Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

prunnet-multiple pop ups


  • This topic is locked This topic is locked
14 replies to this topic

#1 markgui

markgui

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 26 December 2008 - 04:17 PM

I keep getting pop ups while using Firefox which has never happened before. I saw prunnet.exe in there somewhere. Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:04 PM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe

Also, I forgot to mention, Symantec AV doesn't detect a threat. Automatic updates is turned off and I can't turn it back on.
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Creative\Shared Files\CTAudSvc.exe
H:\Program Files\Symantec AntiVirus\DefWatch.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\PROGRA~1\SYMANT~1\VPTray.exe
H:\WINDOWS\system32\CTHELPER.EXE
H:\WINDOWS\system32\CTXFIHLP.EXE
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DNA\btdna.exe
H:\Program Files\Curse\CurseClient.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\WINDOWS\SYSTEM32\CTXFISPI.EXE
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program Files\Symantec AntiVirus\vpc32.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [P17Helper] "H:\WINDOWS\system32\rundll32.exe" P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickFinder Scheduler] "H:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "H:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] "H:\WINDOWS\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] "H:\WINDOWS\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [prunnet] "H:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\fvtlvaam.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA126] command /c del "H:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3141] cmd /c del "H:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "H:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [CurseClient] "H:\Program Files\Curse\CurseClient.exe" -silent
O4 - HKCU\..\RunOnce: [SpybotDeletingB4271] command /c del "H:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6402] cmd /c del "H:\WINDOWS\SchedLgU.Txt"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - H:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: woaajj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - H:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - H:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7639 bytes

Edited by markgui, 26 December 2008 - 08:45 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 05 January 2009 - 02:47 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 markgui

markgui
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 06 January 2009 - 03:01 AM

Malwarebytes' Anti-Malware 1.31
Database version: 1554
Windows 5.1.2600 Service Pack 3

1/6/2009 1:59:42 AM
mbam-log-2009-01-06 (01-59-42).txt

Scan type: Full Scan (H:\|)
Objects scanned: 143049
Time elapsed: 53 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
H:\System Volume Information\_restore{20DEE104-E774-4F58-AE18-845071D11D6E}\RP610\A0120327.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{20DEE104-E774-4F58-AE18-845071D11D6E}\RP610\A0120329.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{20DEE104-E774-4F58-AE18-845071D11D6E}\RP610\A0120331.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#4 markgui

markgui
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 06 January 2009 - 03:04 AM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Mark at 2009-01-06 02:01:39
Microsoft Windows XP Professional Service Pack 3
System drive H: has 34 GB (30%) free of 114 GB
Total RAM: 1535 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:01 AM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Creative\Shared Files\CTAudSvc.exe
H:\Program Files\Symantec AntiVirus\DefWatch.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\PROGRA~1\SYMANT~1\VPTray.exe
H:\WINDOWS\system32\CTHELPER.EXE
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\WINDOWS\system32\CTXFIHLP.EXE
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\SYSTEM32\CTXFISPI.EXE
H:\Program Files\Curse\CurseClient.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\system32\rundll32.exe
H:\marks download\firefox downloads\RSIT.exe
H:\Program Files\Trend Micro\HijackThis\Mark.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [P17Helper] "H:\WINDOWS\system32\rundll32.exe" P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickFinder Scheduler] "H:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "H:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] "H:\WINDOWS\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] "H:\Program Files\Curse\CurseClient.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: qoMeDVoO - H:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - H:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - H:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - H:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8130 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\crvlsfco.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=H:\WINDOWS\system32\P17.dll [2005-05-03 64512]
"QuickFinder Scheduler"=H:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [2004-03-22 77887]
"ccApp"=H:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]
"vptray"=H:\PROGRA~1\SYMANT~1\VPTray.exe [2007-10-07 125368]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CTHelper"=H:\WINDOWS\system32\CTHELPER.EXE [2008-02-20 19456]
"StartCCC"=H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"CTxfiHlp"=H:\WINDOWS\system32\CTXFIHLP.EXE [2008-10-07 23552]
"iTunesHelper"=H:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"CurseClient"=H:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]
"SpybotSD TeaTimer"=H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
H:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2008-03-20 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
H:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
H:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
H:\PROGRA~1\PALTAL~1\paltalk.exe nas []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^Mark^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
H:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3
"RemoteRegistry"=2
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"PolicyAgent"=2
"Netlogon"=3
"ALG"=3
"Alerter"=2
"mnmsrvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2008-08-20 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
H:\WINDOWS\system32\NavLogon.dll [2007-10-07 43448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMeDVoO]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - H:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\diN37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ejO84.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\diN37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ejO84.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="H:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"H:\Program Files\Messenger\msmsgs.exe"="H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\Program Files\Steam\SteamApps\rugrider\sin episodes emergence\SinEpisodes.exe"="H:\Program Files\Steam\SteamApps\rugrider\sin episodes emergence\SinEpisodes.exe:*:Enabled:SinEpisodes"
"H:\WINDOWS\system32\dpvsetup.exe"="H:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"H:\Program Files\Mozilla Firefox\firefox.exe"="H:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"H:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="H:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"H:\Documents and Settings\Mark\Local Settings\Application Data\Xenocode\ApplianceCaches\KumaClient.exe_v60664C46\Native\STUBEXE\@PROGRAMFILES@\Kuma Games\Kuma.exe"="H:\Documents and Settings\Mark\Local Settings\Application Data\Xenocode\ApplianceCaches\KumaClient.exe_v60664C46\Native\STUBEXE\@PROGRAMFILES@\Kuma Games\Kuma.exe:*:Enabled:Kuma"
"H:\WINDOWS\system32\java.exe"="H:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary"
"H:\Program Files\Java\jre1.6.0_05\bin\java.exe"="H:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"H:\Program Files\Microsoft Office\Office12\DRAT.EXE"="H:\Program Files\Microsoft Office\Office12\DRAT.EXE:*:Enabled:Groove DRAT Utility"
"H:\Program Files\World of Warcraft\BackgroundDownloader.exe"="H:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"H:\nfsps\nfs.exe"="H:\nfsps\nfs.exe:*:Enabled:nfs"
"H:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe"="H:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe:*:Enabled:Updater"
"H:\Program Files\Curse\CurseClient.exe"="H:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"H:\Program Files\Bonjour\mDNSResponder.exe"="H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"H:\Program Files\iTunes\iTunes.exe"="H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"H:\WINDOWS\system32\rundll32.exe"="H:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-05 05:55:21 ----SHD---- H:\RECYCLER
2009-01-02 22:09:37 ----D---- H:\Program Files\Microsoft Speech SDK 5.1
2009-01-01 01:16:03 ----D---- H:\Documents and Settings\Mark\Application Data\Apple Computer
2009-01-01 01:15:50 ----A---- H:\WINDOWS\system32\GEARAspi.dll
2009-01-01 01:15:21 ----D---- H:\Program Files\iPod
2009-01-01 01:15:17 ----D---- H:\Program Files\iTunes
2009-01-01 01:15:17 ----D---- H:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 01:14:52 ----D---- H:\Program Files\Bonjour
2009-01-01 01:12:35 ----D---- H:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-01 01:11:24 ----D---- H:\Program Files\Apple Software Update
2009-01-01 01:11:06 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-01-01 01:10:28 ----D---- H:\Program Files\Common Files\Apple
2009-01-01 01:10:27 ----D---- H:\Documents and Settings\All Users\Application Data\Apple
2008-12-30 19:38:17 ----D---- H:\WINDOWS\temp
2008-12-30 19:38:14 ----A---- H:\ComboFix.txt
2008-12-30 19:26:33 ----A---- H:\WINDOWS\NIRCMD.exe
2008-12-30 16:23:14 ----A---- H:\Boot.bak
2008-12-30 16:23:01 ----RASHD---- H:\cmdcons
2008-12-30 16:21:18 ----A---- H:\WINDOWS\zip.exe
2008-12-30 16:21:18 ----A---- H:\WINDOWS\SWREG.exe
2008-12-30 16:21:18 ----A---- H:\WINDOWS\sed.exe
2008-12-30 16:21:18 ----A---- H:\WINDOWS\grep.exe
2008-12-30 16:21:18 ----A---- H:\WINDOWS\fdsv.exe
2008-12-30 16:21:17 ----A---- H:\WINDOWS\VFIND.exe
2008-12-30 16:21:17 ----A---- H:\WINDOWS\SWXCACLS.exe
2008-12-30 16:21:17 ----A---- H:\WINDOWS\SWSC.exe
2008-12-30 16:20:56 ----D---- H:\WINDOWS\ERDNT
2008-12-30 16:20:56 ----D---- H:\Qoobox
2008-12-29 19:36:47 ----D---- H:\rsit
2008-12-27 17:20:52 ----D---- H:\Program Files\OpenAL
2008-12-27 17:19:17 ----D---- H:\Program Files\Common Files\Creative Labs Shared
2008-12-27 17:02:41 ----A---- H:\WINDOWS\system32\AppSetup.exe
2008-12-27 13:13:02 ----D---- H:\Program Files\MSXML 4.0
2008-12-27 12:48:06 ----D---- H:\VundoFix Backups
2008-12-27 12:48:06 ----A---- H:\VundoFix.txt
2008-12-27 12:02:27 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 19:22:18 ----A---- H:\WINDOWS\SchedLgU.Txt
2008-12-26 14:15:24 ----A---- H:\WINDOWS\system32\0b23c5f2-.txt
2008-12-26 11:19:38 ----D---- H:\Binaries
2008-11-17 19:02:55 ----D---- H:\Program Files\Game Elements PC Recoil Pad
2008-11-17 19:02:55 ----A---- H:\WINDOWS\system32\Ffpage.dll
2008-11-17 19:02:55 ----A---- H:\WINDOWS\system32\Ffdriver.dll
2008-10-18 22:11:59 ----D---- H:\Program Files\EA SPORTS
2008-10-15 21:51:43 ----D---- H:\Program Files\Curse
2008-10-14 20:57:22 ----D---- H:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-14 17:46:19 ----D---- H:\Documents and Settings\Mark\Application Data\ATI
2008-10-14 17:46:19 ----D---- H:\Documents and Settings\All Users\Application Data\ATI
2008-10-14 17:42:44 ----D---- H:\Program Files\ATI
2008-10-14 15:56:28 ----D---- H:\nfsps
2008-10-14 15:56:27 ----A---- H:\WINDOWS\system32\xactengine2_8.dll
2008-10-14 15:56:27 ----A---- H:\WINDOWS\system32\x3daudio1_2.dll
2008-10-14 15:56:26 ----A---- H:\WINDOWS\system32\d3dx10_34.dll
2008-10-14 15:56:26 ----A---- H:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-14 15:56:25 ----A---- H:\WINDOWS\system32\xinput1_3.dll
2008-10-14 15:56:25 ----A---- H:\WINDOWS\system32\d3dx9_34.dll
2008-10-14 15:56:24 ----A---- H:\WINDOWS\system32\xactengine2_7.dll
2008-10-14 15:56:23 ----A---- H:\WINDOWS\system32\d3dx10_33.dll
2008-10-14 15:56:23 ----A---- H:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-14 15:56:21 ----A---- H:\WINDOWS\system32\d3dx9_33.dll
2008-10-14 15:56:18 ----A---- H:\WINDOWS\system32\xactengine2_6.dll
2008-10-14 15:56:17 ----A---- H:\WINDOWS\system32\x3daudio1_1.dll
2008-10-08 00:08:38 ----A---- H:\WINDOWS\system32\instwdm.ini
2008-10-07 23:44:32 ----A---- H:\WINDOWS\INRES.DLL
2008-10-07 23:41:40 ----A---- H:\WINDOWS\system32\CtxfiRes.dll
2008-10-07 23:41:40 ----A---- H:\WINDOWS\CTXFIRES.DLL

======List of files/folders modified in the last 3 months======

2009-01-06 01:04:10 ----D---- H:\WINDOWS\Prefetch
2009-01-06 00:54:37 ----D---- H:\Program Files\Mozilla Firefox
2009-01-05 15:15:41 ----D---- H:\Program Files\SpeedFan
2009-01-05 11:15:18 ----D---- H:\WINDOWS
2009-01-05 11:02:51 ----D---- H:\WINDOWS\system32\LogFiles
2009-01-05 05:55:23 ----D---- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-03 17:38:42 ----D---- H:\WINDOWS\system32\CatRoot2
2009-01-03 17:38:41 ----HD---- H:\WINDOWS\inf
2009-01-02 22:10:14 ----SHD---- H:\WINDOWS\Installer
2009-01-02 22:09:38 ----D---- H:\WINDOWS\system32
2009-01-02 22:09:37 ----RD---- H:\Program Files
2009-01-02 21:55:56 ----D---- H:\WINDOWS\SoftwareDistribution
2009-01-01 01:19:12 ----D---- H:\WINDOWS\system32\QuickTime
2009-01-01 01:15:50 ----D---- H:\WINDOWS\system32\drivers
2009-01-01 01:14:25 ----D---- H:\Program Files\QuickTime
2009-01-01 01:10:28 ----D---- H:\Program Files\Common Files
2008-12-30 19:34:13 ----A---- H:\WINDOWS\system.ini
2008-12-30 19:31:27 ----D---- H:\WINDOWS\system32\config
2008-12-30 19:30:02 ----D---- H:\WINDOWS\AppPatch
2008-12-30 16:23:14 ----RASH---- H:\boot.ini
2008-12-27 17:26:54 ----D---- H:\Documents and Settings\All Users\Application Data\Creative
2008-12-27 17:20:52 ----A---- H:\WINDOWS\system32\wrap_oal.dll
2008-12-27 17:20:52 ----A---- H:\WINDOWS\system32\OpenAL32.dll
2008-12-27 17:20:16 ----D---- H:\WINDOWS\system32\Data
2008-12-27 17:20:00 ----RSHDC---- H:\WINDOWS\system32\dllcache
2008-12-27 17:19:15 ----HD---- H:\Program Files\InstallShield Installation Information
2008-12-27 17:18:51 ----D---- H:\Program Files\Creative
2008-12-27 13:13:02 ----D---- H:\WINDOWS\WinSxS
2008-12-27 11:05:58 ----A---- H:\WINDOWS\wininit.ini
2008-12-26 14:15:43 ----D---- H:\Documents and Settings
2008-12-26 14:11:04 ----D---- H:\Program Files\DAEMON Tools Toolbar
2008-12-26 14:08:00 ----SD---- H:\WINDOWS\Tasks
2008-12-26 14:07:37 ----D---- H:\Program Files\Symantec AntiVirus
2008-12-26 11:20:16 ----A---- H:\WINDOWS\win.ini
2008-12-25 10:32:04 ----D---- H:\Program Files\World of Warcraft
2008-12-25 03:55:48 ----A---- H:\WINDOWS\NeroDigital.ini
2008-12-24 23:28:43 ----A---- H:\WINDOWS\system32\PnkBstrB.exe
2008-12-22 16:04:48 ----D---- H:\Program Files\Opera
2008-12-20 01:32:29 ----D---- H:\WINDOWS\Debug
2008-12-18 03:00:25 ----HD---- H:\WINDOWS\$hf_mig$
2008-12-13 00:40:02 ----A---- H:\WINDOWS\system32\mshtml.dll
2008-12-12 05:34:29 ----D---- H:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-12 05:26:42 ----D---- H:\Program Files\Internet Explorer
2008-12-03 09:08:51 ----D---- H:\WINDOWS\Help
2008-11-09 22:24:32 ----D---- H:\Program Files\Spybot - Search & Destroy
2008-11-06 15:58:26 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 06:36:14 ----A---- H:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----A---- H:\WINDOWS\system32\tzchange.exe
2008-10-18 22:11:40 ----D---- H:\WINDOWS\system32\DirectX
2008-10-18 22:11:38 ----RSD---- H:\WINDOWS\assembly
2008-10-16 14:38:40 ----A---- H:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:39 ----N---- H:\WINDOWS\system32\occache.dll
2008-10-16 14:38:39 ----N---- H:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:39 ----A---- H:\WINDOWS\system32\webcheck.dll
2008-10-16 14:38:39 ----A---- H:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:39 ----A---- H:\WINDOWS\system32\url.dll
2008-10-16 14:38:39 ----A---- H:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:38 ----N---- H:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----N---- H:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:37 ----N---- H:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:35 ----N---- H:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:35 ----N---- H:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:35 ----N---- H:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:35 ----A---- H:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:35 ----A---- H:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:35 ----A---- H:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:34 ----N---- H:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- H:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- H:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- H:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- H:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- H:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- H:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- H:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- H:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- H:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- H:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- H:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- H:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- H:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- H:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- H:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- H:\WINDOWS\system32\mucltui.dll
2008-10-16 07:11:09 ----N---- H:\WINDOWS\system32\ie4uinit.exe
2008-10-16 07:11:09 ----A---- H:\WINDOWS\system32\ieudinit.exe
2008-10-15 10:34:24 ----A---- H:\WINDOWS\system32\netapi32.dll
2008-10-15 01:04:53 ----N---- H:\WINDOWS\system32\ieakui.dll
2008-10-14 19:12:55 ----A---- H:\WINDOWS\system32\PnkBstrA.exe
2008-10-14 17:41:53 ----D---- H:\Program Files\ATI Technologies
2008-10-11 23:26:01 ----D---- H:\Program Files\Winamp
2008-10-11 21:46:15 ----SD---- H:\Documents and Settings\Mark\Application Data\Microsoft
2008-10-11 21:45:42 ----D---- H:\Program Files\Elaborate Bytes
2008-10-11 21:32:18 ----D---- H:\WINDOWS\system32\wbem
2008-10-11 21:32:18 ----D---- H:\WINDOWS\Registration
2008-10-11 12:14:27 ----D---- H:\WINDOWS\Minidump
2008-10-09 02:48:36 ----D---- H:\WINDOWS\system32\inetsrv
2008-10-09 00:13:42 ----D---- H:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com
2008-10-09 00:12:59 ----D---- H:\Program Files\SUPERAntiSpyware
2008-10-09 00:12:07 ----D---- H:\Program Files\Paltalk Messenger
2008-10-09 00:12:07 ----D---- H:\Documents and Settings\Mark\Application Data\Paltalk
2008-10-09 00:09:39 ----D---- H:\Program Files\Sierra
2008-10-09 00:07:05 ----D---- H:\Program Files\Common Files\ASCOM
2008-10-07 23:44:28 ----A---- H:\WINDOWS\system32\ctdvinst.dll
2008-10-07 23:44:28 ----A---- H:\WINDOWS\system32\ctcoinst.dll
2008-10-07 23:42:42 ----A---- H:\WINDOWS\system32\a3d.dll
2008-10-07 23:42:16 ----A---- H:\WINDOWS\system32\ac3api.dll
2008-10-07 23:41:38 ----A---- H:\WINDOWS\system32\CTxfiSpk.dll
2008-10-07 23:41:38 ----A---- H:\WINDOWS\system32\CTxfiBtn.dll
2008-10-07 23:41:36 ----A---- H:\WINDOWS\system32\Ctxfihlp.exe
2008-10-07 23:37:46 ----A---- H:\WINDOWS\system32\CTxfiReg.exe
2008-10-07 23:37:44 ----A---- H:\WINDOWS\system32\Ct20xspi.dll
2008-10-07 23:37:38 ----A---- H:\WINDOWS\system32\CTxfispi.exe
2008-10-07 23:30:32 ----A---- H:\WINDOWS\system32\ctemupia.dll
2008-10-07 23:27:36 ----A---- H:\WINDOWS\system32\ct_oal.dll
2008-10-07 23:27:32 ----A---- H:\WINDOWS\system32\ctasio.dll
2008-10-07 23:27:26 ----A---- H:\WINDOWS\system32\ctdproxy.dll
2008-10-07 23:26:44 ----A---- H:\WINDOWS\system32\sfman32.dll
2008-10-07 23:26:44 ----A---- H:\WINDOWS\system32\ctosuser.dll
2008-10-07 23:26:42 ----A---- H:\WINDOWS\system32\sfms32.dll
2008-10-07 23:26:38 ----A---- H:\WINDOWS\system32\regplib.exe
2008-10-07 23:26:36 ----A---- H:\WINDOWS\system32\piaproxy.dll
2008-10-07 23:23:50 ----A---- H:\WINDOWS\system32\enlocstr.exe
2008-10-07 23:23:46 ----A---- H:\WINDOWS\system32\killapps.exe
2008-10-07 23:23:26 ----A---- H:\WINDOWS\system32\devreg.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\H:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; H:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; \??\H:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\H:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; H:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-08-27 189320]
R3 ati2mtag;ati2mtag; H:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-08-20 3299840]
R3 CT20XUT.SYS;CT20XUT.SYS; H:\WINDOWS\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 ctac32k;Creative AC3 Software Decoder; H:\WINDOWS\system32\drivers\ctac32k.sys [2008-10-08 511000]
R3 ctaud2k;Creative Audio Driver (WDM); H:\WINDOWS\system32\drivers\ctaud2k.sys [2008-10-08 526232]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; H:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS; H:\WINDOWS\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 ctprxy2k;Creative Proxy Driver; H:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-10-08 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; H:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2008-10-08 158744]
R3 emupia;E-mu Plug-in Architecture Driver; H:\WINDOWS\system32\drivers\emupia2k.sys [2008-10-08 95768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\H:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; H:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; H:\WINDOWS\system32\drivers\ha20x2k.sys [2008-10-08 1177624]
R3 HidUsb;Microsoft HID Class Driver; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; H:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\H:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\H:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\navex15.sys []
R3 ossrv;Creative OS Services Driver; H:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2008-10-08 130072]
R3 pfc;Padus ASPI Shell; \??\H:\WINDOWS\system32\drivers\pfc.sys []
R3 SymEvent;SymEvent; \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; H:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; H:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; H:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; H:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; H:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\H:\WINDOWS\system32\drivers\NSDriver.sys []
S3 alpofgla;alpofgla; H:\WINDOWS\system32\drivers\alpofgla.sys []
S3 aofzsk7o;aofzsk7o; H:\WINDOWS\system32\drivers\aofzsk7o.sys []
S3 catchme;catchme; \??\H:\ComboFix\catchme.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; H:\WINDOWS\system32\COMMONFX.DLL [2008-02-25 98328]
S3 cpuz129;cpuz129; \??\H:\Program Files\PC Wizard 2008\pcwiz32.sys []
S3 CT20XUT.DLL;CT20XUT.DLL; H:\WINDOWS\system32\CT20XUT.DLL []
S3 CT20XUT;CT20XUT; H:\WINDOWS\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTAUDFX.DLL;CTAUDFX.DLL; H:\WINDOWS\system32\CTAUDFX.DLL [2008-02-25 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; H:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-10-08 347080]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; H:\WINDOWS\system32\CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; H:\WINDOWS\system32\CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; H:\WINDOWS\system32\CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; H:\WINDOWS\system32\CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; H:\WINDOWS\system32\CTERFXFX.DLL [2008-02-25 100888]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; H:\WINDOWS\system32\CTEXFIFX.DLL []
S3 CTEXFIFX;CTEXFIFX; H:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.DLL;CTHWIUT.DLL; H:\WINDOWS\system32\CTHWIUT.DLL []
S3 CTHWIUT;CTHWIUT; H:\WINDOWS\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 CTSBLFX.DLL;CTSBLFX.DLL; H:\WINDOWS\system32\CTSBLFX.DLL [2008-02-25 566296]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; H:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 P17;SB Live! 24-bit; H:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
S3 SABProcEnum;SABProcEnum; \??\H:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 SYMREDRV;SYMREDRV; H:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-08-27 23944]
S3 usbaudio;USB Audio Driver (WDM); H:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2008-08-20 573440]
R2 ccSetMgr;Symantec Settings Manager; H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
R2 CTAudSvcService;Creative Audio Service; H:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-10-31 307200]
R2 DefWatch;Symantec AntiVirus Definition Watcher; H:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-10-07 31160]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; H:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 PnkBstrA;PnkBstrA; H:\WINDOWS\system32\PnkBstrA.exe [2008-10-14 66872]
R2 SPBBCSvc;Symantec SPBBCSvc; H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-07-26 1181016]
R2 StarWindServiceAE;StarWind AE Service; H:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 ccEvtMgr;Symantec Event Manager; H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S2 Bonjour Service;Bonjour Service; H:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; H:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-27 79360]
S3 iPod Service;iPod Service; H:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 LiveUpdate;LiveUpdate; H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-28 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; H:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]
S3 SNDSrvc;Symantec Network Drivers Service; H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-08-27 214408]
S3 Symantec AntiVirus;Symantec AntiVirus; H:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-10-07 1822648]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#5 markgui

