BleepingComputer.com: xp only boots in last known good configuration

Hello, you guys have been great before, so i am asking for help again,

when I try to start my computer normally, it either freezes on the selection of which user page on xp start up or goes thru it after a long wait then shows the desktop picture only, and the cusror no icons or anything else, sometimes if I press cntl,alt,del it shows me task master doing something but not often, The only way I can get icon on the screen is if I start in last good configuration mode, but this make the bar on the bottom grey and the start button grey, also it comes up with fault window sometimes asking if i want to send the data, then the machine stalls, cursor moves still and start will open but no other window can be opened and machine wont shutdown, only on power off. Can some one please offer some advice or a cure?

Thanks in advance Jase

This post has been edited by hamluis: 09 May 2011 - 10:39 AM
Reason for edit: Moved from XP to Am I Infected.

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

Quote

SUPERAntiSpyware:

Quote

Now GMER

Quote

Hello,

Ok I have done all three things here are the logs sorry it took so long they took a while to do!

Regards
Jase
MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6523

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/8/2011 7:45:09 PM
mbam-log-2011-05-08 (19-45-09).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 325848
Time elapsed: 50 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper (Hijack.Wallpaper) -> Value: Wallpaper -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Emily\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\documents and settings\Emily\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\documents and settings\Emily\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Emily\local settings\Temp\~nsu.tmp\whitesmoke-silent.exe (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Emily\local settings\Temp\~nsu.tmp\whitesmoketranslator_rev1.exe (PUP.WhiteSmoke) -> Not selected for removal.
c:\documents and settings\Emily\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\documents and settings\Emily\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\documents and settings\Emily\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\documents and settings\Emily\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\documents and settings\Emily\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.


SUPERSPYWARE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2011 at 00:27 AM

Application Version : 4.52.1000

Core Rules Database Version : 7012
Trace Rules Database Version: 4824

Scan type : Complete Scan
Total Scan Time : 02:06:15

Memory items scanned : 274
Memory threats detected : 0
Registry items scanned : 9467
Registry threats detected : 44
File items scanned : 106847
File threats detected : 315

Trojan.Agent/Gen-Falprod
[ISUSPM] C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
[GrooveMonitor] C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE
[iTunesHelper] C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
[SunJavaUpdateSched] C:\PROGRAM FILES\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
[StartCCC] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK .EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE
C:\WINDOWS\TEMP\TYHO\SETUP.EXE
C:\WINDOWS\TEMP\XGNT\SETUP.EXE
C:\WINDOWS\Prefetch\CLISTART.EXE-1CD75996.pf
C:\WINDOWS\Prefetch\GROOVEMONITOR.EXE-23AE9D0A.pf
C:\WINDOWS\Prefetch\ISUSPM .EXE-02271C75.pf
C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf
C:\WINDOWS\Prefetch\JUSCHED.EXE-0219AD6E.pf
C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf
C:\WINDOWS\Prefetch\WMPNSCFG.EXE-1B188668.pf

Adware.IWinGames
HKLM\Software\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID
HKCR\IEHlprObj.IEHlprObj.1
HKCR\IEHlprObj.IEHlprObj.1\CLSID
HKCR\IEHlprObj.IEHlprObj
HKCR\IEHlprObj.IEHlprObj\CurVer
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Adware.Gamevance
HKLM\Software\Classes\CLSID\{beaC7DC8-E106-4C6A-931E-5A42E7362883}
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\InprocServer32
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\InprocServer32#ThreadingModel
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ProgID
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\Programmable
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\TypeLib
HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\VersionIndependentProgID
HKCR\GamevanceText.Linker.1
HKCR\GamevanceText.Linker.1\CLSID
HKCR\GamevanceText.Linker
HKCR\GamevanceText.Linker\CLSID
HKCR\GamevanceText.Linker\CurVer
HKCR\TypeLib\{014C4232-6904-47B9-9144-7E0FB7277444}
C:\PROGRAM FILES\GAMEVANCE\GVTL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beaC7DC8-E106-4C6A-931E-5A42E7362883}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run#Gamevance [ C:\Program Files\Gamevance\gamevance32.exe a ]
HKCR\AppId\GamevanceText.DLL
HKCR\AppId\GamevanceText.DLL#AppID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance#DisplayIcon

