Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

problem with "win32.conflicker.c", can't access internet

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

problem with "win32.conflicker.c", can't access internet

Unread postby anonymity » September 21st, 2009, 11:58 pm

on my infected comp, every time it starts up there's a window that looks like windows firewall, saying it blocked a program called win32.conflicker.c. it gives three choices, unblock, keep blocking and enable protection - only enable protection is click-able, and there's a little blurb on the bottom of the window that says "download this file and enable protection" (i haven't clicked it, but the thing keeps popping up randomly)

whenever i open the internet, the interenet is blocked and my internet protection (Sophos) gives me a warning that a program "Mal/FakeAvHm-A" is trying to access the internet

below is the log from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:16 PM, on 9/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LMabcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavProgress.exe
C:\DOCUME~1\AARONK~1\LOCALS~1\Temp\{5416F967-3B2D-431E-82A8-A04AA2D2AAA4}\setup.exe
C:\Documents and Settings\All Users\Documents\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB03748 - {1CBC8587-1E29-4c2b-9739-D0E563905B32} - C:\PROGRA~1\E-CHOR~1\e-chords.dll (file missing)
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Auto Auto EPSON Stylus CX3800 Series on sony on TOSHIBA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P55 "Auto Auto EPSON Stylus CX3800 Series on sony on TOSHIBA" /O18 "\\TOSHIBA\AutoEPSO" /M "Stylus CX3800"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on HP-KO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P40 "Auto EPSON Stylus CX3800 Series on HP-KO" /O34 "\\HP-KO\EPSON Stylus CX3800 Series" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-21-3317301404-1498112257-1978763632-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Peter Ko')
O4 - HKUS\S-1-5-21-3317301404-1498112257-1978763632-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Peter Ko')
O4 - HKUS\S-1-5-21-3317301404-1498112257-1978763632-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Colleen Ko')
O4 - HKUS\S-1-5-21-3317301404-1498112257-1978763632-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Nathan Ko')
O4 - HKUS\S-1-5-21-3317301404-1498112257-1978763632-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ian Ko')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://vanmappub.vancouver.ca/download/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4153600093
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lmab_device - - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 19420 bytes
anonymity
Active Member
 
Posts: 13
Joined: September 21st, 2009, 11:40 pm
Advertisement
Register to Remove

Re: problem with "win32.conflicker.c", can't access internet

Unread postby MWR 3 day Mod » September 25th, 2009, 3:58 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: problem with "win32.conflicker.c", can't access internet

Unread postby francis327 » September 27th, 2009, 9:33 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hi, Welcome to the Malware Removal.
My name is Francis, and I'll be helping you with your malware problems.
HijackThis logs can take a while to research, so please be patient.

Before we begin...please note the following important guidelines.
  1. The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. Please, if you have questions about something...ASK, don't guess or assume.
  3. Please -only- post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  4. Please -only- reply to this thread, do not start another!
  5. Please do not run any other fix/removal tools unless instructed to do so!
  6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  7. Please, continue responding, until I give you the "All Clean"

All my fixes are being supervised by my teacher and their approval is needed before i can post to you, therefore do expect some delay in replies.

No reply after 3 days in your thread will result in your topic being closed
Please notify me in advance if you are not able to reply me within 3 days


If you agree with the above terms and condition, we shall begin

Disclaimer: Given the nature of the infections that were present on the machine, I give no guarantees about the security of this computer and have to the best of my abilities tried to both identify and eradicate all malware.


1 - HJT Uninstall List
Please run HijackThis
If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.

  • From the Main Menu...Press the "Open the Misc Tools"...button.
  • Press the "Open Uninstall Manager... button.
  • Press only the Save List...button.
  • Press the "Save" button.
    The file "uninstall_list.txt" will be saved in your HJT folder.
  • Copy and Paste the contents of "uninstall_list.txt' in your next reply.


2 - Status Check
To post in next reply:

  • Uninstall List
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: problem with "win32.conflicker.c", can't access internet

Unread postby anonymity » September 28th, 2009, 2:12 am

thanks for helping me out:

a question - when you say the instructions should only be used on "my" comp and system only, you're referring to the comp that's infected right? i just want to make sure......i disconnected it from my network just in case, and i'm using a different comp to access the internet
anonymity
Active Member
 
Posts: 13
Joined: September 21st, 2009, 11:40 pm

Re: problem with "win32.conflicker.c", can't access internet

Unread postby francis327 » September 28th, 2009, 3:13 am

Hi,
thanks for the reply.

a question - when you say the instructions should only be used on "my" comp and system only, you're referring to the comp that's infected right? i just want to make sure......i disconnected it from my network just in case, and i'm using a different comp to access the internet

Yes. I meant the computer that is infected. Thank you for informing myself that you are accessing the internet through another computer.
I will have you download the tools needed through this clean computer and then transferred to the infected computer for fixing purposes whenever necessary.
Please post back the information that myself have instructed you to do so.

francis
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: problem with "win32.conflicker.c", can't access internet

Unread postby anonymity » September 28th, 2009, 8:38 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Advertising Center
Age of Empires III
Age of Empires III - The WarChiefs
Agere Systems PCI Soft Modem
AnyDVD
ArcSoft Panorama Maker 3
ArcSoft PhotoImpression 5
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft Print Creations - Photo Calendar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoCAD 2007 - English
Autodesk DWF Viewer
Autodesk ImageModeler 2009
CDisplay 1.8
Chaotic
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.32
Compatibility Pack for the 2007 Office system
Condition Zero
Condition Zero Deleted Scenes
CONNECT
Counter-Strike
Counter-Strike Steamworks Beta
Counter-Strike(TM)
Critical Update for Windows Media Player 11 (KB959772)
Day of Defeat
Deathmatch Classic
DesignPro 5.4 Limited Edition
Digital Locker Assistant
Direct MIDI to MP3 Converter 3.0
DVD Shrink 3.2
DVgate Plus
Earthsim
E-Chords Toolbar
EmoDio
EmoDio
EmoDio TTS Engine for AmericanEnglish-Tom
EPSON Print CD
EPSON Printer Software
EPSON RX680 User's Guide
EPSON Scan
EPSON Stylus Photo RX680 Series Scanner Driver Update
ExtractNow
Frontline Systems Premium Solver for Education V7.0
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
Garmin POI Loader
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Half-Life 2: Episode One
Half-Life 2: Episode Two
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Converter 2
ImageModeler2009 AdLM
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for VAIO
InterVideo WinDVDX
J2SE Runtime Environment 5.0
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lexmark Software Uninstall
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MID Converter 4.2
MoodLogic
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MyFreeCodec
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
NHL® 09
Nikon Message Center
Oblivion
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org Installer 1.0
PictureGear Studio 2.0
PictureProject
Portal
PowerISO
Protected Music Converter 1.0.0.9
Quicken 2005
QuickTax 2006
QuickTax 2007
QuickTime
Realtek High Definition Audio Driver
RPS CRT
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic RecordNow!
SonicStage 4.3
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony Video Shared Library
Sophos Anti-Virus
Sophos AutoUpdate
SST Programming Software
Star Wars Battlefront II
Star Wars Empire at War
Starcraft
Steam
Suite Specific
TELUS security advisor 2.0.21
TextMaker Viewer
The Battle for Middle-earth (tm) II
The Lord of the Rings, The Rise of the Witch-king
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Launcher
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion SD Wide Contents
VAIO Registration
VAIO Structure Wallpaper
VAIO Survey Standalone
VAIO Update 3
VAIO Zone
VAIO Zone Remote Commander
Windows Backup Utility
Windows Defender
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Xvid 1.1.3 final uninstall
anonymity
Active Member
 
Posts: 13
Joined: September 21st, 2009, 11:40 pm

Re: problem with "win32.conflicker.c", can't access internet

Unread postby francis327 » September 28th, 2009, 10:18 pm

Hi, thanks for the reply.
I am awaiting reply from a teacher to approve my fix.
This will take some time as the forum is busy.
Please hold on there. I have not forget you if i fail to make a reply in a day or two.

Sorry for inconvenient caused.

francis327
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: problem with "win32.conflicker.c", can't access internet

Unread postby anonymity » September 30th, 2009, 10:27 pm

thank you for helping

i'll just be waiting
anonymity
Active Member
 
Posts: 13
Joined: September 21st, 2009, 11:40 pm

Re: problem with "win32.conflicker.c", can't access internet

Unread postby Carolyn » October 1st, 2009, 11:43 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.



Step 1

Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt
  3. Gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: problem with "win32.conflicker.c", can't access internet

Unread postby anonymity » October 3rd, 2009, 4:27 pm

For Attach it says:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.........should i post it with the rest of the .txts or zip and attach?

DDS

DDS (Ver_09-09-29.01) - NTFSx86
Run by Aaron Ko at 9:01:04.35 on Sat 10/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.779 [GMT -7:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LMabcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
K:\FIX\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: XBTB03748 Class: {1cbc8587-1e29-4c2b-9739-d0e563905b32} - c:\progra~1\e-chor~1\e-chords.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Profiler] c:\program files\saitek\software\Profiler.exe
mRun: [SaiSmart] c:\program files\saitek\software\SaiSmart.exe
mRun: [TELUS_eCare_Lite_McciTrayApp] c:\program files\telus_ecare_lite\eCareTrayApp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Auto Auto EPSON Stylus CX3800 Series on sony on TOSHIBA] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p55 "auto auto epson stylus cx3800 series on sony on toshiba" /o18 "\\toshiba\AutoEPSO" /M "Stylus CX3800"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Auto EPSON Stylus CX3800 Series on HP-KO] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p40 "auto epson stylus cx3800 series on hp-ko" /o34 "\\hp-ko\EPSON Stylus CX3800 Series" /M "Stylus CX3800"
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [realtekc] "c:\documents and settings\nathan ko\application data\gmail\cssxo9416223.exe" 2
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://vanmappub.vancouver.ca/download/mgaxctrl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 4153600093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZI ... b56649.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Ba ... b57213.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-9-21 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-9-21 38528]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-20 935208]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-9-21 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2009-9-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-9-11 172032]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\nathan~1\locals~1\temp\DCDE0.tmp [2009-9-19 21264]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2007-12-14 55936]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2007-12-14 19456]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-9-21 14976]

=============== Created Last 30 ================

2009-09-21 17:47 130,104 a------- c:\windows\system32\sdccoinstaller.dll
2009-09-21 17:46 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-09-21 17:46 23,552 a------- c:\windows\system32\sophosboottasks.exe
2009-09-21 17:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sophos
2009-09-21 17:44 14,976 a------- c:\windows\system32\drivers\SophosBootDriver.sys
2009-09-21 17:43 38,528 a------- c:\windows\system32\drivers\savonaccessfilter.sys
2009-09-21 17:42 110,848 a------- c:\windows\system32\drivers\savonaccesscontrol.sys
2009-09-21 17:41 <DIR> --d----- c:\program files\Sophos
2009-09-21 17:41 <DIR> --d----- c:\temp\Sophos
2009-09-21 17:40 <DIR> --d----- C:\Temp
2009-09-19 13:46 54,156 a---h--- c:\windows\QTFont.qfn
2009-09-19 13:46 1,409 a------- c:\windows\QTFont.for
2009-09-09 17:43 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-09-21 20:35 48,896,544 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-21 20:35 1,652,768 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-09-21 20:35 655,940 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-21 20:35 155,996 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-05-19 20:55 34 a------- c:\documents and settings\aaron ko\jagex_runescape_preferences.dat
2008-11-07 01:03 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-11-07 01:03 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2008-10-27 22:41 157,368 a------- c:\docume~1\aaronk~1\applic~1\GDIPFONTCACHEV1.DAT
2008-08-30 21:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 9:02:01.04 ===============