markgui
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 06 January 2009 - 03:19 AM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-06 02:18:49
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 8A1A36D8 ZwAlertResumeThread
SSDT 8A1A3538 ZwAlertThread
SSDT 8A266B80 ZwAllocateVirtualMemory
SSDT 8A272CA0 ZwConnectPort
SSDT spsf.sys ZwCreateKey [0xF74D70E0]
SSDT 8A1A3BC0 ZwCreateMutant
SSDT 8A2714A0 ZwCreateThread
SSDT \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB0D3A350]
SSDT spsf.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spsf.sys ZwEnumerateValueKey [0xF74F6030]
SSDT 8A1E2CC8 ZwFreeVirtualMemory
SSDT 8A1A3A20 ZwImpersonateAnonymousToken
SSDT 8A1A3878 ZwImpersonateThread
SSDT 8A286B40 ZwMapViewOfSection
SSDT 8A1A3E80 ZwOpenEvent
SSDT spsf.sys ZwOpenKey [0xF74D70C0]
SSDT 8A1E2B48 ZwOpenProcessToken
SSDT 8A1E75C8 ZwOpenThreadToken
SSDT spsf.sys ZwQueryKey [0xF74F6108]
SSDT 8A183368 ZwQueryValueKey
SSDT 8A1CB4F0 ZwResumeThread
SSDT 8A1EB400 ZwSetContextThread
SSDT 8A1E71D8 ZwSetInformationProcess
SSDT 8971C860 ZwSetInformationThread
SSDT \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB0D3A580]
SSDT 8A1A3FD0 ZwSuspendProcess
SSDT 8A1A3088 ZwSuspendThread
SSDT 8A1E29D0 ZwTerminateProcess
SSDT 8971C828 ZwTerminateThread
SSDT 8A1E2FD0 ZwUnmapViewOfSection
SSDT 8A265B88 ZwWriteVirtualMemory

INT 0x62 ? 8A52BBF8
INT 0x63 ? 8A146F00
INT 0x63 ? 8A146F00
INT 0x63 ? 8A146F00
INT 0x63 ? 8A146F00
INT 0x63 ? 8A146F00
INT 0x82 ? 8A52BBF8
INT 0xB1 ? 8A599BF8
INT 0xB1 ? 8A599BF8

---- Kernel code sections - GMER 1.0.14 ----

? spsf.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B98348AC 5 Bytes JMP 8A1464E0
.text alpofgla.SYS B97B7384 1 Byte [ 20 ]
.text alpofgla.SYS B97B7386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text alpofgla.SYS B97B73AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text alpofgla.SYS B97B73C4 3 Bytes [ 00, 00, 00 ]
.text alpofgla.SYS B97B73C9 1 Byte [ 00 ]
.text ...
.text aofzsk7o.SYS B9776386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text aofzsk7o.SYS B97763AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text aofzsk7o.SYS B97763C4 3 Bytes [ 00, 70, 02 ]
.text aofzsk7o.SYS B97763C9 1 Byte [ 2E ]
.text aofzsk7o.SYS B97763CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5992D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spsf.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spsf.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spsf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spsf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spsf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spsf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spsf.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A1465E0
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\alpofgla.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlInitUnicodeString] F44D8B48
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!swprintf] C1815753
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeSetEvent] 00002590
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 467C8D51
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 76F6E84A
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] D88BFFFF
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8504C483
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 5F0A75DB
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 5B08438D
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmUnmapIoSpace] 5DE58B5E
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 259068C3
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IofCompleteRequest] 006A0000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 88F0E853
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IofCallDriver] 558DFFFF
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 90838DF8
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 52000025
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoConnectInterrupt] 03895750
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoDetachDevice] FFF363E8
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0C458AFF
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeInitializeEvent] 8B104D8B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeCancelTimer] 43881855
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 1C458B08
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlInitAnsiString] 0F544389
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 89FF45B6
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoQueueWorkItem] 4D8B0C4B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmMapIoSpace] 50538920
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 8924558B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoReportDetectedDevice] 5389584B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0A43885C
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0646B60F
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!NlsMbCodePageTag] A818C483
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8D7F743F
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001A8C8B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0835100
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!sprintf] 7E8D503F
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [B9E85728] \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ObfDereferenceObject] 0F0000D1
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 8D0646B6
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001B8093
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ZwClose] E0835200
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E857503F
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 0000EBB4
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 026B938D
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C6830000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoCreateDevice] 0008B908
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlCopyUnicodeString] FA8B0000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 758BA5F3
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 064E8A08
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ZwOpenKey] 883FE180
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 0002688B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoStartTimer] 06468A00
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeInitializeTimer] 8306E8C0
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoInitializeTimer] 023C18C4
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeInitializeDpc] 02698388
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeInitializeSpinLock] 19750000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoInitializeIrp] 028C838D
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ZwCreateKey] 52500000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 00C143E8
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 08C48300
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ZwSetValueKey] 0575C085
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeInsertQueueDpc] EB08708D
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 074E8A54
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoStartPacket] 026A8B88
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 83660000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 7601487E
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoFreeMdl] 4AC68305
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmUnlockPages] F63302EB
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5614558B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 75E85352
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8BFFFFF4
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 0CC483F0
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeSynchronizeExecution] 2075F685
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoStartNextPacket] 050C7D80
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeBugCheckEx] 0092850F
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 458B0000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeSetTimer] E85350F8
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!_allmul] FFFFF848
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmProbeAndLockPages] 8408C483
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!_except_handler3] BE7875C0
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!PoSetPowerState] 00000008
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] F346E853
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlWriteRegistryValue] C483FFFF
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00F46804
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!_aulldiv] 838D0000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!strstr] 00001A8C
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!_strupr] E850006A
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeQuerySystemTime] FFFF87CA
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000F468
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!KeTickCount] 808B8D00
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 6A00001B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoDeleteDevice] B7E85100
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 33FFFF87
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoAllocateWorkItem] 6B8389C0
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoAllocateIrp] 89000002
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoAllocateMdl] 00026F83
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 73838900
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmLockPagableDataSection] 89000002
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 00027783
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 7B838900
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!ExFreePoolWithTag] 89000002
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoFreeIrp] 00027F83
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!IoFreeWorkItem] 83838900
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!InitSafeBootMode] 53000002
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!RtlCompareMemory] 02878389
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!PoCallDriver] 7FE80000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!memmove] 83FFFF68
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[ntoskrnl.exe!MmHighestUserAddress] 8B5F1CC4
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\aofzsk7o.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A52A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8A123500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5971F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5971F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5971F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5971F8
Device \Driver\usbuhci \Device\USBPDO-1 8A123500
Device \Driver\usbuhci \Device\USBPDO-2 8A123500
Device \Driver\usbehci \Device\USBPDO-3 8A122500
Device \Driver\PCI_PNP0780 \Device\00000060 spsf.sys
Device \Driver\PCI_PNP0780 \Device\00000060 spsf.sys

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{B951E432-05E6-4D00-AEF8-FF693CDD5644} 8A1EC500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A52C1F8
Device \Driver\Cdrom \Device\CdRom0 8A120500
Device \Driver\Cdrom \Device\CdRom1 8A120500
Device \Driver\Cdrom \Device\CdRom2 8A120500
Device \Driver\usbstor \Device\00000081 8A2A0500
Device \Driver\sptd \Device\3938372030 spsf.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1EC500
Device \Driver\usbstor \Device\00000084 8A2A0500
Device \Driver\NetBT \Device\NetbiosSmb 8A1EC500
Device \Driver\usbstor \Device\00000085 8A2A0500
Device \Driver\usbstor \Device\00000086 8A2A0500
Device \Driver\usbstor \Device\00000087 8A2A0500

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCI_PNP0780 \Device\0000005f spsf.sys
Device \Driver\PCI_PNP0780 \Device\0000005f spsf.sys
Device \Driver\usbuhci \Device\USBFDO-0 8A123500
Device \Driver\usbuhci \Device\USBFDO-1 8A123500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3AA500
Device \Driver\usbuhci \Device\USBFDO-2 8A123500
Device \Driver\sptd \Device\3938528280 spsf.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3AA500
Device \Driver\usbehci \Device\USBFDO-3 8A122500
Device \Driver\Ftdisk \Device\FtControl 8A52C1F8
Device \Driver\aofzsk7o \Device\Scsi\aofzsk7o1Port3Path0Target0Lun0 8A12E500
Device \Driver\aofzsk7o \Device\Scsi\aofzsk7o1 8A12E500
Device \Driver\alpofgla \Device\Scsi\alpofgla1Port2Path0Target0Lun0 8A12C500
Device \Driver\alpofgla \Device\Scsi\alpofgla1 8A12C500
Device \FileSystem\Cdfs \Cdfs 8A3781F8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 H:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9A 0xF9 0x98 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x44 0x16 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCC 0xCD 0x95 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x33 0xF1 0xFA 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x20 0x6D 0x6C 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x93 0x77 0xE4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 H:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9A 0xF9 0x98 0x61 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x44 0x16 0x63 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCC 0xCD 0x95 0xF2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x33 0xF1 0xFA 0x2F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x20 0x6D 0x6C 0xA6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x93 0x77 0xE4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xF6 0x27 0x62 0x3D ...
Reg HKLM\SOFTWARE\Classes\CLSID\{c5bb3f01-7b97-4c4e-9796-d73d701323a5}@Model 361
Reg HKLM\SOFTWARE\Classes\CLSID\{c5bb3f01-7b97-4c4e-9796-d73d701323a5}@Therad 20

---- EOF - GMER 1.0.14 ----

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 06 January 2009 - 05:47 AM

IMPORTANT!! Uninstall these programs before proceed with our fixes..

1. Spybot - Search & Destroy



NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O20 - Winlogon Notify: qoMeDVoO - H:\WINDOWS\


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)


    :processes
    explorer.exe
    
    :services
    
    :files
    H:\WINDOWS\tasks\crvlsfco.job
    
    :reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\diN37.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ejO84.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\diN37.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ejO84.sys]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]

  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. ESET Online Scanner
3. RSIT log.txt
4. Tell me, how is the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 markgui

markgui
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 06 January 2009 - 06:21 AM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
H:\WINDOWS\tasks\crvlsfco.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\diN37.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ejO84.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\diN37.sys\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ejO84.sys\\ deleted successfully.
========== COMMANDS ==========
File delete failed. H:\DOCUME~1\Mark\LOCALS~1\Temp\etilqs_EqYFbaWefss9TIdfH1jZ scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_050846

Files moved on Reboot...
File H:\DOCUME~1\Mark\LOCALS~1\Temp\etilqs_EqYFbaWefss9TIdfH1jZ not found!
File move failed. H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\Cache\_CACHE_001_ moved successfully.
H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\Cache\_CACHE_002_ moved successfully.
H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\Cache\_CACHE_003_ moved successfully.
H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\Cache\_CACHE_MAP_ moved successfully.
H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\urlclassifier3.sqlite moved successfully.
H:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\6qkwavzz.default\XUL.mfl moved successfully.

#8 markgui

markgui
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 06 January 2009 - 08:54 AM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3742 (20090106)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=1488e7d640deef4eb2d61f89be96467a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-06 01:09:16
# local_time=2009-01-06 07:09:16 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=316762
# found=9
# scan_time=6176
H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinWebdirb3.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinWebdirb6.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinWebdirb8.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
H:\Documents and Settings\Mark\My Documents\My Music\george lynch.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) F10361A56BEFBF5D0F5C2DD647EA307F
H:\Documents and Settings\Mark\My Documents\My Music\tonight ozzy osbrone.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) CE37C60BD36CD12230F1E3F8C0956EF9
H:\marks download\firefox downloads\AVICodecPackPlus220.exe probably a variant of Win32/Adware.Agent application (deleted) 00000000000000000000000000000000
H:\marks download\firefox downloads\AVICodecPackPlus220.exe »NSIS »mpcodecplg.dll probably a variant of Win32/Adware.Agent application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

#9 markgui

markgui
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 06 January 2009 - 08:57 AM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Mark at 2009-01-06 07:55:31
Microsoft Windows XP Professional Service Pack 3
System drive H: has 34 GB (30%) free of 114 GB
Total RAM: 1535 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:53 AM, on 1/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Creative\Shared Files\CTAudSvc.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Symantec AntiVirus\DefWatch.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\PROGRA~1\SYMANT~1\VPTray.exe
H:\WINDOWS\system32\CTHELPER.EXE
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\WINDOWS\system32\CTXFIHLP.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Curse\CurseClient.exe
H:\WINDOWS\SYSTEM32\CTXFISPI.EXE
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\SpeedFan\speedfan.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\marks download\firefox downloads\RSIT.exe
H:\Program Files\Trend Micro\HijackThis\Mark.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [P17Helper] "H:\WINDOWS\system32\rundll32.exe" P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickFinder Scheduler] "H:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "H:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] "H:\WINDOWS\system32\CTHELPER.EXE"
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] "H:\Program Files\Curse\CurseClient.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - H:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - H:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - H:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - H:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7549 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=H:\WINDOWS\system32\P17.dll [2005-05-03 64512]
"QuickFinder Scheduler"=H:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [2004-03-22 77887]
"ccApp"=H:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]
"vptray"=H:\PROGRA~1\SYMANT~1\VPTray.exe [2007-10-07 125368]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CTHelper"=H:\WINDOWS\system32\CTHELPER.EXE [2008-02-20 19456]
"StartCCC"=H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"CTxfiHlp"=H:\WINDOWS\system32\CTXFIHLP.EXE [2008-10-07 23552]
"iTunesHelper"=H:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"CurseClient"=H:\Program Files\Curse\CurseClient.exe [2008-10-10 4789760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
H:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2008-03-20 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
H:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
H:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
H:\PROGRA~1\PALTAL~1\paltalk.exe nas []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^Mark^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
H:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3
"RemoteRegistry"=2
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"PolicyAgent"=2
"Netlogon"=3
"ALG"=3
"Alerter"=2
"mnmsrvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2008-08-20 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
H:\WINDOWS\system32\NavLogon.dll [2007-10-07 43448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - H:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="H:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"H:\Program Files\Messenger\msmsgs.exe"="H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\Program Files\Steam\SteamApps\rugrider\sin episodes emergence\SinEpisodes.exe"="H:\Program Files\Steam\SteamApps\rugrider\sin episodes emergence\SinEpisodes.exe:*:Enabled:SinEpisodes"
"H:\WINDOWS\system32\dpvsetup.exe"="H:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"H:\Program Files\Mozilla Firefox\firefox.exe"="H:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"H:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="H:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"H:\Documents and Settings\Mark\Local Settings\Application Data\Xenocode\ApplianceCaches\KumaClient.exe_v60664C46\Native\STUBEXE\@PROGRAMFILES@\Kuma Games\Kuma.exe"="H:\Documents and Settings\Mark\Local Settings\Application Data\Xenocode\ApplianceCaches\KumaClient.exe_v60664C46\Native\STUBEXE\@PROGRAMFILES@\Kuma Games\Kuma.exe:*:Enabled:Kuma"
"H:\WINDOWS\system32\java.exe"="H:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary"
"H:\Program Files\Java\jre1.6.0_05\bin\java.exe"="H:\Program Files\Java\jre1.6.0_05\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"H:\Program Files\Microsoft Office\Office12\DRAT.EXE"="H:\Program Files\Microsoft Office\Office12\DRAT.EXE:*:Enabled:Groove DRAT Utility"
"H:\Program Files\World of Warcraft\BackgroundDownloader.exe"="H:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"H:\nfsps\nfs.exe"="H:\nfsps\nfs.exe:*:Enabled:nfs"
"H:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe"="H:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe:*:Enabled:Updater"
"H:\Program Files\Curse\CurseClient.exe"="H:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"H:\Program Files\Bonjour\mDNSResponder.exe"="H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"H:\Program Files\iTunes\iTunes.exe"="H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"H:\WINDOWS\system32\rundll32.exe"="H:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-06 05:24:55 ----D---- H:\Program Files\EsetOnlineScanner
2009-01-06 05:08:46 ----D---- H:\_OTMoveIt
2009-01-06 02:05:49 ----A---- H:\WINDOWS\gmer.ini
2009-01-06 02:05:48 ----A---- H:\WINDOWS\gmer_uninstall.cmd
2009-01-06 02:05:48 ----A---- H:\WINDOWS\gmer.dll
2009-01-06 02:05:47 ----A---- H:\WINDOWS\gmer.exe
2009-01-05 05:55:21 ----SHD---- H:\RECYCLER
2009-01-02 22:09:37 ----D---- H:\Program Files\Microsoft Speech SDK 5.1
2009-01-01 01:16:03 ----D---- H:\Documents and Settings\Mark\Application Data\Apple Computer
2009-01-01 01:15:50 ----A---- H:\WINDOWS\system32\GEARAspi.dll
2009-01-01 01:15:21 ----D---- H:\Program Files\iPod
2009-01-01 01:15:17 ----D---- H:\Program Files\iTunes
2009-01-01 01:15:17 ----D---- H:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-01 01:14:52 ----D---- H:\Program Files\Bonjour
2009-01-01 01:12:35 ----D---- H:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-01 01:11:24 ----D---- H:\Program Files\Apple Software Update
2009-01-01 01:11:06 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-01-01 01:10:28 ----D---- H:\Program Files\Common Files\Apple
2009-01-01 01:10:27 ----D---- H:\Documents and Settings\All Users\Application Data\Apple
2008-12-30 19:38:17 ----D---- H:\WINDOWS\temp
2008-12-30 19:38:14 ----A---- H:\ComboFix.txt
2008-12-30 19:26:33 ----A---- H:\WINDOWS\NIRCMD.exe
2008-12-30 16:23:14 ----A---- H:\Boot.bak
2008-12-30 16:23:01 ----RASHD---- H:\cmdcons
2008-12-30 16:21:18 ----A---- H:\WINDOWS\zip.exe
2008-12-30 16:21:18 ----A---- H:\WINDOWS\SWREG.exe
2008-12-30 16:21:18 ----A---- H:\WINDOWS\sed.exe
2008-12-30 16:21:18 ----A---- H:\WINDOWS\grep.exe
2008-12-30 16:21:18 ----A---- H:\WINDOWS\fdsv.exe
2008-12-30 16:21:17 ----A---- H:\WINDOWS\VFIND.exe
2008-12-30 16:21:17 ----A---- H:\WINDOWS\SWXCACLS.exe
2008-12-30 16:21:17 ----A---- H:\WINDOWS\SWSC.exe
2008-12-30 16:20:56 ----D---- H:\WINDOWS\ERDNT
2008-12-30 16:20:56 ----D---- H:\Qoobox
2008-12-29 19:36:47 ----D---- H:\rsit
2008-12-27 17:20:52 ----D---- H:\Program Files\OpenAL
2008-12-27 17:19:17 ----D---- H:\Program Files\Common Files\Creative Labs Shared
2008-12-27 17:02:41 ----A---- H:\WINDOWS\system32\AppSetup.exe
2008-12-27 13:13:02 ----D---- H:\Program Files\MSXML 4.0
2008-12-27 12:48:06 ----D---- H:\VundoFix Backups
2008-12-27 12:48:06 ----A---- H:\VundoFix.txt
2008-12-27 12:02:27 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 19:22:18 ----A---- H:\WINDOWS\SchedLgU.Txt
2008-12-26 14:15:24 ----A---- H:\WINDOWS\system32\0b23c5f2-.txt
2008-12-26 11:19:38 ----D---- H:\Binaries
2008-11-17 19:02:55 ----D---- H:\Program Files\Game Elements PC Recoil Pad
2008-11-17 19:02:55 ----A---- H:\WINDOWS\system32\Ffpage.dll
2008-11-17 19:02:55 ----A---- H:\WINDOWS\system32\Ffdriver.dll
2008-10-18 22:11:59 ----D---- H:\Program Files\EA SPORTS
2008-10-15 21:51:43 ----D---- H:\Program Files\Curse
2008-10-14 20:57:22 ----D---- H:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-14 17:46:19 ----D---- H:\Documents and Settings\Mark\Application Data\ATI
2008-10-14 17:46:19 ----D---- H:\Documents and Settings\All Users\Application Data\ATI
2008-10-14 17:42:44 ----D---- H:\Program Files\ATI
2008-10-14 15:56:28 ----D---- H:\nfsps
2008-10-14 15:56:27 ----A---- H:\WINDOWS\system32\xactengine2_8.dll
2008-10-14 15:56:27 ----A---- H:\WINDOWS\system32\x3daudio1_2.dll
2008-10-14 15:56:26 ----A---- H:\WINDOWS\system32\d3dx10_34.dll
2008-10-14 15:56:26 ----A---- H:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-14 15:56:25 ----A---- H:\WINDOWS\system32\xinput1_3.dll
2008-10-14 15:56:25 ----A---- H:\WINDOWS\system32\d3dx9_34.dll
2008-10-14 15:56:24 ----A---- H:\WINDOWS\system32\xactengine2_7.dll
2008-10-14 15:56:23 ----A---- H:\WINDOWS\system32\d3dx10_33.dll
2008-10-14 15:56:23 ----A---- H:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-14 15:56:21 ----A---- H:\WINDOWS\system32\d3dx9_33.dll
2008-10-14 15:56:18 ----A---- H:\WINDOWS\system32\xactengine2_6.dll
2008-10-14 15:56:17 ----A---- H:\WINDOWS\system32\x3daudio1_1.dll
2008-10-08 00:08:38 ----A---- H:\WINDOWS\system32\instwdm.ini
2008-10-07 23:44:32 ----A---- H:\WINDOWS\INRES.DLL
2008-10-07 23:41:40 ----A---- H:\WINDOWS\system32\CtxfiRes.dll
2008-10-07 23:41:40 ----A---- H:\WINDOWS\CTXFIRES.DLL

======List of files/folders modified in the last 3 months======

2009-01-06 07:50:22 ----D---- H:\Program Files\Mozilla Firefox
2009-01-06 05:42:19 ----D---- H:\Program Files\SpeedFan
2009-01-06 05:24:55 ----RD---- H:\Program Files
2009-01-06 05:24:48 ----SD---- H:\WINDOWS\Downloaded Program Files
2009-01-06 05:24:48 ----D---- H:\WINDOWS\system32
2009-01-06 05:24:45 ----D---- H:\WINDOWS\system32\CatRoot2
2009-01-06 05:24:45 ----D---- H:\WINDOWS
2009-01-06 05:15:39 ----D---- H:\WINDOWS\Prefetch
2009-01-06 05:08:46 ----SD---- H:\WINDOWS\Tasks
2009-01-06 05:00:24 ----D---- H:\WINDOWS\system32\LogFiles
2009-01-06 04:58:14 ----D---- H:\Program Files\Spybot - Search & Destroy
2009-01-06 04:58:09 ----D---- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 02:05:48 ----D---- H:\WINDOWS\system32\drivers
2009-01-03 17:38:41 ----HD---- H:\WINDOWS\inf
2009-01-02 22:10:14 ----SHD---- H:\WINDOWS\Installer
2009-01-02 21:55:56 ----D---- H:\WINDOWS\SoftwareDistribution
2009-01-01 01:19:12 ----D---- H:\WINDOWS\system32\QuickTime
2009-01-01 01:14:25 ----D---- H:\Program Files\QuickTime
2009-01-01 01:10:28 ----D---- H:\Program Files\Common Files
2008-12-30 19:34:13 ----A---- H:\WINDOWS\system.ini
2008-12-30 19:31:27 ----D---- H:\WINDOWS\system32\config
2008-12-30 19:30:02 ----D---- H:\WINDOWS\AppPatch
2008-12-30 16:23:14 ----RASH---- H:\boot.ini
2008-12-27 17:26:54 ----D---- H:\Documents and Settings\All Users\Application Data\Creative
2008-12-27 17:20:52 ----A---- H:\WINDOWS\system32\wrap_oal.dll
2008-12-27 17:20:52 ----A---- H:\WINDOWS\system32\OpenAL32.dll
2008-12-27 17:20:16 ----D---- H:\WINDOWS\system32\Data
2008-12-27 17:20:00 ----RSHDC---- H:\WINDOWS\system32\dllcache
2008-12-27 17:19:15 ----HD---- H:\Program Files\InstallShield Installation Information
2008-12-27 17:18:51 ----D---- H:\Program Files\Creative
2008-12-27 13:13:02 ----D---- H:\WINDOWS\WinSxS
2008-12-27 11:05:58 ----A---- H:\WINDOWS\wininit.ini
2008-12-26 14:15:43 ----D---- H:\Documents and Settings
2008-12-26 14:11:04 ----D---- H:\Program Files\DAEMON Tools Toolbar
2008-12-26 14:07:37 ----D---- H:\Program Files\Symantec AntiVirus
2008-12-26 11:20:16 ----A---- H:\WINDOWS\win.ini
2008-12-25 10:32:04 ----D---- H:\Program Files\World of Warcraft
2008-12-25 03:55:48 ----A---- H:\WINDOWS\NeroDigital.ini
2008-12-24 23:28:43 ----A---- H:\WINDOWS\system32\PnkBstrB.exe
2008-12-22 16:04:48 ----D---- H:\Program Files\Opera
2008-12-20 01:32:29 ----D---- H:\WINDOWS\Debug
2008-12-18 03:00:25 ----HD---- H:\WINDOWS\$hf_mig$
2008-12-13 00:40:02 ----A---- H:\WINDOWS\system32\mshtml.dll
2008-12-12 05:34:29 ----D---- H:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-12 05:26:42 ----D---- H:\Program Files\Internet Explorer
2008-12-03 09:08:51 ----D---- H:\WINDOWS\Help
2008-11-06 15:58:26 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 06:36:14 ----A---- H:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----A---- H:\WINDOWS\system32\tzchange.exe
2008-10-18 22:11:40 ----D---- H:\WINDOWS\system32\DirectX
2008-10-18 22:11:38 ----RSD---- H:\WINDOWS\assembly
2008-10-16 14:38:40 ----A---- H:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:39 ----N---- H:\WINDOWS\system32\occache.dll
2008-10-16 14:38:39 ----N---- H:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:39 ----A---- H:\WINDOWS\system32\webcheck.dll
2008-10-16 14:38:39 ----A---- H:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:39 ----A---- H:\WINDOWS\system32\url.dll
2008-10-16 14:38:39 ----A---- H:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:38 ----N---- H:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----N---- H:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:37 ----N---- H:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:37 ----A---- H:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:35 ----N---- H:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:35 ----N---- H:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:35 ----N---- H:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:35 ----A---- H:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:35 ----A---- H:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:35 ----A---- H:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:34 ----N---- H:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- H:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- H:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- H:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- H:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- H:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- H:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- H:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- H:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- H:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- H:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- H:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- H:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- H:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- H:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- H:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- H:\WINDOWS\system32\mucltui.dll
2008-10-16 07:11:09 ----N---- H:\WINDOWS\system32\ie4uinit.exe
2008-10-16 07:11:09 ----A---- H:\WINDOWS\system32\ieudinit.exe
2008-10-15 10:34:24 ----A---- H:\WINDOWS\system32\netapi32.dll
2008-10-15 01:04:53 ----N---- H:\WINDOWS\system32\ieakui.dll
2008-10-14 19:12:55 ----A---- H:\WINDOWS\system32\PnkBstrA.exe
2008-10-14 17:41:53 ----D---- H:\Program Files\ATI Technologies
2008-10-11 23:26:01 ----D---- H:\Program Files\Winamp
2008-10-11 21:46:15 ----SD---- H:\Documents and Settings\Mark\Application Data\Microsoft
2008-10-11 21:45:42 ----D---- H:\Program Files\Elaborate Bytes
2008-10-11 21:32:18 ----D---- H:\WINDOWS\system32\wbem
2008-10-11 21:32:18 ----D---- H:\WINDOWS\Registration
2008-10-11 12:14:27 ----D---- H:\WINDOWS\Minidump
2008-10-09 02:48:36 ----D---- H:\WINDOWS\system32\inetsrv
2008-10-09 00:13:42 ----D---- H:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com
2008-10-09 00:12:59 ----D---- H:\Program Files\SUPERAntiSpyware
2008-10-09 00:12:07 ----D---- H:\Program Files\Paltalk Messenger
2008-10-09 00:12:07 ----D---- H:\Documents and Settings\Mark\Application Data\Paltalk
2008-10-09 00:09:39 ----D---- H:\Program Files\Sierra
2008-10-09 00:07:05 ----D---- H:\Program Files\Common Files\ASCOM
2008-10-07 23:44:28 ----A---- H:\WINDOWS\system32\ctdvinst.dll
2008-10-07 23:44:28 ----A---- H:\WINDOWS\system32\ctcoinst.dll
2008-10-07 23:42:42 ----A---- H:\WINDOWS\system32\a3d.dll
2008-10-07 23:42:16 ----A---- H:\WINDOWS\system32\ac3api.dll
2008-10-07 23:41:38 ----A---- H:\WINDOWS\system32\CTxfiSpk.dll
2008-10-07 23:41:38 ----A---- H:\WINDOWS\system32\CTxfiBtn.dll
2008-10-07 23:41:36 ----A---- H:\WINDOWS\system32\Ctxfihlp.exe
2008-10-07 23:37:46 ----A---- H:\WINDOWS\system32\CTxfiReg.exe
2008-10-07 23:37:44 ----A---- H:\WINDOWS\system32\Ct20xspi.dll
2008-10-07 23:37:38 ----A---- H:\WINDOWS\system32\CTxfispi.exe
2008-10-07 23:30:32 ----A---- H:\WINDOWS\system32\ctemupia.dll
2008-10-07 23:27:36 ----A---- H:\WINDOWS\system32\ct_oal.dll
2008-10-07 23:27:32 ----A---- H:\WINDOWS\system32\ctasio.dll
2008-10-07 23:27:26 ----A---- H:\WINDOWS\system32\ctdproxy.dll
2008-10-07 23:26:44 ----A---- H:\WINDOWS\system32\sfman32.dll
2008-10-07 23:26:44 ----A---- H:\WINDOWS\system32\ctosuser.dll
2008-10-07 23:26:42 ----A---- H:\WINDOWS\system32\sfms32.dll
2008-10-07 23:26:38 ----A---- H:\WINDOWS\system32\regplib.exe
2008-10-07 23:26:36 ----A---- H:\WINDOWS\system32\piaproxy.dll
2008-10-07 23:23:50 ----A---- H:\WINDOWS\system32\enlocstr.exe
2008-10-07 23:23:46 ----A---- H:\WINDOWS\system32\killapps.exe
2008-10-07 23:23:26 ----A---- H:\WINDOWS\system32\devreg.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\H:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; H:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; \??\H:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\H:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; H:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-08-27 189320]
R3 ati2mtag;ati2mtag; H:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-08-20 3299840]
R3 CT20XUT.SYS;CT20XUT.SYS; H:\WINDOWS\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 ctac32k;Creative AC3 Software Decoder; H:\WINDOWS\system32\drivers\ctac32k.sys [2008-10-08 511000]
R3 ctaud2k;Creative Audio Driver (WDM); H:\WINDOWS\system32\drivers\ctaud2k.sys [2008-10-08 526232]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; H:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS; H:\WINDOWS\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]
R3 ctprxy2k;Creative Proxy Driver; H:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-10-08 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; H:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2008-10-08 158744]
R3 emupia;E-mu Plug-in Architecture Driver; H:\WINDOWS\system32\drivers\emupia2k.sys [2008-10-08 95768]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\H:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; H:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; H:\WINDOWS\system32\drivers\ha20x2k.sys [2008-10-08 1177624]
R3 HidUsb;Microsoft HID Class Driver; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; H:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\H:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\H:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\navex15.sys []
R3 ossrv;Creative OS Services Driver; H:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2008-10-08 130072]
R3 pfc;Padus ASPI Shell; \??\H:\WINDOWS\system32\drivers\pfc.sys []
R3 SymEvent;SymEvent; \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; H:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; H:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; H:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; H:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; H:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a81wjqtd;a81wjqtd; H:\WINDOWS\system32\drivers\a81wjqtd.sys []
S3 aa0jqcdd;aa0jqcdd; H:\WINDOWS\system32\drivers\aa0jqcdd.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\H:\WINDOWS\system32\drivers\NSDriver.sys []
S3 catchme;catchme; \??\H:\ComboFix\catchme.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; H:\WINDOWS\system32\COMMONFX.DLL [2008-02-25 98328]
S3 cpuz129;cpuz129; \??\H:\Program Files\PC Wizard 2008\pcwiz32.sys []
S3 CT20XUT.DLL;CT20XUT.DLL; H:\WINDOWS\system32\CT20XUT.DLL []
S3 CT20XUT;CT20XUT; H:\WINDOWS\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTAUDFX.DLL;CTAUDFX.DLL; H:\WINDOWS\system32\CTAUDFX.DLL [2008-02-25 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; H:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-10-08 347080]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; H:\WINDOWS\system32\CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; H:\WINDOWS\system32\CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; H:\WINDOWS\system32\CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; H:\WINDOWS\system32\CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; H:\WINDOWS\system32\CTERFXFX.DLL [2008-02-25 100888]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; H:\WINDOWS\system32\CTEXFIFX.DLL []
S3 CTEXFIFX;CTEXFIFX; H:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.DLL;CTHWIUT.DLL; H:\WINDOWS\system32\CTHWIUT.DLL []
S3 CTHWIUT;CTHWIUT; H:\WINDOWS\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S3 CTSBLFX.DLL;CTSBLFX.DLL; H:\WINDOWS\system32\CTSBLFX.DLL [2008-02-25 566296]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; H:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 gmer;gmer; H:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-06 85969]
S3 P17;SB Live! 24-bit; H:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
S3 SABProcEnum;SABProcEnum; \??\H:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 SYMREDRV;SYMREDRV; H:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-08-27 23944]
S3 usbaudio;USB Audio Driver (WDM); H:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2008-08-20 573440]
R2 Bonjour Service;Bonjour Service; H:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccSetMgr;Symantec Settings Manager; H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
R2 CTAudSvcService;Creative Audio Service; H:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-10-31 307200]
R2 DefWatch;Symantec AntiVirus Definition Watcher; H:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-10-07 31160]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; H:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 PnkBstrA;PnkBstrA; H:\WINDOWS\system32\PnkBstrA.exe [2008-10-14 66872]
R2 SPBBCSvc;Symantec SPBBCSvc; H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-07-26 1181016]
R2 StarWindServiceAE;StarWind AE Service; H:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 ccEvtMgr;Symantec Event Manager; H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
R3 iPod Service;iPod Service; H:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; H:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-27 79360]
S3 LiveUpdate;LiveUpdate; H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-28 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; H:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]
S3 SNDSrvc;Symantec Network Drivers Service; H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-08-27 214408]
S3 Symantec AntiVirus;Symantec AntiVirus; H:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-10-07 1822648]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 06 January 2009 - 09:55 AM

Log looks very nice to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes




Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 markgui

markgui
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 06 January 2009 - 10:06 AM

Computer seems to be running much better and faster, with no pop ups, but I still keep getting a little message rising up from the task bar saying that my anti virus auto protection has been disabled. When I open the AV it doesn't appear to be disabled. Normally when it is disabled, there is circle with a slash through it over the Symantec gold shield icon. Other than that, everything appears to be back to normal.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 06 January 2009 - 10:13 AM

Can you give me a screenshot of it?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 markgui

markgui
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisiana
  • Local time:11:57 PM

Posted 06 January 2009 - 10:33 AM

I tried to but for some reason it wouldn't take. It only does it about 10-15 minutes after startup or restart. I have opened the anti virus numerous times after I'd get that message and nothing in the settings indicates that it has been disabled.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 06 January 2009 - 11:12 AM

Its hard for me to tell what actually is that without screenshot.. Your last log looks clean to me..

Can you uninstall >> reinstall your Antivirus and observe?..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 12 January 2009 - 03:15 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users