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1482476501-413027322-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com
HKU\S-1-5-21-1482476501-413027322-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com#http

Adware.Tracking Cookie
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@apmebf[2].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@lucidmedia[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@invitemedia[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@kontera[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@uk.at.atwola[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator.NEVELS-XWG3IQ6Y\Cookies\administrator@ad.yieldmanager[2].txt
bc.youporn.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
cdn-www.pornhub.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
cdn.eyewonder.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
cdn4.specificclick.net [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
content.oddcast.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
convoad.technoratimedia.net [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
embed.pornrabbit.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
ia.media-imdb.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
interclick.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
media.kyte.tv [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
media.monster.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
media.mtvnservices.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
media.myfoxla.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
media.scanscout.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
media01.kyte.tv [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
media1.break.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
media1.clubpenguin.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
static.youporn.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
vidii.hardsextube.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
vidii2.hardsextube.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
www.pornhub.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
www.porntube.com [ C:\Documents and Settings\Emily\Application Data\Macromedia\Flash Player\#SharedObjects\FZL6MMG7 ]
C:\Documents and Settings\Emily\Cookies\emily@ads.ad4game[2].txt
C:\Documents and Settings\Emily\Cookies\emily@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Emily\Cookies\emily@adxpose[1].txt
C:\Documents and Settings\Emily\Cookies\emily@ar.atwola[1].txt
C:\Documents and Settings\Emily\Cookies\emily@ar.atwola[2].txt
C:\Documents and Settings\Emily\Cookies\emily@at.atwola[1].txt
C:\Documents and Settings\Emily\Cookies\emily@at.atwola[3].txt
C:\Documents and Settings\Emily\Cookies\emily@at.atwola[4].txt
C:\Documents and Settings\Emily\Cookies\emily@at.atwola[5].txt
C:\Documents and Settings\Emily\Cookies\emily@atwola[1].txt
C:\Documents and Settings\Emily\Cookies\emily@atwola[2].txt
C:\Documents and Settings\Emily\Cookies\emily@atwola[3].txt
C:\Documents and Settings\Emily\Cookies\emily@atwola[4].txt
C:\Documents and Settings\Emily\Cookies\emily@collective-media[1].txt
C:\Documents and Settings\Emily\Cookies\emily@g-pixel.invitemedia[1].txt
C:\Documents and Settings\Emily\Cookies\emily@invitemedia[1].txt
C:\Documents and Settings\Emily\Cookies\emily@invitemedia[2].txt
C:\Documents and Settings\Emily\Cookies\emily@invitemedia[3].txt
C:\Documents and Settings\Emily\Cookies\emily@kontera[1].txt
C:\Documents and Settings\Emily\Cookies\emily@lucidmedia[1].txt
C:\Documents and Settings\Emily\Cookies\emily@lucidmedia[2].txt
C:\Documents and Settings\Emily\Cookies\emily@lucidmedia[3].txt
C:\Documents and Settings\Emily\Cookies\emily@media6degrees[1].txt
C:\Documents and Settings\Emily\Cookies\emily@media6degrees[2].txt
C:\Documents and Settings\Emily\Cookies\emily@media6degrees[3].txt
C:\Documents and Settings\Emily\Cookies\emily@mediabrandsww[1].txt
C:\Documents and Settings\Emily\Cookies\emily@mediabrandsww[2].txt
C:\Documents and Settings\Emily\Cookies\emily@revsci[1].txt
C:\Documents and Settings\Emily\Cookies\emily@revsci[2].txt
C:\Documents and Settings\Emily\Cookies\emily@solvemedia[2].txt
C:\Documents and Settings\Emily\Cookies\emily@tacoda.at.atwola[1].txt
C:\Documents and Settings\Emily\Cookies\emily@tacoda.at.atwola[2].txt
C:\Documents and Settings\Emily\Cookies\emily@tacoda.at.atwola[3].txt
C:\Documents and Settings\Emily\Cookies\emily@tacoda.at.atwola[5].txt
C:\Documents and Settings\Emily\Cookies\emily@traveladvertising[2].txt
C:\Documents and Settings\Emily\Cookies\emily@uk.at.atwola[1].txt
C:\Documents and Settings\Emily\Cookies\emily@uk.at.atwola[2].txt
C:\Documents and Settings\Emily\Cookies\emily@uk.at.atwola[3].txt
C:\Documents and Settings\Emily\Cookies\emily@viewablemedia[2].txt
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VWVE3JQX ]
C:\Documents and Settings\LocalService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\system@citi.bridgetrack[1].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TMGDTBQB ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TMGDTBQB ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\TMGDTBQB ]
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.intergi[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thespecialsearch[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@counter.surfcounters[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@pixel.invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.orfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt

Rogue.InternetSecurity2010
HKU\S-1-5-21-1482476501-413027322-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run#Internet Security 2010 [ C:\Program Files\InternetSecurity2010\IS2010.exe ]


GMER

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-09 02:20:09
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3160021A rev.3.06
Running: r2cxrk4q.exe; Driver: C:\DOCUME~1\ADMINI~1.NEV\LOCALS~1\Temp\agnyaaoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text NDProxy.SYS F7A10000 20 Bytes [08, 03, 8B, 4D, 0C, 88, 47, ...]
.text NDProxy.SYS F7A10015 34 Bytes [3D, 00, 65, A1, F7, FF, D7, ...]
.text NDProxy.SYS F7A10038 25 Bytes [23, FF, D7, 33, C0, 40, 8D, ...]
.text NDProxy.SYS F7A10052 43 Bytes CALL F7A0F51D \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
.text NDProxy.SYS F7A1007E 36 Bytes [53, 56, 57, 8B, 7C, 24, 10, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[180] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\Explorer.EXE[180] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D9000A
.text C:\WINDOWS\Explorer.EXE[180] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C2000C
.text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B0000C
.text C:\WINDOWS\System32\svchost.exe[1084] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00FF000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ObfDereferenceObject] FF000001
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ExAllocatePool] 144EFFD3
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ExFreePoolWithTag] 01288688
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwClose] 8EEB0000
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwSetSystemInformation] 0D0C458B
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!swprintf] 00000088
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!RtlInitUnicodeString] 56184609
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDriver] 010C46C7
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ObMakeTemporaryObject] C7000000
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ExUuidCreate] 00030846
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!RtlStringFromGUID] D3E80000
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!PsGetVersion] E9000027
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!sprintf] FFFFFEFB
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 6C8B5553
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwSetInformationFile] 57561024
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwWriteFile] 20BFDB33
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwCreateFile] EBF7A169
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwQueryInformationFile] 18FD833C
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeQuerySystemTime] 068B4172
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!RtlTimeToTimeFields] A16920A3
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwDeleteFile] 047889F7
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwOpenFile] 69280DFF
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwReadFile] 186AF7A1
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!RtlIpv4StringToAddressExA] 5008468D
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!DbgPrint] 1C24448B
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeInsertQueue] FF50C303
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeRemoveQueue] A165A415
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeRundownQueue] 0CC483F7
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoFreeIrp] 6E406856
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeInitializeQueue] C383F7A1
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ObfReferenceObject] 18ED8318
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!PsCreateSystemThread] FFE82FE8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 20358BFF
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 3BF7A169
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IofCallDriver] 5FBA75F7
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwOpenSection] C38B5D5E
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwMapViewOfSection] 0008C25B
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!MmAllocatePagesForMdl] 51EC8B55
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00FC6583
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!MmUnmapLockedPages] 50FC458D
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!MmFreePagesFromMdl] FF08458B
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwUnmapViewOfSection] EBE82470
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!RtlHashUnicodeString] 84FFFFFA
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeSetEvent] B80A75C0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!RtlPrefixUnicodeString] C001200D
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoGetRelatedDeviceObject] 000090E9
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoAllocateIrp] 1D8B5300
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeInitializeEvent] [F7A16504] \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeWaitForSingleObject] FC758B56
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 24BE8D57
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 8B000001
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IofCompleteRequest] 88D3FFCF
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!PoCallDriver] 00012886
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ObReferenceObjectByName] 087E8300
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoDriverObjectType] 8A0C7402
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoEnumerateDeviceObjectList] FFCF8BD0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDevice] A1650015
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwCreateSection] F638EBF7
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwFlushVirtualMemory] 74041846
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwOpenKey] ADE85606
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwEnumerateKey] 8B000032
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwDeleteKey] 46890846
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwQueryKey] 0846C70C
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000004
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwLoadDriver] 0128968A
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwQueryDirectoryFile] CF8B0000
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwFsControlFile] 650015FF
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoDeleteDevice] B6FFF7A1
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwOpenDirectoryObject] 000000B4
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!ZwQueryDirectoryObject] 6A2076FF
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoGetDeviceObjectPointer] 5C15FF00
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!wcsrchr] 8BF7A165
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoAllocateWorkItem] 88D3FFCF
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeInitializeTimer] 00012886
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeInitializeDpc] 144EFF00
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!KeSetTimerEx] E8560875
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!_allmul] 00003148
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!_allshr] 968A0EEB
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!_aullrem] 00000128
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!memset] 15FFCF8B
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!memcpy] [F7A16500] \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] 35672D50
IAT C:\WINDOWS\Explorer.EXE[180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 35672CDA
IAT C:\WINDOWS\system32\svchost.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] 35672D50
IAT C:\WINDOWS\system32\svchost.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 35672CDA
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] 35672D50
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 35672CDA

---- Devices - GMER 1.0.15 ----

Device \Driver\Disk \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074 F7C51C51
Device \Device\Ide\IdeDeviceP2T0L0-1b -> \??\IDE#DiskST3160021A______________________________3.06____#4a3332535948524a202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Threads - GMER 1.0.15 ----

Thread System [4:144] F7C529AA

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled@iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Classes\.AudioCD\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.AudioCD\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.CTT@ MessengerContactList
Reg HKLM\SOFTWARE\Classes\.dvd\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.dvd\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.dvd\Shell
Reg HKLM\SOFTWARE\Classes\.dvd\Shell\Burn using DVD Decrypter
Reg HKLM\SOFTWARE\Classes\.dvd\Shell\Burn using DVD Decrypter\Command
Reg HKLM\SOFTWARE\Classes\.dvd\Shell\Burn using DVD Decrypter\Command@ "C:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE ISOWRITE /SOURCE "%1"
Reg HKLM\SOFTWARE\Classes\.Folder\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.Folder\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.gz@Content Type application/x-gzip
Reg HKLM\SOFTWARE\Classes\.gz\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.gz\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.mw0@ LunarMagicData0
Reg HKLM\SOFTWARE\Classes\.mw1@ LunarMagicData1
Reg HKLM\SOFTWARE\Classes\.mw2@ LunarMagicData2
Reg HKLM\SOFTWARE\Classes\.mw3@ LunarMagicData3
Reg HKLM\SOFTWARE\Classes\.mwl@ LunarMagicLevel
Reg HKLM\SOFTWARE\Classes\.tgz@Content Type application/x-compressed
Reg HKLM\SOFTWARE\Classes\.tgz\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.tgz\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\Installer.installerCtrl@ Toontown Installer ActiveX Control
Reg HKLM\SOFTWARE\Classes\Installer.installerCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\Installer.installerCtrl\CLSID@ {C02226EB-A5D7-4B1F-BD7E-635E46C2288D}
Reg HKLM\SOFTWARE\Classes\Installer.installerCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\Installer.installerCtrl\CurVer@ Installer.installerCtrl.1
Reg HKLM\SOFTWARE\Classes\Installer.installerCtrl.1@ Toontown Installer ActiveX Control
Reg HKLM\SOFTWARE\Classes\Installer.installerCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\Installer.installerCtrl.1\CLSID@ {C02226EB-A5D7-4B1F-BD7E-635E46C2288D}
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper@ InstallShield for Windows Installer ScriptWrapper
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper\CLSID
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper\CLSID@ {B01FEB50-45ED-11D3-B444-00104B261643}
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper.1@ InstallShield for Windows Installer ScriptWrapper
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper.1\CLSID
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper.1\CLSID@ {B01FEB50-45ED-11D3-B444-00104B261643}
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable@ InstallShield for Windows Installer String Table
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable\CLSID
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable\CLSID@ {B9A7E591-6C9C-11D3-B452-00104B261643}
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable.1@ InstallShield for Windows Installer String Table
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable.1\CLSID
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable.1\CLSID@ {B9A7E591-6C9C-11D3-B452-00104B261643}
Reg HKLM\SOFTWARE\Classes\LunarMagicData0@ Lunar Magic Mario World Data 0
Reg HKLM\SOFTWARE\Classes\LunarMagicData0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\LunarMagicData0\DefaultIcon@ L:\Documents\Mod & Tutorials\Super Mario Editor\Lunar Magic.exe,2
Reg HKLM\SOFTWARE\Classes\LunarMagicData0\shell
Reg HKLM\SOFTWARE\Classes\LunarMagicData0\shell\open
Reg HKLM\SOFTWARE\Classes\LunarMagicData0\shell\open\command
Reg HKLM\SOFTWARE\Classes\LunarMagicData0\shell\open\command@ L:\Documents\Mod & Tutorials\Super Mario Editor\Lunar Magic.exe %1
Reg HKLM\SOFTWARE\Classes\LunarMagicData1@ Lunar Magic Mario World Data 1
Reg HKLM\SOFTWARE\Classes\LunarMagicData1\DefaultIcon
Reg HKLM\SOFTWARE\Classes\LunarMagicData1\DefaultIcon@ L:\Documents\Mod & Tutorials\Super Mario Editor\Lunar Magic.exe,3
Reg HKLM\SOFTWARE\Classes\LunarMagicData1\shell
Reg HKLM\SOFTWARE\Classes\LunarMagicData1\shell\open
Reg HKLM\SOFTWARE\Classes\LunarMagicData1\shell\open\command
Reg HKLM\SOFTWARE\Classes\LunarMagicData1\shell\open\command@ L:\Documents\Mod & Tutorials\Super Mario Editor\Lunar Magic.exe %1
Reg HKLM\SOFTWARE\Classes\LunarMagicData2@ Lunar Magic Mario World Data 2
Reg HKLM\SOFTWARE\Classes\LunarMagicData2\DefaultIcon
Reg HKLM\SOFTWARE\Classes\LunarMagicData2\DefaultIcon@ L:\Documents\Mod & Tutorials\Super Mario Editor\Lunar Magic.exe,4
Reg HKLM\SOFTWARE\Classes\LunarMagicData2\shell
Reg HKLM\SOFTWARE\Classes\LunarMagicData2\shell\open
Reg HKLM\SOFTWARE\Classes\LunarMagicData2\shell\open\command
Reg HKLM\SOFTWARE\Classes\LunarMagicData2\shell\open\command@ L:\Documents\Mod & Tutorials\Super Mario Editor\Lunar Magic.exe %1
Reg HKLM\SOFTWARE\Classes\LunarMagicData3@ Lunar Magic Mario World Data 3
Reg HKLM\SOFTWARE\Classes\LunarMagicData3\DefaultIcon
Reg HKLM\SOFTWARE\Classes\LunarMagicData3\DefaultIcon@ L:\Documents\Mod & Tutorials\Super Mario Editor\Lunar Magic.exe,5
Reg HKLM\SOFTWARE\Classes\LunarMagicData3\shell
Reg HKLM\SOFTWARE\Classes\LunarMagicData3\shell\open
Reg HKLM\SOFTWARE\Classes\LunarMagicData3\shell\open\command
Reg HKLM\SOFTWARE\Classes\LunarMagicData3\shell\open\command@ L:\Documents\Mod & Tutorials\Super Mario Editor\Lunar Magic.exe %1
Reg HKLM\SOFTWARE\Classes\LunarMagicLevel@ Lunar Magic Mario World Level
Reg HKLM\SOFTWARE\Classes\LunarMagicLevel\DefaultIcon
Reg HKLM\SOFTWARE\Classes\LunarMagicLevel\DefaultIcon@ K:\Projects\Super Mario ROM\Hack\Lunar Magic.exe,1
Reg HKLM\SOFTWARE\Classes\LunarMagicLevel\shell
Reg HKLM\SOFTWARE\Classes\LunarMagicLevel\shell\open
Reg HKLM\SOFTWARE\Classes\LunarMagicLevel\shell\open\command
Reg HKLM\SOFTWARE\Classes\LunarMagicLevel\shell\open\command@ "K:\Projects\Super Mario ROM\Hack\Lunar Magic.exe" "%1"
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager@ Messenger Extensions Manager Object
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager\CLSID@ {BC20CB75-A981-460e-81D4-F06F61B59247}
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager\CurVer
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager\CurVer@ Messenger.MessengerExtensions.1
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager.1@ Messenger Extensions Manager Object
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager.1\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager.1\CLSID@ {BC20CB75-A981-460e-81D4-F06F61B59247}
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp@ Messenger Application
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp\CLSID@ {FB7199AB-79BF-11d2-8D94-0000F875C541}
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp\CurVer
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp\CurVer@ Messenger.MessengerApp.1
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp.1@ Messenger Application
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp.1\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp.1\CLSID@ {FB7199AB-79BF-11d2-8D94-0000F875C541}
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject@ Messenger Object
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject\CLSID@ {F3A614DC-ABE0-11d2-A441-00C04F795683}
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject\CurVer
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject\CurVer@ Messenger.MsgrObject.1
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject.1@ Messenger Object
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject.1\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject.1\CLSID@ {F3A614DC-ABE0-11d2-A441-00C04F795683}
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation@ Messenger Object
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation\CLSID@ {B69003B3-C55E-4b48-836C-BC5946FC3B28}
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation\CurVer
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation\CurVer@ Messenger.UIAutomation.1
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation.1@ Messenger Object
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation.1\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation.1\CLSID@ {B69003B3-C55E-4b48-836C-BC5946FC3B28}
Reg HKLM\SOFTWARE\Classes\MessengerContactList@ Messenger Contact List
Reg HKLM\SOFTWARE\Classes\MessengerContactList@NoOpen You cannot open this file directly. You must open Messenger and select "Import Contacts..." from the "File" menu.
Reg HKLM\SOFTWARE\Classes\MessengerContactList\DefaultIcon
Reg HKLM\SOFTWARE\Classes\MessengerContactList\DefaultIcon@ C:\Program Files\Messenger\msmsgs.exe,-1
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv@ Messenger Private Object
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv\CLSID
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv\CLSID@ {AB1D8565-40E9-4616-984D-98465687E82C}
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv\CurVer
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv\CurVer@ MessengerPrivate.MessengerPriv.1
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv.1@ Messenger Private Object
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv.1\CLSID
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv.1\CLSID@ {AB1D8565-40E9-4616-984D-98465687E82C}
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2@ CNxGameControl Object
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2\CLSID
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2\CLSID@ {075A24FD-4418-4841-9C3A-55CD5FFDE375}
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2\CurVer
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2\CurVer@ NXCOM.NxGameControl.US.2
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper@
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper\CLSID
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper\CLSID@ {0D458BE8-D99D-11D3-A92B-00105A088FAC}
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper.1@
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper.1\CLSID
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper.1\CLSID@ {0D458BE8-D99D-11D3-A92B-00105A088FAC}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

This is the new post I have opened and the logs are posted after it.

Regards
Jase

http://www.bleepingcomputer.com/forums/topic396670.html/page__p__2242688#entry2242688

Hello,

Now for the hard and frustrating part: waiting.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom