Every few minutes on firefox, a new tab automatically opens and goes to error404.com, a site that advertises some computer services. Before this, I had some popups that tried to install SPOOLS.EXE although windows blocked the installation each time. I don't know if this has anything to do with it. Furthermore, since then, firefox keeps lagging, freezing, and crashing for no reason. I have run malwarebytes, adaware, and spybot but nothing seems to solve the problem. I am not very computer literate so any help would be much appreciated, thanks.
DDS LOG:
DDS (Ver_09-06-26.01) - NTFSx86
Run by chtran at 16:04:14.31 on Wed 11/11/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.613 [GMT -8:00]
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\LEXPPS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\chtran\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = By DSLExtreme
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mWindow Title = By DSLExtreme
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [Google Update] "c:\users\chtran\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Microshit] c:\recycle\x-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe
uRun: [Defence] "c:\programdata\defence\smss.exe" -SystemDefence
uRun: [Lsass Service] c:\users\chtran\appdata\roaming\microsoft\windows\lsass.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Ixikegizutazetif] rundll32.exe "c:\users\chtran\appdata\local\d1bylb.dll",Startup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [V0250Cfg.exe] V0250Cfg.exe /d:3
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\chtran\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: antimalwareguard.com
TCP: {3D043B09-6D04-416F-98FD-37C14266FA88} = 66.51.205.100,66.51.206.100
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\chtran\appdata\roaming\mozilla\firefox\profiles\22dj80i1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?query=
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\chtran\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\chtran\appdata\roaming\mozilla\firefox\profiles\22dj80i1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\chtran\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-17 64288]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080407.002\IDSvix86.sys [2008-4-8 261680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2007-11-15 204800]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-11 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-2-10 109616]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-31 38224]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-10-30 9344]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-10-30 812544]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2008-2-9 163840]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-11-15 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-11-15 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-11-15 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-10-31 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-10-31 79136]
=============== Created Last 30 ================
2009-11-10 22:47 351,232 a------- c:\windows\system32\WSDApi.dll
2009-11-10 22:36 2,035,712 a------- c:\windows\system32\win32k.sys
2009-11-09 23:18 <DIR> --d----- c:\programdata\Defence
2009-11-09 23:18 <DIR> --d----- c:\progra~2\Defence
2009-11-06 22:44 <DIR> --d----- c:\program files\iPod
2009-11-06 22:44 <DIR> --d----- c:\program files\iTunes
2009-11-04 19:33 <DIR> --dsh--- c:\programdata\8026cdd
2009-11-04 19:33 <DIR> --dsh--- c:\progra~2\8026cdd
2009-11-04 19:29 <DIR> --d----- c:\windows\system32\TVUAx
2009-10-30 21:30 93,360 a------- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 14:59 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-27 14:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-22 20:52 <DIR> --dshr-- C:\Recycle
2009-10-20 16:01 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-20 16:01 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-20 16:01 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-20 16:01 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-17 12:59 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-17 12:57 <DIR> -cd-h--- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-17 12:57 <DIR> -cd-h--- c:\progra~2\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-13 19:19 428,544 a------- c:\windows\system32\EncDec.dll
2009-10-13 19:19 217,088 a------- c:\windows\system32\psisrndr.ax
2009-10-13 19:19 293,376 a------- c:\windows\system32\psisdecd.dll
2009-10-13 19:19 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-10-13 19:19 80,896 a------- c:\windows\system32\MSNP.ax
2009-10-13 19:19 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-13 19:19 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-13 19:19 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
==================== Find3M ====================
2009-11-11 15:29 4,246 a------- c:\users\chtran\appdata\roaming\wklnhst.dat
2009-11-02 20:42 195,456 -------- c:\windows\system32\MpSigStub.exe
2009-10-30 21:29 15,880 a------- c:\windows\system32\lsdelete.exe
2009-10-07 09:09 85,888 a------- c:\users\chtran\appdata\roaming\GDIPFONTCACHEV1.DAT
2009-09-11 21:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-11 21:41 86,016 a------- c:\windows\inf\infstor.dat
2009-09-11 21:41 51,200 a------- c:\windows\inf\infpub.dat
2009-09-10 09:30 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 04:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 04:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 04:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 04:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 04:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 02:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:32 833,024 a------- c:\windows\system32\wininet.dll
2009-08-27 05:29 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-27 02:58 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 08:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 08:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 06:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 06:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 06:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 06:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 06:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 06:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 06:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2008-09-18 08:09 174 a--sh--- c:\program files\desktop.ini
2008-09-18 01:37 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-02 17:42 88 ---shr-- c:\windows\system32\F911BFEE74.sys
2008-08-02 17:43 3,452 a--sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 16:05:51.05 ===============
RootRepeal LOG
OOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/11 16:08
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x83310000 Size: 778240 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAED6F000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1252 Status: Locked to the Windows API!
SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x87956bf8
#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x87956c78
#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x87955778
#: 054 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x878c1a50
#: 064 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x855f6218
#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x87956670
#: 072 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x855fdc38
#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x855fdbc0
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x87955908
#: 123 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x855f61a0
#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x855fdcb0
#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8794c668
#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x87956740
#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x87956800
#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x87955388
#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x879565b0
#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x87955848
#: 202 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x87955160
#: 255 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x855fd788
#: 261 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x855fd620
#: 267 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x855fde18
#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x878fcac0
#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x87956fd0
#: 293 Function Name: NtSetDefaultUILanguage
Status: Hooked by "<unknown>" at address 0x855fd878
#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x87955230
#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x87956f00
#: 307 Function Name: NtSetInformationToken
Status: Hooked by "<unknown>" at address 0x855fdda0
#: 309 Function Name: NtSetIoCompletion
Status: Hooked by "<unknown>" at address 0x855fdad0
#: 310 Function Name: NtSetLdtEntries
Status: Hooked by "<unknown>" at address 0x855fd8f0
#: 328 Function Name: NtStartProfile
Status: Hooked by "<unknown>" at address 0x855fdd28
#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x879564f0
#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x87956d80
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x878fc418
#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x87956e40
#: 338 Function Name: NtThawTransactions
Status: Hooked by "<unknown>" at address 0x855fdb48
#: 339 Function Name: NtTraceEvent
Status: Hooked by "<unknown>" at address 0x855fd968
#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8794c5e8
#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8794c738
#: 362 Function Name: NtReleaseKeyedEvent
Status: Hooked by "<unknown>" at address 0x855fd698
#: 389 Function Name: NtAcquireCMFViewOwnership
Status: Hooked by "<unknown>" at address 0x855fd5a8
==EOF==
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
This topic is locked
for the help you received.