GMER

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-03 13:21:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\AARONK~1\LOCALS~1\Temp\pxtdypob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0125949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0125C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0125D3B0]
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ws2_32.dll!send 71AB4C27 5 Bytes JMP 012598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01259CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01259E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0215949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0215C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 021598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02159CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02159E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0215D3B0]
.text C:\program files\steam\steam.exe[2616] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 042B949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\program files\steam\steam.exe[2616] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 042BC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\program files\steam\steam.exe[2616] WS2_32.dll!send 71AB4C27 5 Bytes JMP 042B98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\program files\steam\steam.exe[2616] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 042B9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\program files\steam\steam.exe[2616] WS2_32.dll!recv 71AB676F 5 Bytes JMP 042B9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\program files\steam\steam.exe[2616] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x042BD3B0]
.text C:\WINDOWS\Explorer.EXE[2996] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0174949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\Explorer.EXE[2996] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0174C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\Explorer.EXE[2996] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017498E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\Explorer.EXE[2996] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01749CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\Explorer.EXE[2996] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01749E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\Explorer.EXE[2996] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0174D3B0]
.text C:\WINDOWS\AGRSMMSG.exe[3136] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BE949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\AGRSMMSG.exe[3136] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00BEC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\AGRSMMSG.exe[3136] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00BED3B0]
.text C:\WINDOWS\AGRSMMSG.exe[3136] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00BE98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\AGRSMMSG.exe[3136] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BE9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\AGRSMMSG.exe[3136] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00BE9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DC949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00DCC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00DCD3B0]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DC98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00DC9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CD949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00CDC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\SOUNDMAN.EXE[3240] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00CDD3B0]
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00CD98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CD9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00CD9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009F949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 009FC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x009FD3B0]
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ws2_32.dll!send 71AB4C27 5 Bytes JMP 009F98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 009F9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ws2_32.dll!recv 71AB676F 5 Bytes JMP 009F9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 019B949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 019BC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x019BD3B0]
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ws2_32.dll!send 71AB4C27 5 Bytes JMP 019B98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 019B9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ws2_32.dll!recv 71AB676F 5 Bytes JMP 019B9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0108949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0108C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010898E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01089CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01089E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0108D3B0]
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012C949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 012CC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x012CD3B0]
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ws2_32.dll!send 71AB4C27 5 Bytes JMP 012C98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012C9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ws2_32.dll!recv 71AB676F 5 Bytes JMP 012C9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B3949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00B3C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00B3D3B0]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00B398E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B39CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00B39E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 037F949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 037FC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x037FD3B0]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ws2_32.dll!send 71AB4C27 5 Bytes JMP 037F98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 037F9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ws2_32.dll!recv 71AB676F 5 Bytes JMP 037F9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C6949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00C6C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00C6D3B0]
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00C698E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C69CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00C69E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BC949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00BCC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00BCD3B0]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00BC98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BC9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00BC9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0105949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0105C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0105D3B0]
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ws2_32.dll!send 71AB4C27 5 Bytes JMP 010598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01059CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01059E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011C949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 011CC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x011CD3B0]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ws2_32.dll!send 71AB4C27 5 Bytes JMP 011C98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011C9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ws2_32.dll!recv 71AB676F 5 Bytes JMP 011C9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01CA949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 01CAC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Windows Defender\MSASCui.exe[3588] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x01CAD3B0]
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01CA98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01CA9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01CA9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C8949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00C8C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Saitek\Software\Profiler.exe[3620] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00C8D3B0]
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00C898E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C89CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00C89E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BB949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00BBC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Saitek\Software\SaiSmart.exe[3644] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00BBD3B0]
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00BB98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BB9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00BB9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DE949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00DEC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00DED3B0]
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DE98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DE9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00DE9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\QuickTime\qttask.exe[3764] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0097949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\QuickTime\qttask.exe[3764] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0097C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\QuickTime\qttask.exe[3764] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0097D3B0]
.text C:\Program Files\QuickTime\qttask.exe[3764] ws2_32.dll!send 71AB4C27 5 Bytes JMP 009798E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\QuickTime\qttask.exe[3764] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00979CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\QuickTime\qttask.exe[3764] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00979E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0095949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0095C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0095D3B0]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ws2_32.dll!send 71AB4C27 5 Bytes JMP 009598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00959CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00959E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DD949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00DDC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00DDD3B0]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DD98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DD9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00DD9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DC949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00DCC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00DCD3B0]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DC98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00DC9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0098949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0098C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0098D3B0]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ws2_32.dll!send 71AB4C27 5 Bytes JMP 009898E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00989CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00989E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03F1949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 03F1C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03F198E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03F19CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03F19E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x03F1D3B0]
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0261949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0261C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] WS2_32.dll!send 71AB4C27 5 Bytes JMP 026198E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02619CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02619E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0261D3B0]
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A1949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00A1C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A198E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A19CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A19E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00A1D3B0]
.text C:\WINDOWS\system32\ctfmon.exe[4060] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A8949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\ctfmon.exe[4060] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00A8C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\system32\ctfmon.exe[4060] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00A8D3B0]
.text C:\WINDOWS\system32\ctfmon.exe[4060] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00A898E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\ctfmon.exe[4060] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A89CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\ctfmon.exe[4060] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00A89E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EA949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00EAC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EA98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EA9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EA9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00EAD3B0]
.text C:\WINDOWS\system32\notepad.exe[4240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AE949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4240] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00AEC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\system32\notepad.exe[4240] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00AED3B0]
.text C:\WINDOWS\system32\notepad.exe[4240] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00AE98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4240] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AE9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4240] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00AE9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03BB949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 03BBC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 3260531D C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
CODE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x03BBD3B0]
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ws2_32.dll!send 71AB4C27 5 Bytes JMP 03BB98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03BB9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ws2_32.dll!recv 71AB676F 5 Bytes JMP 03BB9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4368] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AE949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4368] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00AEC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\system32\notepad.exe[4368] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00AED3B0]
.text C:\WINDOWS\system32\notepad.exe[4368] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00AE98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4368] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AE9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4368] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00AE9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text K:\FIX\gmer.exe[4616] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C5949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text K:\FIX\gmer.exe[4616] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00C5C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE K:\FIX\gmer.exe[4616] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00C5D3B0]
.text K:\FIX\gmer.exe[4616] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00C598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text K:\FIX\gmer.exe[4616] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C59CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text K:\FIX\gmer.exe[4616] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00C59E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

---- Processes - GMER 1.0.15 ----

Process C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe (*** hidden *** ) 4052

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@realtekc "C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe" 2

---- EOF - GMER 1.0.15 ----
anonymity
Active Member
 
Posts: 13
Joined: September 21st, 2009, 11:40 pm

Re: problem with "win32.conflicker.c", can't access internet

Unread postby Carolyn » October 3rd, 2009, 7:07 pm

Please post the contents of attach.txt - I prefer that over attachments.

Thank you! :)
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: problem with "win32.conflicker.c", can't access internet

Unread postby anonymity » October 4th, 2009, 12:44 pm

attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/3/2007 3:28:02 PM
System Uptime: 10/3/2009 8:55:54 AM (1 hours ago)

Motherboard: Intel Corporation | | D915GAG
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 461 GiB total, 34.845 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP867: 6/28/2009 11:05:55 PM - Software Distribution Service 3.0
RP868: 6/29/2009 10:17:11 AM - Software Distribution Service 3.0
RP869: 6/29/2009 10:35:44 AM - Software Distribution Service 3.0
RP870: 6/30/2009 12:46:12 AM - Software Distribution Service 3.0
RP871: 6/30/2009 6:45:46 PM - Software Distribution Service 3.0
RP872: 6/30/2009 11:57:41 PM - Software Distribution Service 3.0
RP873: 7/1/2009 2:24:25 PM - Software Distribution Service 3.0
RP874: 7/2/2009 12:15:11 AM - Software Distribution Service 3.0
RP875: 7/2/2009 11:43:26 AM - Software Distribution Service 3.0
RP876: 7/2/2009 12:14:35 PM - Software Distribution Service 3.0
RP877: 7/3/2009 1:02:02 AM - Software Distribution Service 3.0
RP878: 7/4/2009 12:43:01 AM - Software Distribution Service 3.0
RP879: 7/5/2009 12:59:39 AM - Software Distribution Service 3.0
RP880: 7/5/2009 4:19:25 PM - Removed NHL® 08
RP881: 7/5/2009 4:24:23 PM - Removed SPORE™
RP882: 7/5/2009 4:26:12 PM - Removed STATGRAPHICS Centurion XV
RP883: 7/5/2009 4:27:45 PM - Removed Star Wars(R) Knights of the Old Republic(R) II: The Sith
RP884: 7/5/2009 4:31:50 PM - Removed Medieval II Total War
RP885: 7/6/2009 1:36:53 AM - Software Distribution Service 3.0
RP886: 7/6/2009 11:03:39 AM - Software Distribution Service 3.0
RP887: 7/7/2009 3:00:21 AM - Software Distribution Service 3.0
RP888: 7/7/2009 3:48:52 AM - Software Distribution Service 3.0
RP889: 7/7/2009 10:07:18 AM - Software Distribution Service 3.0
RP890: 7/7/2009 11:49:07 PM - Software Distribution Service 3.0
RP891: 7/9/2009 9:17:52 AM - Software Distribution Service 3.0
RP892: 7/10/2009 12:19:53 AM - Software Distribution Service 3.0
RP893: 7/10/2009 12:34:17 PM - Software Distribution Service 3.0
RP894: 7/11/2009 12:52:51 AM - Software Distribution Service 3.0
RP895: 7/11/2009 7:10:41 PM - Software Distribution Service 3.0
RP896: 7/12/2009 12:39:53 PM - Software Distribution Service 3.0
RP897: 7/13/2009 1:10:14 AM - Software Distribution Service 3.0
RP898: 7/13/2009 12:29:31 PM - Software Distribution Service 3.0
RP899: 7/13/2009 1:00:01 PM - Software Distribution Service 3.0
RP900: 7/14/2009 12:26:22 AM - Software Distribution Service 3.0
RP901: 7/15/2009 1:56:14 AM - Software Distribution Service 3.0
RP902: 7/15/2009 10:12:11 AM - Software Distribution Service 3.0
RP903: 7/15/2009 9:24:37 PM - Installed Connect Service
RP904: 7/15/2009 10:34:37 PM - Software Distribution Service 3.0
RP905: 7/16/2009 1:35:49 AM - Software Distribution Service 3.0
RP906: 8/2/2009 12:18:20 PM - Software Distribution Service 3.0
RP907: 8/2/2009 12:25:25 PM - Software Distribution Service 3.0
RP908: 8/2/2009 6:27:19 PM - Software Distribution Service 3.0
RP909: 8/3/2009 5:39:23 PM - Software Distribution Service 3.0
RP910: 8/4/2009 2:39:57 PM - Software Distribution Service 3.0
RP911: 8/4/2009 5:30:29 PM - Software Distribution Service 3.0
RP912: 8/4/2009 5:58:06 PM - Software Distribution Service 3.0
RP913: 8/5/2009 9:14:28 AM - Software Distribution Service 3.0
RP914: 8/5/2009 4:45:13 PM - Software Distribution Service 3.0
RP915: 8/5/2009 9:34:11 PM - Software Distribution Service 3.0
RP916: 8/6/2009 6:34:25 PM - Software Distribution Service 3.0
RP917: 8/6/2009 9:55:12 PM - Software Distribution Service 3.0
RP918: 8/7/2009 9:48:44 AM - Software Distribution Service 3.0
RP919: 8/8/2009 12:03:36 AM - Software Distribution Service 3.0
RP920: 8/8/2009 10:33:44 AM - Software Distribution Service 3.0
RP921: 8/8/2009 8:35:12 PM - Software Distribution Service 3.0
RP922: 8/9/2009 9:38:21 PM - System Checkpoint
RP923: 8/10/2009 1:05:27 AM - Software Distribution Service 3.0
RP924: 8/10/2009 7:58:54 AM - Software Distribution Service 3.0
RP925: 8/10/2009 1:13:06 PM - Software Distribution Service 3.0
RP926: 8/10/2009 2:46:49 PM - Software Distribution Service 3.0
RP927: 8/10/2009 4:06:15 PM - Software Distribution Service 3.0
RP928: 8/10/2009 11:25:42 PM - Software Distribution Service 3.0
RP929: 8/12/2009 11:02:58 PM - Software Distribution Service 3.0
RP930: 8/13/2009 4:00:41 PM - Software Distribution Service 3.0
RP931: 8/13/2009 11:50:58 PM - Software Distribution Service 3.0
RP932: 8/14/2009 9:52:44 AM - Software Distribution Service 3.0
RP933: 8/14/2009 10:34:06 AM - Software Distribution Service 3.0
RP934: 8/15/2009 8:56:45 PM - System Checkpoint
RP935: 8/15/2009 11:40:38 PM - Software Distribution Service 3.0
RP936: 8/16/2009 6:47:47 PM - Software Distribution Service 3.0
RP937: 8/16/2009 11:48:37 PM - Software Distribution Service 3.0
RP938: 8/17/2009 1:38:54 PM - Software Distribution Service 3.0
RP939: 8/17/2009 1:40:20 PM - Software Distribution Service 3.0
RP940: 8/18/2009 12:57:03 AM - Software Distribution Service 3.0
RP941: 8/18/2009 1:53:30 PM - Software Distribution Service 3.0
RP942: 8/19/2009 3:00:18 AM - Software Distribution Service 3.0
RP943: 8/19/2009 10:25:18 AM - Software Distribution Service 3.0
RP944: 8/19/2009 6:26:01 PM - Software Distribution Service 3.0
RP945: 8/20/2009 12:17:39 AM - Software Distribution Service 3.0
RP946: 8/20/2009 5:04:09 PM - Software Distribution Service 3.0
RP947: 8/20/2009 11:42:20 PM - Software Distribution Service 3.0
RP948: 8/21/2009 10:19:55 PM - Installed Nero 9 Essentials 4.4.9.0
RP949: 8/22/2009 4:15:15 PM - Software Distribution Service 3.0
RP950: 8/23/2009 12:04:55 AM - Software Distribution Service 3.0
RP951: 8/23/2009 10:09:09 AM - Software Distribution Service 3.0
RP952: 8/24/2009 12:18:32 AM - Software Distribution Service 3.0
RP953: 8/24/2009 9:02:57 AM - Software Distribution Service 3.0
RP954: 8/24/2009 2:03:38 PM - Software Distribution Service 3.0
RP955: 8/24/2009 6:16:46 PM - Software Distribution Service 3.0
RP956: 8/24/2009 11:57:35 PM - Software Distribution Service 3.0
RP957: 8/25/2009 10:15:58 AM - Software Distribution Service 3.0
RP958: 8/25/2009 11:25:41 PM - Software Distribution Service 3.0
RP959: 8/26/2009 10:12:49 AM - Software Distribution Service 3.0
RP960: 8/26/2009 3:08:40 PM - Software Distribution Service 3.0
RP961: 8/26/2009 3:49:22 PM - Software Distribution Service 3.0
RP962: 8/27/2009 12:11:55 AM - Software Distribution Service 3.0
RP963: 8/27/2009 8:49:29 AM - Software Distribution Service 3.0
RP964: 8/27/2009 2:17:29 PM - Software Distribution Service 3.0
RP965: 8/27/2009 6:57:43 PM - Software Distribution Service 3.0
RP966: 8/27/2009 11:16:11 PM - Software Distribution Service 3.0
RP967: 8/28/2009 9:03:16 AM - Software Distribution Service 3.0
RP968: 8/28/2009 12:22:26 PM - Software Distribution Service 3.0
RP969: 8/28/2009 8:10:13 PM - Software Distribution Service 3.0
RP970: 8/29/2009 12:26:47 AM - Software Distribution Service 3.0
RP971: 8/29/2009 11:44:10 PM - Software Distribution Service 3.0
RP972: 8/31/2009 12:02:24 AM - System Checkpoint
RP973: 8/31/2009 12:38:23 AM - Software Distribution Service 3.0
RP974: 8/31/2009 8:46:38 AM - Software Distribution Service 3.0
RP975: 8/31/2009 3:57:43 PM - Software Distribution Service 3.0
RP976: 8/31/2009 7:22:49 PM - Software Distribution Service 3.0
RP977: 8/31/2009 11:54:08 PM - Software Distribution Service 3.0
RP978: 9/1/2009 10:27:06 AM - Software Distribution Service 3.0
RP979: 9/2/2009 12:12:25 AM - Software Distribution Service 3.0
RP980: 9/2/2009 11:35:39 PM - Software Distribution Service 3.0
RP981: 9/3/2009 10:26:01 AM - Software Distribution Service 3.0
RP982: 9/3/2009 1:03:33 PM - Software Distribution Service 3.0
RP983: 9/3/2009 11:59:41 PM - Software Distribution Service 3.0
RP984: 9/4/2009 12:22:36 PM - Software Distribution Service 3.0
RP985: 9/4/2009 7:01:22 PM - Software Distribution Service 3.0
RP986: 9/5/2009 12:24:06 AM - Installed DirectX
RP987: 9/5/2009 12:52:40 AM - Software Distribution Service 3.0
RP988: 9/5/2009 7:14:44 PM - Software Distribution Service 3.0
RP989: 9/6/2009 12:17:25 AM - Software Distribution Service 3.0
RP990: 9/6/2009 2:27:58 PM - Software Distribution Service 3.0
RP991: 9/7/2009 12:51:48 AM - Software Distribution Service 3.0
RP992: 9/7/2009 9:56:29 AM - Software Distribution Service 3.0
RP993: 9/7/2009 10:04:00 AM - Software Distribution Service 3.0
RP994: 9/7/2009 6:18:38 PM - Software Distribution Service 3.0
RP995: 9/7/2009 11:07:31 PM - Software Distribution Service 3.0
RP996: 9/9/2009 6:52:59 PM - System Checkpoint
RP997: 9/9/2009 11:20:07 PM - Software Distribution Service 3.0
RP998: 9/10/2009 9:29:22 AM - Software Distribution Service 3.0
RP999: 9/10/2009 2:40:33 PM - Software Distribution Service 3.0
RP1000: 9/10/2009 11:32:14 PM - Software Distribution Service 3.0
RP1001: 9/12/2009 12:26:01 AM - Software Distribution Service 3.0
RP1002: 9/12/2009 10:19:41 AM - Software Distribution Service 3.0
RP1003: 9/12/2009 2:48:40 PM - Software Distribution Service 3.0
RP1004: 9/12/2009 7:11:30 PM - Software Distribution Service 3.0
RP1005: 9/13/2009 12:13:50 AM - Software Distribution Service 3.0
RP1006: 9/13/2009 10:02:00 AM - Software Distribution Service 3.0
RP1007: 9/13/2009 2:54:55 PM - Software Distribution Service 3.0
RP1008: 9/13/2009 10:12:17 PM - Software Distribution Service 3.0
RP1009: 9/14/2009 6:13:42 PM - Software Distribution Service 3.0
RP1010: 9/15/2009 12:30:40 AM - Software Distribution Service 3.0
RP1011: 9/15/2009 3:03:10 PM - Software Distribution Service 3.0
RP1012: 9/15/2009 7:17:44 PM - Software Distribution Service 3.0
RP1013: 9/16/2009 8:35:00 PM - System Checkpoint
RP1014: 9/16/2009 9:52:32 PM - Software Distribution Service 3.0
RP1015: 9/17/2009 3:47:53 PM - Software Distribution Service 3.0
RP1016: 9/17/2009 10:41:03 PM - Software Distribution Service 3.0
RP1017: 9/18/2009 10:48:07 PM - System Checkpoint
RP1018: 9/18/2009 11:33:47 PM - Software Distribution Service 3.0
RP1019: 9/19/2009 4:45:33 PM - Installed Windows XP KB958644.
RP1020: 9/19/2009 4:46:58 PM - Installed Windows XP KB958644.
RP1021: 9/19/2009 6:49:45 PM - Software Distribution Service 3.0
RP1022: 9/19/2009 8:22:52 PM - Software Distribution Service 3.0
RP1023: 9/19/2009 11:48:57 PM - Software Distribution Service 3.0
RP1024: 9/20/2009 2:37:26 PM - Installed Windows XP KB958644.
RP1025: 9/21/2009 5:08:30 PM - Software Distribution Service 3.0
RP1026: 9/21/2009 5:11:49 PM - Software Distribution Service 3.0
RP1027: 9/21/2009 5:41:28 PM - Installed Sophos AutoUpdate
RP1028: 9/21/2009 9:51:04 PM - Removed Sophos AutoUpdate
RP1029: 9/21/2009 9:51:47 PM - Installed Sophos AutoUpdate
RP1030: 9/22/2009 1:01:36 AM - Software Distribution Service 3.0
RP1031: 9/22/2009 12:58:42 PM - Software Distribution Service 3.0
RP1032: 9/26/2009 4:37:07 PM - System Checkpoint
RP1033: 9/26/2009 6:14:13 PM - Software Distribution Service 3.0
RP1034: 9/28/2009 8:08:39 PM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Adobe® Photoshop® Album Starter Edition 3.2
Advertising Center
Age of Empires III
Age of Empires III - The WarChiefs
Agere Systems PCI Soft Modem
AnyDVD
ArcSoft Panorama Maker 3
ArcSoft PhotoImpression 5
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft Print Creations - Photo Calendar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoCAD 2007 - English
Autodesk DWF Viewer
Autodesk ImageModeler 2009
BitTorrent
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Thai
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help Japanese
CCC Help Korean
CCC Help Thai
CDisplay 1.8
Chaotic
Click to DVD 2.0.03 Menu Data
Click to DVD 2.4.12
Click to DVD 2.5.32
Compatibility Pack for the 2007 Office system
Condition Zero
Condition Zero Deleted Scenes
CONNECT
ContentSAFER for Wizmax
Counter-Strike
Counter-Strike Steamworks Beta
Counter-Strike(TM)
Critical Update for Windows Media Player 11 (KB959772)
Day of Defeat
Deathmatch Classic
DesignPro 5.4 Limited Edition
Digital Locker Assistant
Direct MIDI to MP3 Converter 3.0
DVD Shrink 3.2
DVgate Plus
E-Chords Toolbar
Earthsim
EmoDio
EmoDio TTS Engine for AmericanEnglish-Tom
EPSON Print CD
EPSON Printer Software
EPSON RX680 User's Guide
EPSON Scan
EPSON Stylus Photo RX680 Series Scanner Driver Update
ExtractNow
Frontline Systems Premium Solver for Education V7.0
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
Garmin POI Loader
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Half-Life 2: Episode One
Half-Life 2: Episode Two
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Converter 2
ImageModeler2009 AdLM
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for VAIO
InterVideo WinDVDX
ISScript
J2SE Runtime Environment 5.0
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lexmark Software Uninstall
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Halo
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MID Converter 4.2
MoodLogic
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MyFreeCodec
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
NHL® 09
Nikon Message Center
Oblivion
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org Installer 1.0
PictureGear Studio 2.0
PictureProject
Portal
PowerISO
Protected Music Converter 1.0.0.9
Quicken 2005
QuickTax 2006
QuickTax 2007
QuickTime
Realtek High Definition Audio Driver
RPS CRT
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skins
Sonic RecordNow!
SonicStage 4.3
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony Video Shared Library
Sophos Anti-Virus
Sophos AutoUpdate
SST Programming Software
Star Wars Battlefront II
Star Wars Empire at War
Starcraft
Steam
Suite Specific
TELUS security advisor 2.0.21
TextMaker Viewer
The Battle for Middle-earth (tm) II
The Lord of the Rings, The Rise of the Witch-king
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Launcher
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion SD Wide Contents
VAIO Registration
VAIO Structure Wallpaper
VAIO Survey Standalone
VAIO Update 3
VAIO Zone
VAIO Zone Remote Commander
WebFldrs XP
Windows Backup Utility
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

9/26/2009 6:14:33 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
9/26/2009 3:37:35 PM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
anonymity
Active Member
 
Posts: 13
Joined: September 21st, 2009, 11:40 pm

Re: problem with "win32.conflicker.c", can't access internet

Unread postby Carolyn » October 5th, 2009, 5:14 pm

Hello,

With reference to Malware Removal P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate uTorrent and click on the Change/Remove button to uninstall it.
  3. Repeat for BitTorrent and and any other P2P programs that you may have installed.
  4. Close Add/Remove Programs and Control Panel when done.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: problem with "win32.conflicker.c", can't access internet

Unread postby anonymity » October 7th, 2009, 9:37 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Advertising Center
Age of Empires III
Age of Empires III - The WarChiefs
Agere Systems PCI Soft Modem
AnyDVD
ArcSoft Panorama Maker 3
ArcSoft PhotoImpression 5
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft Print Creations - Photo Calendar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoCAD 2007 - English
Autodesk DWF Viewer
Autodesk ImageModeler 2009
CDisplay 1.8
Chaotic
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.32
Compatibility Pack for the 2007 Office system
Condition Zero
Condition Zero Deleted Scenes
CONNECT
Counter-Strike
Counter-Strike Steamworks Beta
Counter-Strike(TM)
Critical Update for Windows Media Player 11 (KB959772)
Day of Defeat
Deathmatch Classic
DesignPro 5.4 Limited Edition
Digital Locker Assistant
Direct MIDI to MP3 Converter 3.0
DVD Shrink 3.2
DVgate Plus
Earthsim
E-Chords Toolbar
EmoDio
EmoDio
EmoDio TTS Engine for AmericanEnglish-Tom
EPSON Print CD
EPSON Printer Software
EPSON RX680 User's Guide
EPSON Scan
EPSON Stylus Photo RX680 Series Scanner Driver Update
ExtractNow
Frontline Systems Premium Solver for Education V7.0
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
Garmin POI Loader
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Half-Life 2: Episode One
Half-Life 2: Episode Two
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Image Converter 2
ImageModeler2009 AdLM
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for VAIO
InterVideo WinDVDX
J2SE Runtime Environment 5.0
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lexmark Software Uninstall
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MID Converter 4.2
MoodLogic
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MyFreeCodec
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
NHL® 09
Nikon Message Center
Oblivion
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org Installer 1.0
PictureGear Studio 2.0
PictureProject
Portal
PowerISO
Protected Music Converter 1.0.0.9
Quicken 2005
QuickTax 2006
QuickTax 2007
QuickTime
Realtek High Definition Audio Driver
RPS CRT
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic RecordNow!
SonicStage 4.3
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library
Sony Video Shared Library
Sophos Anti-Virus
Sophos AutoUpdate
SST Programming Software
Star Wars Battlefront II
Star Wars Empire at War
Starcraft
Steam
Suite Specific
TELUS security advisor 2.0.21
TextMaker Viewer
The Battle for Middle-earth (tm) II
The Lord of the Rings, The Rise of the Witch-king
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Launcher
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion SD Wide Contents
VAIO Registration
VAIO Structure Wallpaper
VAIO Survey Standalone
VAIO Update 3
VAIO Zone
VAIO Zone Remote Commander
Windows Backup Utility
Windows Defender
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Xvid 1.1.3 final uninstall
anonymity
Active Member
 
Posts: 13
Joined: September 21st, 2009, 11:40 pm

Re: problem with "win32.conflicker.c", can't access internet

Unread postby Carolyn » October 8th, 2009, 8:09 am

Hello,

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware