family\AppData\Local\d3d9caps.dat
[2011/02/19 11:46:45 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/02/19 10:13:23 | 000,104,960 | ---- | M] () -- C:\Users\LoBasso Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 21:24:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2011/02/15 21:06:01 | 000,000,210 | ---- | M] () -- C:\Users\LoBasso Family\Desktop\HP LaserJet Professional P1102w - Shortcut.lnk
[2011/02/13 09:24:39 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/14 21:18:45 | 000,065,556 | ---- | C] () -- C:\Users\LoBasso Family\Desktop\Rootkit Unhooker
[2011/03/07 17:16:53 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/04 23:47:10 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/25 08:19:03 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/25 08:19:03 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/25 08:19:03 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/19 11:46:45 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/02/15 21:24:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2011/02/15 21:06:01 | 000,000,210 | ---- | C] () -- C:\Users\LoBasso Family\Desktop\HP LaserJet Professional P1102w - Shortcut.lnk
[2011/02/13 10:28:00 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2011/02/13 10:28:00 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2011/02/13 10:18:34 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2011/02/13 10:18:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2011/02/13 10:18:29 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2010/11/30 19:46:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/10/14 03:03:29 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/10/05 15:16:28 | 000,001,940 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/22 07:11:03 | 000,107,832 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Roaming\PnkBstrB.exe
[2010/07/22 07:10:30 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/04/17 11:27:27 | 000,000,120 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Local\Asomuronece.dat
[2010/04/17 11:27:27 | 000,000,000 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Local\Nziji.bin
[2010/04/17 11:25:44 | 000,000,020 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Roaming\kcmdte.dat
[2010/04/17 11:25:38 | 000,000,004 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Roaming\avdrn.dat
[2010/01/16 15:43:27 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/01/16 15:43:27 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/12/22 21:20:21 | 000,022,328 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Roaming\PnkBstrK.sys
[2009/12/22 21:17:53 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009/09/12 17:21:26 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxdxcoin.dll
[2009/09/12 17:20:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2009/09/12 17:18:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2009/09/12 17:18:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2009/09/12 17:18:41 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2009/09/12 17:17:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/09/12 17:17:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/09/12 17:17:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/09/12 17:17:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/09/12 17:15:46 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2009/09/12 17:15:26 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2009/09/12 17:15:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2009/08/07 15:33:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/07 15:33:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/02 20:38:36 | 000,044,544 | ---- | C] () -- C:\Windows\System32\gif89.dll
[2009/05/02 20:38:16 | 000,000,343 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/04/17 03:11:06 | 000,006,836 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Local\d3d9caps.dat
[2009/04/01 11:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2009/03/25 23:20:31 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2009/03/25 23:20:31 | 000,000,095 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/03/14 23:23:00 | 000,104,960 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 23:03:05 | 000,152,253 | ---- | C] () -- C:\Windows\UnPHI4.exe
[2009/03/14 23:03:05 | 000,109,056 | ---- | C] () -- C:\Windows\UnPHI4B.exe
[2009/03/14 23:03:05 | 000,000,057 | ---- | C] () -- C:\Windows\phi4.ini
[2009/03/14 17:58:41 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2009/03/13 18:46:03 | 000,000,168 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/03/03 19:58:17 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/03/03 19:58:17 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/03/03 19:58:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/03/03 19:58:17 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/03/03 19:58:17 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/03/03 19:58:17 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/03/03 19:54:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/03 12:03:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,459,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,650,972 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,121,486 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/04/08 08:55:55 | 000,000,000 | -HSD | M] -- C:\Users\LoBasso Family\AppData\Roaming\.#
[2010/08/30 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\AnVi
[2009/04/05 08:04:27 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Autodesk
[2010/10/13 21:25:31 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Azmaz
[2010/07/25 08:09:06 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Bioshock
[2009/04/14 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\CA Solution For IBI
[2011/03/02 00:50:14 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\CA Solutions Constructability
[2010/08/07 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\CA Solutions IBI
[2009/08/23 11:09:57 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\FileMaker
[2009/07/12 10:46:49 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\FileMaker Pro Advanced
[2010/10/14 03:23:08 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Hosobe
[2009/03/13 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Leadertech
[2011/01/28 20:17:31 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Leawo
[2009/11/27 09:31:30 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Lexmark Productivity Studio
[2010/09/07 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Mount&Blade
[2010/09/09 07:55:44 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Mount&Blade Warband
[2011/01/28 20:17:31 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Moyea
[2009/03/25 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\pdf995
[2009/10/16 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\PlayFirst
[2009/12/26 07:54:31 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Ubisoft
[2009/03/23 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\LoBasso Family\AppData\Roaming\Windows Live Writer
[2011/03/07 17:17:03 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2011/03/05 21:50:58 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/14 13:39:35 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D4CF394A-5614-4897-A477-F6515673A8B0}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9AB338B9

< End of report >
  • 0

#4
Joe Lo
Posted 14 March 2011 - 10:46 PM

Joe Lo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Rootkit File

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #4
==============================================
>Drivers
==============================================
0x8E807000 C:\Windows\system32\DRIVERS\atikmdag.sys 5943296 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82252000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82252000 PnpManager 3907584 bytes
0x82252000 RAW 3907584 bytes
0x82252000 WMIxWDM 3907584 bytes
0x8F40F000 C:\Windows\system32\drivers\RTKVHDA.sys 2150400 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9B8C0000 Win32k 2109440 bytes
0x9B8C0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A60C000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8A2CF000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8A43E000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DD000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA02C7000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9E601000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8A552000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8EE05000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8060B000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x90079000 C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x8A25E000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80413000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9E6E0000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x90004000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8F371000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSvix86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0x8A206000 C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes)
0xA0279000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9BB10000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x80730000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F748000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80694000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x900F4000 C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0x8049C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EF77000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8F291000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8EE9D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F335000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A403000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA0200000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A71C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8F24B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8F6B8000 C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0x8221F000 ACPI_HAL 208896 bytes
0x8221F000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807CC000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F790000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EF48000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8F2D0000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x805CD000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8F20A000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA03A5000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA0251000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A76C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EB000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8F2FD000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8F6EC000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8EDBE000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8EF08000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver )
0x8A7A4000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9E798000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F64F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9E7B9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807AE000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9E74D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8A528000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x901DE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9E76A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8EF2A000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA0239000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90062000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EFC3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9014D000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9E7EA000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F7C2000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F6A2000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9E783000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8A3DA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F71F000 C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0x90136000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA03E3000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8EDE1000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F734000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9E6C1000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F322000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9E7D8000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A793000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F280000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80483000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805BD000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9016D000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9E6B1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80796000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8EEEA000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8A3EF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A543000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x901CF000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A75D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80712000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8EFE5000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8EEDB000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80721000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EEFA000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9BB00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F7E1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F68B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80781000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8F711000 C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS 57344 bytes (Symantec Corporation, NDIS Filter Driver)
0x901A5000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F23E000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x9018E000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x80687000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9E6D4000 C:\Windows\system32\DRIVERS\RtNdPt60.sys 49152 bytes (Windows ® Codename Longhorn DDK provider, NDIS User mode I/O Driver)
0xA03D7000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F643000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EDB2000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x901B2000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8EFF4000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8EDF5000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F680000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EFDA000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8EFB8000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A7EE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8EE92000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x901C5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8F234000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8F400000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA03CD000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8F7EF000 C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x9019B000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x8F3D3000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
0x8F633000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8A7C5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F61C000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90164000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9017D000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8F3DD000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8A255000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F699000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x8F7D8000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0x9BAE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A600000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DA000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807A6000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80494000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x901BD000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x90186000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E3000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F670000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F678000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A755000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8F62C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F63C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8077A000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8040C000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F625000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8078F000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8EF42000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8EE00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9014B000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x07210000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 102400 bytes
0x08090000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 1036288 bytes
0x09530000 Hidden Image-->Xceed.Compression.dll [ EPROCESS 0x897351D0 ] PID: 6900, 110592 bytes
0x00360000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x88E7E620 ] PID: 3448, 118784 bytes
0x018B0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 118784 bytes
0x077C0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 126976 bytes
0x09650000 Hidden Image-->Xceed.FileSystem.dll [ EPROCESS 0x897351D0 ] PID: 6900, 135168 bytes
0x07790000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 143360 bytes
0x07EF0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 1699840 bytes
0x073D0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 217088 bytes
0x05E90000 Hidden Image-->SBAIAPI.dll [ EPROCESS 0x897351D0 ] PID: 6900, 217088 bytes
0x091D0000 Hidden Image-->Xceed.Zip.dll [ EPROCESS 0x897351D0 ] PID: 6900, 225280 bytes
0x08190000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 233472 bytes
0x05550000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 274432 bytes
0x00970000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x88E7E620 ] PID: 3448, 28672 bytes
0x00AE0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x88E7E620 ] PID: 3448, 28672 bytes
0x01D50000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x897F85B8 ] PID: 3416, 28672 bytes
0x00270000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x002E0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x03CF0000 Hidden Image-->LOCALIZATION.Foundation.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x03D70000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x04C00000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x04D30000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x04E50000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x04E40000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x04E90000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x04EA0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x051C0000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x051B0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x051D0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x055A0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x056E0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x056F0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x05740000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x05770000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x05760000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x05820000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x05830000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x06050000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x06000000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x067C0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x067E0000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x06B00000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x071A0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x071B0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x071F0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x07240000 Hidden Image-->atixclib.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x07440000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x07450000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x07640000 Hidden Image-->Branding.dll [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x07770000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 28672 bytes
0x06A90000 Hidden Image-->SBAIUI.dll [ EPROCESS 0x897351D0 ] PID: 6900, 28672 bytes
0x06DA0000 Hidden Image-->extensibility.dll [ EPROCESS 0x897351D0 ] PID: 6900, 28672 bytes
0x098F0000 Hidden Image-->Xceed.Grid.UIStyle.dll [ EPROCESS 0x897351D0 ] PID: 6900, 307200 bytes
0x08780000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 364544 bytes
0x00BB0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x88E7E620 ] PID: 3448, 36864 bytes
0x00CC0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x88E7E620 ] PID: 3448, 36864 bytes
0x00360000 Hidden Image-->app4r.monitor.common.dll [ EPROCESS 0x89601310 ] PID: 1176, 36864 bytes
0x00240000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x03D10000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x03CE0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x03DA0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x040E0000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x041E0000 Hidden Image-->LOCALIZATION.Foundation.Implementation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x04F20000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x057F0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x05D40000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x05D10000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x05DC0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x06380000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x071D0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 36864 bytes
0x05F00000 Hidden Image-->stdole.dll [ EPROCESS 0x897351D0 ] PID: 6900, 36864 bytes
0x075D0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 372736 bytes
0x07130000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 405504 bytes
0x07560000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 413696 bytes
0x08320000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 446464 bytes
0x08390000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 446464 bytes
0x00380000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x88E7E620 ] PID: 3448, 45056 bytes
0x00940000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x88E7E620 ] PID: 3448, 45056 bytes
0x01C40000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x897F85B8 ] PID: 3416, 45056 bytes
0x00380000 Hidden Image-->app4r.monitor.core.dll [ EPROCESS 0x89601310 ] PID: 1176, 45056 bytes
0x00260000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 45056 bytes
0x004B0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 45056 bytes
0x03D80000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 45056 bytes
0x05800000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 45056 bytes
0x05C80000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 45056 bytes
0x05D30000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 45056 bytes
0x05DB0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 45056 bytes
0x08700000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 462848 bytes
0x08A20000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 479232 bytes
0x07350000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 495616 bytes
0x0B0E0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x897351D0 ] PID: 6900, 507904 bytes
0x00A80000 Hidden Image-->DebugLogger.dll [ EPROCESS 0x89141D90 ] PID: 2244, 53248 bytes
0x00D60000 Hidden Image-->HPHTTPProxy.dll [ EPROCESS 0x89141D90 ] PID: 2244, 53248 bytes
0x00D40000 Hidden Image-->HPServiceCommunicator.dll [ EPROCESS 0x89141D90 ] PID: 2244, 53248 bytes
0x03D00000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x03D40000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x03D90000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x04E80000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x04C10000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x057E0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x05D00000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x05D50000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x06360000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x06F20000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x071E0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x07230000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 53248 bytes
0x087E0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 602112 bytes
0x03CD0000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 61440 bytes
0x04F00000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 61440 bytes
0x05D80000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 61440 bytes
0x05FF0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 61440 bytes
0x062E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 61440 bytes
0x06340000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 61440 bytes
0x084B0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 684032 bytes
0x00950000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x88E7E620 ] PID: 3448, 69632 bytes
0x00970000 Hidden Image-->app4r.devmons.mcmdevmon.dll [ EPROCESS 0x89601310 ] PID: 1176, 69632 bytes
0x002C0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 69632 bytes
0x00500000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 69632 bytes
0x05DD0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 69632 bytes
0x06060000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 69632 bytes
0x062C0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 69632 bytes
0x06390000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 69632 bytes
0x07990000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 700416 bytes
0x01550000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x897F85B8 ] PID: 3416, 77824 bytes
0x03D20000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 77824 bytes
0x056C0000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 77824 bytes
0x05780000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 77824 bytes
0x05CD0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 77824 bytes
0x08630000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 806912 bytes
0x097C0000 Hidden Image-->Xceed.Grid.dll [ EPROCESS 0x897351D0 ] PID: 6900, 815104 bytes
0x08950000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 823296 bytes
0x05CB0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 86016 bytes
0x06020000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 86016 bytes
0x06320000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 86016 bytes
0x07650000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x850986D8 ] PID: 3480, 86016 bytes
  • 0

#5
Gammo
Posted 15 March 2011 - 02:46 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2010/12/12 16:18:15 | 000,028,766 | ---- | M] (FilmFanatic) [Auto | Running] -- C:\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe -- (FilmFanaticService)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\URLSearchHook: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (FilmFanatic)
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FilmFanatic\bar\1.bin [2010/12/12 16:18:17 | 000,000,000 | ---D | M]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll (PlaySushi LLC)
O2 - BHO: (Toolbar BHO) - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O2 - BHO: (Facetheme) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files\Object\bho_project.dll (Facetheme.com)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Search Assistant BHO) - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (FilmFanatic)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (FilmFanatic) - {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\Toolbar\ShellBrowser: (FilmFanatic) - {0B84B4B4-8AF8-4F1F-91FE-074A666F6425} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O3 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\Toolbar\WebBrowser: (FilmFanatic) - {0B84B4B4-8AF8-4F1F-91FE-074A666F6425} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O3 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [FilmFanatic Browser Plugin Loader] C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe (FilmFanatic)
O4 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003..\Run: [{527BD3AD-6E31-7316-10B9-24758F1C2FC4}] File not found
O4 - HKU\S-1-5-21-659033489-2536866663-3761728600-1003..\Run: [ktmudisc] C:\Users\LoBasso Family\AppData\Local\Temp\p2phKEYs.dll ()
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O33 - MountPoints2\{76bad080-1033-11de-a064-0021704b527e}\Shell - "" = AutoRun
O33 - MountPoints2\{76bad080-1033-11de-a064-0021704b527e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{aa28bad6-376f-11e0-b8d9-0021704b527e}\Shell - "" = AutoRun
O33 - MountPoints2\{aa28bad6-376f-11e0-b8d9-0021704b527e}\Shell\AutoRun\command - "" = M:\SISetup.exe
[2011/02/13 10:26:23 | 000,000,000 | ---D | C] -- C:\Users\LoBasso Family\{64972d2e-4bf9-4742-bacf-772f96ac77c8}
[2010/04/17 11:27:27 | 000,000,120 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Local\Asomuronece.dat
[2010/04/17 11:27:27 | 000,000,000 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Local\Nziji.bin
[2010/04/17 11:25:44 | 000,000,020 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Roaming\kcmdte.dat
[2010/04/17 11:25:38 | 000,000,004 | ---- | C] () -- C:\Users\LoBasso Family\AppData\Roaming\avdrn.dat
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\FilmFanatic
C:\Program Files\PlaySushi
C:\Program Files\Object
C:\Program Files\Ask.com
C:\Program Files\SGPSA
C:\Program Files\Fast Browser Search

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#6
Gammo
Posted 02 April 2011 - 04:40 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP