Every few minutes on firefox, a new tab automatically opens and goes to error404.com, a site that advertises some computer services. Before this, I had some popups that tried to install SPOOLS.EXE although windows blocked the installation each time. I don't know if this has anything to do with it. Furthermore, since then, firefox keeps lagging, freezing, and crashing for no reason. I have run malwarebytes, adaware, and spybot but nothing seems to solve the problem. I am not very computer literate so any help would be much appreciated, thanks.
DDS LOG:
DDS (Ver_09-06-26.01) - NTFSx86
Run by chtran at 16:04:14.31 on Wed 11/11/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.613 [GMT -8:00]
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\LEXPPS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\chtran\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = By DSLExtreme
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mWindow Title = By DSLExtreme
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [Google Update] "c:\users\chtran\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Microshit] c:\recycle\x-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe
uRun: [Defence] "c:\programdata\defence\smss.exe" -SystemDefence
uRun: [Lsass Service] c:\users\chtran\appdata\roaming\microsoft\windows\lsass.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Ixikegizutazetif] rundll32.exe "c:\users\chtran\appdata\local\d1bylb.dll",Startup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [V0250Cfg.exe] V0250Cfg.exe /d:3
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\chtran\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: antimalwareguard.com
TCP: {3D043B09-6D04-416F-98FD-37C14266FA88} = 66.51.205.100,66.51.206.100
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\chtran\appdata\roaming\mozilla\firefox\profiles\22dj80i1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?query=
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\chtran\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\chtran\appdata\roaming\mozilla\firefox\profiles\22dj80i1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\chtran\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-17 64288]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080407.002\IDSvix86.sys [2008-4-8 261680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2007-11-15 204800]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-11 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-2-10 109616]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-31 38224]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-10-30 9344]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-10-30 812544]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2008-2-9 163840]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-11-15 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-11-15 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-11-15 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-10-31 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-10-31 79136]
=============== Created Last 30 ================
2009-11-10 22:47 351,232 a------- c:\windows\system32\WSDApi.dll
2009-11-10 22:36 2,035,712 a------- c:\windows\system32\win32k.sys
2009-11-09 23:18 <DIR> --d----- c:\programdata\Defence
2009-11-09 23:18 <DIR> --d----- c:\progra~2\Defence
2009-11-06 22:44 <DIR> --d----- c:\program files\iPod
2009-11-06 22:44 <DIR> --d----- c:\program files\iTunes
2009-11-04 19:33 <DIR> --dsh--- c:\programdata\8026cdd
2009-11-04 19:33 <DIR> --dsh--- c:\progra~2\8026cdd
2009-11-04 19:29 <DIR> --d----- c:\windows\system32\TVUAx
2009-10-30 21:30 93,360 a------- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 14:59 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-27 14:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-22 20:52 <DIR> --dshr-- C:\Recycle
2009-10-20 16:01 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-20 16:01 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-20 16:01 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-20 16:01 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-17 12:59 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-17 12:57 <DIR> -cd-h--- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-17 12:57 <DIR> -cd-h--- c:\progra~2\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-13 19:19 428,544 a------- c:\windows\system32\EncDec.dll
2009-10-13 19:19 217,088 a------- c:\windows\system32\psisrndr.ax
2009-10-13 19:19 293,376 a------- c:\windows\system32\psisdecd.dll
2009-10-13 19:19 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-10-13 19:19 80,896 a------- c:\windows\system32\MSNP.ax
2009-10-13 19:19 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-13 19:19 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-13 19:19 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
==================== Find3M ====================
2009-11-11 15:29 4,246 a------- c:\users\chtran\appdata\roaming\wklnhst.dat
2009-11-02 20:42 195,456 -------- c:\windows\system32\MpSigStub.exe
2009-10-30 21:29 15,880 a------- c:\windows\system32\lsdelete.exe
2009-10-07 09:09 85,888 a------- c:\users\chtran\appdata\roaming\GDIPFONTCACHEV1.DAT
2009-09-11 21:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-11 21:41 86,016 a------- c:\windows\inf\infstor.dat
2009-09-11 21:41 51,200 a------- c:\windows\inf\infpub.dat
2009-09-10 09:30 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 04:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 04:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 04:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 04:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 04:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 02:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:32 833,024 a------- c:\windows\system32\wininet.dll
2009-08-27 05:29 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-27 02:58 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 08:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 08:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 06:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 06:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 06:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 06:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 06:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 06:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 06:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2008-09-18 08:09 174 a--sh--- c:\program files\desktop.ini
2008-09-18 01:37 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-02 17:42 88 ---shr-- c:\windows\system32\F911BFEE74.sys
2008-08-02 17:43 3,452 a--sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 16:05:51.05 ===============
RootRepeal LOG
OOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/11 16:08
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x83310000 Size: 778240 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAED6F000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1252 Status: Locked to the Windows API!
SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x87956bf8
#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x87956c78
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x87955778
#: 054 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x878c1a50
#: 064 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x855f6218
#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x87956670
#: 072 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x855fdc38
#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x855fdbc0
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x87955908
#: 123 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x855f61a0
#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x855fdcb0
#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8794c668
#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x87956740
#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x87956800
#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x87955388
#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x879565b0
#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x87955848
#: 202 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x87955160
#: 255 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x855fd788
#: 261 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x855fd620
#: 267 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x855fde18
#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x878fcac0
#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x87956fd0
#: 293 Function Name: NtSetDefaultUILanguage
Status: Hooked by "<unknown>" at address 0x855fd878
#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x87955230
#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x87956f00
#: 307 Function Name: NtSetInformationToken
Status: Hooked by "<unknown>" at address 0x855fdda0
#: 309 Function Name: NtSetIoCompletion
Status: Hooked by "<unknown>" at address 0x855fdad0
#: 310 Function Name: NtSetLdtEntries
Status: Hooked by "<unknown>" at address 0x855fd8f0
#: 328 Function Name: NtStartProfile
Status: Hooked by "<unknown>" at address 0x855fdd28
#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x879564f0
#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x87956d80
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x878fc418
#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x87956e40
#: 338 Function Name: NtThawTransactions
Status: Hooked by "<unknown>" at address 0x855fdb48
#: 339 Function Name: NtTraceEvent
Status: Hooked by "<unknown>" at address 0x855fd968
#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8794c5e8
#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8794c738
#: 362 Function Name: NtReleaseKeyedEvent
Status: Hooked by "<unknown>" at address 0x855fd698
#: 389 Function Name: NtAcquireCMFViewOwnership
Status: Hooked by "<unknown>" at address 0x855fd5a8
==EOF==