Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Problem (Vundo.dll) And a few others I do not know of


  • This topic is locked This topic is locked
25 replies to this topic

#1 Sypporrah

Sypporrah

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 04 April 2009 - 11:03 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by user at 23:54:38.92 on Sat 04/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1227 [GMT -4:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\dlbucoms.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {518dcdc1-48a4-4f00-a813-1865bf72c4a7} - c:\windows\system32\wativuki.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [yulorusuyu] Rundll32.exe "c:\windows\system32\mutelupo.dll",s
mRun: [d4ff8cd0] rundll32.exe "c:\windows\system32\lojulizi.dll",b
mRun: [CPMd7ccbf4c] Rundll32.exe "c:\windows\system32\yetisono.dll",a
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15033/CTPID.cab
AppInit_DLLs: c:\windows\system32\kavekatu.dll c:\windows\system32\nadodite.dll c:\windows\system32\yetisono.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yetisono.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\yetisono.dll
LSA: Notification Packages = scecli c:\windows\system32\nadodite.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yvjl29yq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll

============= SERVICES / DRIVERS ===============

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
S1 naeqporu;naeqporu;c:\windows\system32\drivers\naeqporu.sys [2009-4-3 28320]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\AmdTools.sys [?]
S3 GzOCBus;CHMC GzOne Boulder USB Composite device driver;c:\windows\system32\drivers\gzocbus.sys --> c:\windows\system32\drivers\GzOCBus.sys [?]
S3 GzOCMdm;CHMC GzOne Boulder CDMA USB Modem;c:\windows\system32\drivers\gzocmdm.sys --> c:\windows\system32\drivers\GzOCMdm.sys [?]
S3 GzOCVsp;CHMC GzOne Boulder USB Virtual Serial Port Driver;c:\windows\system32\drivers\gzocvsp.sys --> c:\windows\system32\drivers\GzOCVsp.sys [?]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys --> c:\windows\system32\drivers\p17filt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\xdva158.sys --> c:\windows\system32\XDva158.sys [?]
S4 vsdatant;vsdatant; [x]
UnknownUnknown bcqicmiv;bcqicmiv; [x]

=============== Created Last 30 ================

2009-04-03 16:23 28,320 a------- c:\windows\system32\drivers\naeqporu.sys
2009-04-03 15:30 1,422,816 ---sh--- c:\windows\system32\izilujol.ini
2009-04-03 02:30 1,418,365 ---sh--- c:\windows\system32\usivabiy.ini
2009-04-02 14:30 121 ---sh--- c:\windows\system32\evujineh.ini
2009-04-02 01:28 1,418,378 ---sh--- c:\windows\system32\odokarap.ini
2009-04-01 13:28 1,418,338 ---sh--- c:\windows\system32\iyuzoper.ini
2009-04-01 01:28 <DIR> --d----- c:\program files\Trend Micro
2009-04-01 01:28 1,418,325 ---sh--- c:\windows\system32\izijilih.ini
2009-03-30 13:27 121 ---sh--- c:\windows\system32\ilusudem.ini
2009-03-30 12:07 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-30 12:07 <DIR> --d----- c:\docume~1\user\applic~1\HouseCall 6.6
2009-03-30 01:27 122 ---sh--- c:\windows\system32\akuhezof.ini
2009-03-29 15:17 <DIR> --d----- c:\program files\CCleaner
2009-03-29 15:17 385 a------- c:\windows\wininit.ini
2009-03-29 13:27 0 a------- C:\lxdwn.exe
2009-03-29 13:27 0 a------- C:\gldmo.exe
2009-03-29 13:27 0 a------- C:\aoqckrns.exe
2009-03-29 13:27 0 a------- C:\ajtbyh.exe
2009-03-29 13:27 0 a------- C:\-721449857
2009-03-15 14:51 552 a------- c:\windows\system32\DO_NOT_DELETE.backupSetID
2009-03-11 16:23 <DIR> --d----- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-04-04 15:31 61,440 a--sh--- c:\windows\system32\dujoyuma.exe
2009-04-04 03:31 61,440 a--sh--- c:\windows\system32\tokivafa.exe
2009-04-03 15:30 106,496 a--sh--- c:\windows\system32\yetisono.dll
2009-04-03 15:30 99,328 a--sh--- c:\windows\system32\lojulizi.dll
2009-04-03 14:31 69,120 a--sh--- c:\windows\system32\zetoyago.dll
2009-04-03 14:30 61,440 a--sh--- c:\windows\system32\pimofidu.exe
2009-04-03 02:30 61,440 a--sh--- c:\windows\system32\pirazamo.exe
2009-04-02 14:30 61,440 a--sh--- c:\windows\system32\sabafiru.exe
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-06-05 09:56 16,325 a------- c:\program files\CHARTER
2008-06-04 17:21 6,072 a------- c:\program files\install.log
2008-06-04 13:08 22,328 a------- c:\docume~1\user\applic~1\PnkBstrK.sys
2008-02-16 18:05 262,144 a------- c:\program files\Uninstall Spy Blocker.dll
2009-01-03 14:31 69,120 a--sh--- c:\windows\system32\mutelupo.dll
2009-01-03 14:31 69,120 a--sh--- c:\windows\system32\nadodite.dll
2009-01-03 14:31 69,120 a--sh--- c:\windows\system32\wativuki.dll
2008-08-15 03:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081520080816\index.dat

============= FINISH: 23:56:24.51 ===============





The problem I am experiancing started about a week ago. My computer started to have Windows Live Care Automatic Updates turned off automaticly. I have run Spy Bot Search and Destroy, IOBit Advanced System Care, Ad-Aware, CCleaner, Windows Live One Care, and Home Call (Trend Micro's Online Scan/Cleaner) to no avail to remove the bugs on my system. I am at my wits end. I wish I could tell you the exact names of the ones that have been listed, but I do not know them offhand. One is Vundo.dll. Another was win32/fakeinit. I can't seem to remember the others. Please help!

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 13 April 2009 - 05:38 PM

Hello.

We will start off with Combofix.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 16 April 2009 - 03:05 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 Sypporrah

Sypporrah
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 17 April 2009 - 07:33 PM

Sorry for taking so long to reply, work has caused my computer time to become slightly limited, I have done as you mentioned with combofix. Will reply with results after this is done.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 17 April 2009 - 09:12 PM

Okay.

Thanks for letting me know then :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Sypporrah

Sypporrah
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 17 April 2009 - 09:58 PM

I ran the program you mentioned, went to dinner because it just presented a blue screen with a flashing cursor, figuring it just took time, got back 2 hours later to see the same screen. I disabled the firewall, antivirus and teatimer before hand (only resident protections I have running) I did not click on the screen as you stated it could cause it to hang. Any other ideas?

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 18 April 2009 - 10:36 AM

Hello.

Try the following.

Delete Combofix.exe you currently have on your desktop.

Re-download it by following the instructions below.

Download and Run ComboFix (Rename Before Saving)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

Posted Image

Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it.

Refer to this page if you are unsure how.

Double click on Combo-Fix.exe & follow the prompts. Note: If Combofix still doesn't run, do the same step above, but this time, rename it to something else like Random.exe and try running it.

When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.

Do not mouseclick the ComboFix window while it's running. That may cause it to stall.

Let me know how it goes.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Sypporrah

Sypporrah
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 18 April 2009 - 05:02 PM

That seems to have worked. Was able to get the program to run.
Here is copy of the report.

ComboFix 09-04-19.01 - user 04/18/2009 17:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1274 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\Extreme.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\program files\INSTALL.LOG
c:\windows\system32\43yt04yq.exe.a_a
c:\windows\system32\akuhezof.ini
c:\windows\system32\d3R75py8.exe.a_a
c:\windows\system32\evujineh.ini
c:\windows\system32\ezepuron.ini
c:\windows\system32\ilusudem.ini
c:\windows\system32\iyuzoper.ini
c:\windows\system32\izijilih.ini
c:\windows\system32\izilujol.ini
c:\windows\system32\jodenosi.dll
c:\windows\system32\kapekabo.dll
c:\windows\system32\odokarap.ini
c:\windows\system32\usivabiy.ini
c:\windows\system32\yigekote.dll
c:\windows\system32\zamivoru.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 00:52 . 2009-04-18 21:38 -------- d-----w C:\ComboFix
2009-04-17 21:07 . 2009-04-18 21:07 8704 ----a-w c:\windows\instsp2.exe
2009-04-16 07:00 . 2009-04-16 07:03 1374 ----a-w c:\windows\imsins.BAK
2009-04-15 17:49 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 17:49 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 17:49 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 17:49 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 17:49 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 17:49 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 17:49 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 17:49 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 17:49 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 17:49 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 17:49 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 17:49 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-03 20:23 . 2009-04-03 20:23 28320 ----a-w c:\windows\system32\drivers\naeqporu.sys
2009-04-01 05:28 . 2009-04-01 05:28 -------- d-----w c:\program files\Trend Micro
2009-03-30 16:07 . 2007-12-24 21:37 138384 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-30 16:07 . 2009-03-31 19:12 -------- d-----w c:\documents and settings\user\Application Data\HouseCall 6.6
2009-03-29 19:17 . 2009-03-29 19:18 -------- d-----w c:\program files\CCleaner
2009-03-29 19:17 . 2009-03-31 19:43 385 ----a-w c:\windows\wininit.ini
2009-03-29 17:27 . 2009-03-29 17:27 0 ----a-w C:\lxdwn.exe
2009-03-29 17:27 . 2009-03-29 17:27 0 ----a-w C:\gldmo.exe
2009-03-29 17:27 . 2009-03-29 17:27 0 ----a-w C:\aoqckrns.exe
2009-03-29 17:27 . 2009-03-29 17:27 0 ----a-w C:\ajtbyh.exe
2009-03-29 17:27 . 2009-03-29 17:27 0 ----a-w C:\-721449857
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 21:07 . 2009-02-24 07:04 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-18 21:07 . 2009-01-18 21:07 99328 --sha-w c:\windows\system32\kerebodi.dll
2009-04-18 21:07 . 2009-01-18 21:07 63488 --sha-w c:\windows\system32\tuweseje.exe
2009-04-18 21:07 . 2009-01-18 21:07 108032 --sha-w c:\windows\system32\vosorudi.dll
2009-04-18 09:07 . 2009-01-18 09:07 99328 ------w c:\windows\system32\norupeze.dll
2009-04-18 09:07 . 2009-01-18 09:07 108032 --sha-w c:\windows\system32\toyuwipi.dll
2009-04-18 09:07 . 2009-01-18 09:07 63488 --sha-w c:\windows\system32\funerevu.exe
2009-04-18 00:34 . 2008-07-24 03:53 -------- d-----w c:\documents and settings\user\Application Data\uTorrent
2009-04-17 21:07 . 2009-01-17 21:07 99328 --sha-w c:\windows\system32\suwunahe.dll
2009-04-17 21:07 . 2009-01-17 21:07 63488 --sha-w c:\windows\system32\zukogulu.exe
2009-04-17 21:07 . 2009-01-17 21:07 108032 --sha-w c:\windows\system32\debabawe.dll
2009-04-17 20:53 . 2009-01-17 01:24 148 ----a-w C:\tomsteady.ini
2009-04-17 06:03 . 2008-01-07 20:44 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-10 17:56 . 2008-11-14 04:49 -------- d-----w c:\program files\SecondLife
2009-04-10 17:50 . 2008-12-05 21:00 24 ----a-w C:\url_history.xml
2009-04-07 02:25 . 2009-04-07 00:49 519 ----a-w C:\Connector-2009-04-06.log
2009-04-05 19:51 . 2009-04-05 19:51 173 ----a-w C:\Connector-2009-04-05.log
2009-04-04 21:10 . 2009-04-04 17:33 519 ----a-w C:\Connector-2009-04-04.log
2009-04-04 03:15 . 2009-04-03 05:50 692 ----a-w C:\Connector-2009-04-03.log
2009-04-02 21:14 . 2009-04-02 21:14 173 ----a-w C:\Connector-2009-04-02.log
2009-04-02 06:36 . 2009-04-01 17:51 1038 ----a-w C:\Connector-2009-04-01.log
2009-04-01 03:45 . 2009-04-01 03:25 519 ----a-w C:\Connector-2009-03-31.log
2009-03-30 20:12 . 2007-12-14 21:38 -------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-03-30 18:50 . 2009-03-30 06:55 346 ----a-w C:\Connector-2009-03-30.log
2009-03-30 01:28 . 2009-03-29 17:04 865 ----a-w C:\Connector-2009-03-29.log
2009-03-29 19:26 . 2008-04-02 08:26 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-29 19:18 . 2009-02-04 07:28 -------- d-----w c:\documents and settings\user\Application Data\IObit
2009-03-29 19:18 . 2008-04-25 18:08 -------- d-----w c:\program files\IObit
2009-03-29 19:01 . 2008-04-02 08:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 02:02 . 2009-03-28 04:54 346 ----a-w C:\Connector-2009-03-28.log
2009-03-27 18:53 . 2009-03-27 18:53 173 ----a-w C:\Connector-2009-03-27.log
2009-03-27 02:15 . 2009-03-27 02:15 173 ----a-w C:\Connector-2009-03-26.log
2009-03-26 05:11 . 2008-03-10 04:59 63410 ----a-w C:\logfile
2009-03-26 03:29 . 2009-03-26 03:29 173 ----a-w C:\Connector-2009-03-25.log
2009-03-26 01:54 . 2009-03-26 01:53 4916 ----a-w C:\WinSSEvent.log
2009-03-26 01:54 . 2009-03-26 01:53 0 ----a-w C:\SystemEvent.log
2009-03-16 07:45 . 2009-03-16 07:45 173 ----a-w C:\Connector-2009-03-16.log
2009-03-15 04:07 . 2009-03-15 01:42 1384 ----a-w C:\Connector-2009-03-14.log
2009-03-14 07:39 . 2009-03-14 03:48 692 ----a-w C:\Connector-2009-03-13.log
2009-03-12 20:37 . 2009-03-03 10:40 -------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-03-12 04:16 . 2009-03-12 01:58 865 ----a-w C:\Connector-2009-03-11.log
2009-03-10 05:58 . 2009-03-10 05:58 173 ----a-w C:\Connector-2009-03-10.log
2009-03-06 14:22 . 2004-10-08 12:01 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 10:41 . 2009-03-03 10:41 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-03 10:40 . 2009-03-03 10:40 -------- d-----w c:\program files\Rosetta Stone
2009-03-03 10:38 . 2009-03-03 10:38 -------- d-----w c:\program files\PowerISO
2009-03-03 00:18 . 2004-10-08 12:01 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 18:43 . 2009-02-28 18:43 -------- d-----w c:\program files\Apple Software Update
2009-02-28 18:43 . 2009-02-28 18:43 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-28 18:43 . 2009-02-28 18:42 -------- d-----w c:\program files\QuickTime
2009-02-28 18:42 . 2009-02-28 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-27 20:39 . 2007-12-10 22:06 171868 ----a-w C:\YServer.txt
2009-02-25 03:53 . 2007-12-11 01:06 130384 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-25 02:45 . 2008-07-02 23:11 -------- d-----w c:\program files\Driver Sweeper
2009-02-25 02:45 . 2008-07-02 21:01 -------- d-----w c:\program files\RivaTuner v2.09
2009-02-25 02:45 . 2007-11-21 04:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 02:44 . 2008-04-05 00:09 -------- d-----w c:\program files\Disk Doctors Data Sanitizer
2009-02-25 02:44 . 2008-04-05 00:05 -------- d-----w c:\program files\Disk Doctors Digital Media Recovery
2009-02-25 02:42 . 2008-07-16 19:20 -------- d-----w c:\program files\Guild Wars
2009-02-24 07:02 . 2008-06-05 18:46 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-24 06:58 . 2009-02-18 17:35 -------- d-----w c:\program files\Google
2009-02-23 04:47 . 2009-01-22 04:42 -------- d-----w c:\program files\CHMC
2009-02-23 04:45 . 2008-07-16 17:44 -------- d--h--r c:\documents and settings\user\Application Data\yahoo!
2009-02-23 04:45 . 2007-12-10 22:06 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-23 04:44 . 2009-02-18 17:34 -------- d-s---w c:\documents and settings\All Users\Application Data\Memeo
2009-02-20 18:09 . 2004-10-08 12:01 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 07:31 . 2008-11-14 04:49 -------- d-----w c:\documents and settings\user\Application Data\SecondLife
2009-02-18 17:34 . 2009-02-18 17:34 -------- d-----w c:\program files\Western Digital
2009-02-18 17:33 . 2009-02-18 17:33 -------- d-----w c:\program files\Western Digital Technologies
2009-02-11 07:26 . 2009-02-11 07:26 178 ----a-w C:\Connector-2009-02-11.log
2009-02-09 12:10 . 2004-10-08 12:01 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-10-08 12:01 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-10-08 12:01 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-10-08 12:01 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-10-08 12:01 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-10-08 12:01 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-10-08 12:01 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-10-08 12:01 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 23:15 . 2009-02-03 21:32 700 ----a-w C:\Connector-2009-02-03.log
2009-02-03 19:59 . 2004-10-08 12:01 56832 ----a-w c:\windows\system32\secur32.dll
2008-06-05 13:56 . 2008-06-03 12:00 16325 ----a-w c:\program files\CHARTER
2008-06-04 17:08 . 2008-03-31 01:18 22328 ----a-w c:\documents and settings\user\Application Data\PnkBstrK.sys
2008-04-25 21:28 . 2008-04-25 21:28 1587087 ----a-w c:\documents and settings\All Users\SPL19C.tmp
2008-03-09 09:26 . 2008-03-09 09:26 2548448 ----a-w c:\documents and settings\All Users\SPL1596.tmp
2008-02-16 22:05 . 2008-07-02 23:18 262144 ----a-w c:\program files\Uninstall Spy Blocker.dll
2009-01-17 21:07 . 2009-01-17 21:07 69120 --sha-w c:\windows\system32\bajibuli.dll.tmp
2009-01-17 21:07 . 2009-01-17 21:07 69120 --sha-w c:\windows\system32\furihepi.dll.tmp
2009-01-17 21:07 . 2009-01-17 21:07 69120 --sha-w c:\windows\system32\nonomaso.dll.vir
2008-08-15 07:49 . 2008-08-15 07:49 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081520080816\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2008-02-22 08:25 509328 ----a-w c:\program files\Java\jre1.6.0_05\bin\ssv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2007-08-30 4670704]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"d4ff8cd0"="c:\windows\system32\norupeze.dll" [2009-04-18 99328]
"CPMd7ccbf4c"="c:\windows\system32\vosorudi.dll" [2009-04-18 108032]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\vosorudi.dll" [2009-04-18 108032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-19 133632]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vosorudi.dll [2009-04-18 108032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\vosorudi.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbucoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Voodoo\\voodoo1.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\SpacialAudio\\SAM2\\SAM2.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=

R1 nmuggzfe;nmuggzfe; [x]
R1 upkqpceb;upkqpceb; [x]
R3 AmdTools;AMD Special Tools Driver; [x]
R3 GzOCBus;CHMC GzOne Boulder USB Composite device driver; [x]
R3 GzOCMdm;CHMC GzOne Boulder CDMA USB Modem; [x]
R3 GzOCVsp;CHMC GzOne Boulder USB Virtual Serial Port Driver; [x]
R3 p17filt;p17filt; [x]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 XDva158;XDva158; [x]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]

.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{518dcdc1-48a4-4f00-a813-1865bf72c4a7} - c:\windows\system32\kapekabo.dll
SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-PostBootReminder-{7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} -
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\msdaipp.dll
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15033/CTPID.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\yvjl29yq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\norupeze.dll
c:\windows\system32\vosorudi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\system32\Crypserv.exe
c:\windows\system32\dlbucoms.exe
c:\mysql\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-04-18 17:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 21:48

Pre-Run: 198,496,903,168 bytes free
Post-Run: 198,470,291,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

321 --- E O F --- 2009-04-16 07:03

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 18 April 2009 - 05:40 PM

Hello.

We will continue. One program I need to warn you about (P2P)..

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.


Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    KillAll::
    
    http://www.bleepingcomputer.com/forums/t/216896/malware-problem-vundodll-and-a-few-others-i-do-not-know-of/
    Collect::
    c:\windows\system32\drivers\naeqporu.sys
    c:\windows\system32\kerebodi.dll
    c:\windows\system32\tuweseje.exe
    c:\windows\system32\vosorudi.dll
    c:\windows\system32\norupeze.dll
    c:\windows\system32\toyuwipi.dll
    c:\windows\system32\funerevu.exe
    c:\windows\system32\suwunahe.dll
    c:\windows\system32\zukogulu.exe
    c:\windows\system32\debabawe.dll
    File::
    C:\lxdwn.exe
    C:\gldmo.exe
    C:\aoqckrns.exe
    C:\ajtbyh.exe
    C:\-721449857
    c:\windows\system32\bajibuli.dll.tmp
    c:\windows\system32\furihepi.dll.tmp
    c:\windows\system32\nonomaso.dll.vir
    FileLook::
    C:\tomsteady.ini
    Folder::
    c:\documents and settings\user\Application Data\uTorrent
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "d4ff8cd0"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SSODL"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000000
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
    Driver::
    nmuggzfe
    upkqpceb
    AmdTools
    GzOCBus
    GzOCMdm
    GzOCVsp
    p17filt
    SetupNTGLM7X
    XDva158
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Upload Samples by ComboFix

When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.
  • Important: Ensure you are connected to the internet before clicking OK on the message box.
  • A blue-screen would appear auto-uploading the zipped file I requested.
  • After the uploading is done you should see a message near the bottom saying "Upload was Succesfull".
**NOTE**
=================
  • IF for some reason Combofix fails to upload anything please do the following:
  • Go to Start >> My Computer > C:\
  • Then Navigate to the C:\Qoobox\Quarantine folder.
  • Find the archive zip file called "[4]-Submit_Date_Time.zip"
  • Simply go to This Channel and upload the submit.zip archive file to me.
  • Follow the instructions on that page to copy/paste/send the requested file.
Let me know how it goes and if the upload went successfully or not in your next reply.

Once Combofix is complete, run Malwarebytes Anti-Malware.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with:
-Did the upload go fine?
-Combofix log
-MBAM log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 21 April 2009 - 02:57 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Sypporrah

Sypporrah
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 22 April 2009 - 12:51 AM

ComboFix 09-04-19.01 - user 04/22/2009 1:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1448 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point

FILE ::
C:\-721449857
C:\ajtbyh.exe
C:\aoqckrns.exe
C:\gldmo.exe
C:\lxdwn.exe
c:\windows\system32\bajibuli.dll.tmp
c:\windows\system32\furihepi.dll.tmp
c:\windows\system32\nonomaso.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-721449857
C:\ajtbyh.exe
C:\aoqckrns.exe
c:\documents and settings\user\Application Data\uTorrent
c:\documents and settings\user\Application Data\uTorrent\((CHRISTIAN MUSIC)PT) Casting Crowns - Casting Crowns.torrent
c:\documents and settings\user\Application Data\uTorrent\((CHRISTIAN MUSIC)PT) Jeremy Camp - Beyond Measure [2006].torrent
c:\documents and settings\user\Application Data\uTorrent\((CHRISTIAN MUSIC)PT) Kirk Franklin- Fight Of My Life.torrent
c:\documents and settings\user\Application Data\uTorrent\(2000) Electric Light Orchestra - Flashback [3 CD Box Set].torrent
c:\documents and settings\user\Application Data\uTorrent\[TheStrongesT][brazukas.org]Christina Aguilera - Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\101 Love Songs 2008.torrent
c:\documents and settings\user\Application Data\uTorrent\Absolute Golden Oldies 2-CD-2006.torrent
c:\documents and settings\user\Application Data\uTorrent\Akon-Freedom-2008-[NoFS].torrent
c:\documents and settings\user\Application Data\uTorrent\Akon feat. Kardinal Offishall - Dangerous.torrent
c:\documents and settings\user\Application Data\uTorrent\Anberlin-Lost_Songs-2007-pLAN9.torrent
c:\documents and settings\user\Application Data\uTorrent\Apocalyptica - Worlds Collide (Special Edition 2007) - Hard Rock .(www.lokotorrents.com).torrent
c:\documents and settings\user\Application Data\uTorrent\APOCALYPTICA Discografia (www.heavytorrents.org).torrent
c:\documents and settings\user\Application Data\uTorrent\Backstreet Boys-Greatest Hits-Chapter One-2001-MP3.torrent
c:\documents and settings\user\Application Data\uTorrent\Backstreet Boys Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Backstreet Boys.torrent
c:\documents and settings\user\Application Data\uTorrent\Barry_White_And_Friends-White_Collection-(WHITE213)-2CD-2008-WRE.torrent
c:\documents and settings\user\Application Data\uTorrent\Best Belly Dance Album in the World... Ever 1999.torrent
c:\documents and settings\user\Application Data\uTorrent\Big Daddy Weave - What Life Would Be Like [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\Billboard 2008 Year End Top 100 Charts (Pop 100 and Hot 100) 224kbs.torrent
c:\documents and settings\user\Application Data\uTorrent\Blackmore's Night.torrent
c:\documents and settings\user\Application Data\uTorrent\Blake_Shelton-Pure_BS-(Deluxe_Edition)-2008-EON.1.torrent
c:\documents and settings\user\Application Data\uTorrent\Blake_Shelton-Pure_BS-(Deluxe_Edition)-2008-EON.torrent
c:\documents and settings\user\Application Data\uTorrent\Blindside.torrent
c:\documents and settings\user\Application Data\uTorrent\Boondock Saints OST.torrent
c:\documents and settings\user\Application Data\uTorrent\Breaking Benjamin - 3 albums - discography 2006.torrent
c:\documents and settings\user\Application Data\uTorrent\Britney Spears - Circus (2008).torrent
c:\documents and settings\user\Application Data\uTorrent\Buckcherry-Black_Butterfly-2008-ROCKNROLL.torrent
c:\documents and settings\user\Application Data\uTorrent\Carman - the Heart Of A Champion (two disc set).1.torrent
c:\documents and settings\user\Application Data\uTorrent\Carman - the Heart Of A Champion (two disc set).torrent
c:\documents and settings\user\Application Data\uTorrent\CARRIE UNDERWOOD - 2 ALBUMS [CHANNEL NEO].torrent
c:\documents and settings\user\Application Data\uTorrent\Casting Crowns - The Altar And The Door - 2007.torrent
c:\documents and settings\user\Application Data\uTorrent\Chillout Moods.8 CD`s + Bonus CD.Btz.torrent
c:\documents and settings\user\Application Data\uTorrent\christian RAP-HIPHOP.1.torrent
c:\documents and settings\user\Application Data\uTorrent\christian RAP-HIPHOP.torrent
c:\documents and settings\user\Application Data\uTorrent\Christina Aguilera - Deluxe Edition (2008).torrent
c:\documents and settings\user\Application Data\uTorrent\Christina Aguilera - Keeps Gettin Better [2008] 192kbps.torrent
c:\documents and settings\user\Application Data\uTorrent\Coldplay - Viva La Vida (2008)Incl Special EditionNLT-Release.torrent
c:\documents and settings\user\Application Data\uTorrent\Creedence.Clearwater.Revival-36.Greatest.Hits[www.firstdown.nl].torrent
c:\documents and settings\user\Application Data\uTorrent\Dark Horse.torrent
c:\documents and settings\user\Application Data\uTorrent\Daughtry - Daughtry (Full Album).torrent
c:\documents and settings\user\Application Data\uTorrent\DC Talk.torrent
c:\documents and settings\user\Application Data\uTorrent\Decades - 50s 60s 70s 80s 90s [22 Albums] - Part 1 of 3.torrent
c:\documents and settings\user\Application Data\uTorrent\Decades - 50s 60s 70s 80s 90s [22 Albums] - Part 2.torrent
c:\documents and settings\user\Application Data\uTorrent\Decades - 50s 60s 70s 80s 90s [22 Albums] - Part 3.torrent
c:\documents and settings\user\Application Data\uTorrent\Decyfer.Down-End.Of.Grey(uploaded by PJ).torrent
c:\documents and settings\user\Application Data\uTorrent\Deepfield.1.torrent
c:\documents and settings\user\Application Data\uTorrent\Deepfield.torrent
c:\documents and settings\user\Application Data\uTorrent\Delirious - Kingdom Of Confort [2008].1.torrent
c:\documents and settings\user\Application Data\uTorrent\Delirious - Kingdom Of Confort [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\dht.dat
c:\documents and settings\user\Application Data\uTorrent\dht.dat.old
c:\documents and settings\user\Application Data\uTorrent\Disney's Greatest Hits.torrent
c:\documents and settings\user\Application Data\uTorrent\Disturbed - Indestructible [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\Disturbed Discography(All albums and songs).torrent
c:\documents and settings\user\Application Data\uTorrent\Dixie Chicks -Taking The Long Way [2006][CD+SkidVid+Cov].torrent
c:\documents and settings\user\Application Data\uTorrent\DJ_Drama_And_Lil_Wayne-Dedication_3_(Gangsta_Grillz_Edition)-2008-MIXFIEND.torrent
c:\documents and settings\user\Application Data\uTorrent\Dragonforce - Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Drowning Pool.torrent
c:\documents and settings\user\Application Data\uTorrent\Earshot - 2 Albums [CHANNEL NEO].torrent
c:\documents and settings\user\Application Data\uTorrent\Enigma_-_Incommutabilis-The_Singles_Collection-2008-2CD-WEB.torrent
c:\documents and settings\user\Application Data\uTorrent\Evanescence Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\EVE 6 - 3 Albums [CHANNEL NEO].torrent
c:\documents and settings\user\Application Data\uTorrent\Fall Out Boy - Infinity On High [2007][CD+SkidVid+Cov].torrent
c:\documents and settings\user\Application Data\uTorrent\Family Force 5 - Business Up Front Party In The Back (2006).torrent
c:\documents and settings\user\Application Data\uTorrent\Family Force 5 - Dance Or Die (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\user\Application Data\uTorrent\Finger Eleven - Greatest Hits (1998-2008).torrent
c:\documents and settings\user\Application Data\uTorrent\Fireflight.torrent
c:\documents and settings\user\Application Data\uTorrent\Flyleaf-Much_Like_Falling-(EP)-2008-SSR.torrent
c:\documents and settings\user\Application Data\uTorrent\Flyleaf - Flyleaf.torrent
c:\documents and settings\user\Application Data\uTorrent\Framing Hanley The Moment-2008 ?FlingZulu?.torrent
c:\documents and settings\user\Application Data\uTorrent\Genesis Discography 1969-1997 (23 albums).torrent
c:\documents and settings\user\Application Data\uTorrent\GodSmack Discography 5 full length cds! HHI VBRMP3.torrent
c:\documents and settings\user\Application Data\uTorrent\Grits - Reiterate [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\Hairspray [2007 Original Soundtrack].1.torrent
c:\documents and settings\user\Application Data\uTorrent\Hairspray [2007 Original Soundtrack].torrent
c:\documents and settings\user\Application Data\uTorrent\Hannah Montana 2 - Meet Miley Cyrus.torrent
c:\documents and settings\user\Application Data\uTorrent\Hans Zimmer - The Prince of Egypt.torrent
c:\documents and settings\user\Application Data\uTorrent\Hawk Nelson.torrent
c:\documents and settings\user\Application Data\uTorrent\Hawk_Nelson-Hawk_Nelson_Is_My_Friend-(Special_Edition)-2008-EON.torrent
c:\documents and settings\user\Application Data\uTorrent\Hinder - Lips Of An Angel.MP3.torrent
c:\documents and settings\user\Application Data\uTorrent\Inkubus Sukkubus.1.torrent
c:\documents and settings\user\Application Data\uTorrent\inkubus Sukkubus.torrent
c:\documents and settings\user\Application Data\uTorrent\Inkubus_Sukkubus-Science_And_Nature-2007-FWYH.torrent
c:\documents and settings\user\Application Data\uTorrent\Janet Jackson - Discipline [2008][CD+SkidVid_XviD+Cov].1.torrent
c:\documents and settings\user\Application Data\uTorrent\Janet Jackson - Discipline [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\user\Application Data\uTorrent\Joi Gilliam Discography.1.torrent
c:\documents and settings\user\Application Data\uTorrent\Joi Gilliam Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Jonah33.torrent
c:\documents and settings\user\Application Data\uTorrent\Jonas Brothers _ A Little Bit Longer.rar.torrent
c:\documents and settings\user\Application Data\uTorrent\Jordan Sparks feat. Chris Brown - No Air.mp3.torrent
c:\documents and settings\user\Application Data\uTorrent\Juno Soundtrack.torrent
c:\documents and settings\user\Application Data\uTorrent\kayne west - Graduation.torrent
c:\documents and settings\user\Application Data\uTorrent\Kenny Chesney.torrent
c:\documents and settings\user\Application Data\uTorrent\Kevin Rudolf - In The City [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\user\Application Data\uTorrent\Kid Rock Collection.torrent
c:\documents and settings\user\Application Data\uTorrent\Kid_Rock-All_Summer_Long-(CDM)-2008-gnvr.torrent
c:\documents and settings\user\Application Data\uTorrent\KJ-52 Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\KoRn.torrent
c:\documents and settings\user\Application Data\uTorrent\Kutless - To Know That You're Alive [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\Lacuna Coil.torrent
c:\documents and settings\user\Application Data\uTorrent\languages.torrent
c:\documents and settings\user\Application Data\uTorrent\Lara Fabian.torrent
c:\documents and settings\user\Application Data\uTorrent\LeCrae.torrent
c:\documents and settings\user\Application Data\uTorrent\Leona Lewis-Spirit (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\user\Application Data\uTorrent\Letters To The President.7z.torrent
c:\documents and settings\user\Application Data\uTorrent\Lifehouse-Who_We_Are-(Deluxe_Edition)-2CD-2008-XXL.torrent
c:\documents and settings\user\Application Data\uTorrent\Lil' Louis - French Kiss.torrent
c:\documents and settings\user\Application Data\uTorrent\Lil Wayne - Tha Carter III (Deluxe Edition).torrent
c:\documents and settings\user\Application Data\uTorrent\Lil Wayne - Tha Carter III (Instrumentals).torrent
c:\documents and settings\user\Application Data\uTorrent\Linkin Park - Minutes To Midnight [2007][CD+SkidVid+Cov].torrent
c:\documents and settings\user\Application Data\uTorrent\Live.torrent
c:\documents and settings\user\Application Data\uTorrent\Loreena McKennitt Complette++ Discografia 1985-2006.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost Boys, The (1987).torrent
c:\documents and settings\user\Application Data\uTorrent\Machines of Loving Grace discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Manafest - Glory [2006].torrent
c:\documents and settings\user\Application Data\uTorrent\Mariah Carey - Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Maroon 5-It Wont Be Soon Before Long[2007][CD+SkidVid+Cov].torrent
c:\documents and settings\user\Application Data\uTorrent\Massive Attack.torrent
c:\documents and settings\user\Application Data\uTorrent\Matthew West [Discography].torrent
c:\documents and settings\user\Application Data\uTorrent\Mediaeval Baebes - The Rose.torrent
c:\documents and settings\user\Application Data\uTorrent\Mediaeval Baebes.torrent
c:\documents and settings\user\Application Data\uTorrent\Muse.torrent
c:\documents and settings\user\Application Data\uTorrent\My Chemical Romance.torrent
c:\documents and settings\user\Application Data\uTorrent\My_Chemical_Romance-The_Black_Parade_Is_Dead-2008-MYCHEMiCALROMANCE.torrent
c:\documents and settings\user\Application Data\uTorrent\Natasha Bedingfield - Pocketful Of Sunshine (2008) Dance.torrent
c:\documents and settings\user\Application Data\uTorrent\Nickelback-Dark_Horse-2008-QTXMp3.torrent
c:\documents and settings\user\Application Data\uTorrent\Nickleback - All The Right Reasons.torrent
c:\documents and settings\user\Application Data\uTorrent\Nickleback - Greatest Hits.torrent
c:\documents and settings\user\Application Data\uTorrent\Nickleback - silver side up.torrent
c:\documents and settings\user\Application Data\uTorrent\Norma Jean.torrent
c:\documents and settings\user\Application Data\uTorrent\Office 2007-2003 Genuine Advantage (OGA) Cracked [kingbear].torrent
c:\documents and settings\user\Application Data\uTorrent\Oldies Worth A Listen - 1926 to 1956.torrent
c:\documents and settings\user\Application Data\uTorrent\P.O.D.-When_Angels_And_Serpents_Dance-2008-PAYABLEONDEATH.torrent
c:\documents and settings\user\Application Data\uTorrent\Pearl Jam Discography PROPER[h33t][poolpro].torrent
c:\documents and settings\user\Application Data\uTorrent\Pink-Funhouse-2008-PiNK.torrent
c:\documents and settings\user\Application Data\uTorrent\Pink-Im_Not_Dead-2006-OSC.torrent
c:\documents and settings\user\Application Data\uTorrent\Plain White T's - Every Second Counts (2007) (SGTR).torrent
c:\documents and settings\user\Application Data\uTorrent\Praise and worship.1.torrent
c:\documents and settings\user\Application Data\uTorrent\Praise and worship.torrent
c:\documents and settings\user\Application Data\uTorrent\Puddle of Mudd Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Pussycat_Dolls_-_Doll_Domination_(Deluxe_Edition)-2CD-2008-MOD.torrent
c:\documents and settings\user\Application Data\uTorrent\Rascal Flatts Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\REBECCA LYNN HOWARD.torrent
c:\documents and settings\user\Application Data\uTorrent\Red- End Of Silence (Deluxe Edition)-2007-256k.torrent
c:\documents and settings\user\Application Data\uTorrent\Relient K Piano Tribute [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\Remixes.torrent
c:\documents and settings\user\Application Data\uTorrent\resume.dat
c:\documents and settings\user\Application Data\uTorrent\resume.dat.old
c:\documents and settings\user\Application Data\uTorrent\Rev Theory - Voices.torrent
c:\documents and settings\user\Application Data\uTorrent\Reveille Laced and Bleed the Sky.torrent
c:\documents and settings\user\Application Data\uTorrent\Rocky Horror Picture Show Albums.torrent
c:\documents and settings\user\Application Data\uTorrent\rss.dat
c:\documents and settings\user\Application Data\uTorrent\rss.dat.old
c:\documents and settings\user\Application Data\uTorrent\Sanctus Real - We Need Each Other (2008).torrent
c:\documents and settings\user\Application Data\uTorrent\Saving_Abel-Saving_Abel-2008-EON.torrent
c:\documents and settings\user\Application Data\uTorrent\Seether - Complete Discography (2000-2007 6 Albums).torrent
c:\documents and settings\user\Application Data\uTorrent\settings.dat
c:\documents and settings\user\Application Data\uTorrent\settings.dat.old
c:\documents and settings\user\Application Data\uTorrent\Shapeshifter.torrent
c:\documents and settings\user\Application Data\uTorrent\Shinedown - The Sound Of Madness - Limited Edition [Broken Promises].torrent
c:\documents and settings\user\Application Data\uTorrent\Shiny_Toy_Guns-Season_Of_Poison-2008-FNT.torrent
c:\documents and settings\user\Application Data\uTorrent\Simon&Garfunkel-Greatest Hits.torrent
c:\documents and settings\user\Application Data\uTorrent\SIMPLE PLAN - 3 ALBUMS [CHANNEL NEO].torrent
c:\documents and settings\user\Application Data\uTorrent\Skillet.torrent
c:\documents and settings\user\Application Data\uTorrent\Sleeping Giant - Dread Champions Of The Last Days.torrent
c:\documents and settings\user\Application Data\uTorrent\Slipknot - All Hope Is Gone [Special Edition] [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\Snoop_Dogg-Ego_Trippin-(Explicit)-(RapGodFathers.com).torrent
c:\documents and settings\user\Application Data\uTorrent\Stabbing Westward.torrent
c:\documents and settings\user\Application Data\uTorrent\Staind-The_Illusion_Of_Progress-2008-iFA.torrent
c:\documents and settings\user\Application Data\uTorrent\Static - X.torrent
c:\documents and settings\user\Application Data\uTorrent\Story Of The Year - 3 Albums [CHANNEL NEO].torrent
c:\documents and settings\user\Application Data\uTorrent\Sugarland - Love On The Inside (Deluxe Edition 2008) - Country.torrent
c:\documents and settings\user\Application Data\uTorrent\Superchick - Rock What You Got [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\Terri_Clark-The_Best_Of_Terri_Clark-2008-XXL.torrent
c:\documents and settings\user\Application Data\uTorrent\The Doors - Box Set.torrent
c:\documents and settings\user\Application Data\uTorrent\The Medieval Babes - Undrentide.torrent
c:\documents and settings\user\Application Data\uTorrent\The Pussycat Dolls-When I Grow Up-(Single)-2008-SKiRMY.torrent
c:\documents and settings\user\Application Data\uTorrent\The Very Best Of Movie Soundtrack.torrent
c:\documents and settings\user\Application Data\uTorrent\Theatres Des Vampires.torrent
c:\documents and settings\user\Application Data\uTorrent\THOUSAND FOOT KRUTCH - DISCOGRAPHY [CHANNEL NEO].torrent
c:\documents and settings\user\Application Data\uTorrent\Three Days Grace - Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Toby Keith - 35 Biggest Hits (2008) - Country [www.torrentazos.com].torrent
c:\documents and settings\user\Application Data\uTorrent\Toby Mac - Alive and Transported [2008].torrent
c:\documents and settings\user\Application Data\uTorrent\Tool - Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Top 250 Hits of the 90s.torrent
c:\documents and settings\user\Application Data\uTorrent\TOP 40 Mainstream Rock 2008-11-29 - Torrent Tatty Feat Billboard @224.torrent
c:\documents and settings\user\Application Data\uTorrent\Top 40 singles Uk 22 03 2009 DHZ Inc Release.torrent
c:\documents and settings\user\Application Data\uTorrent\Top 40 singles Uk 25 01 2009 DHZ Inc Release.torrent
c:\documents and settings\user\Application Data\uTorrent\Top 40 singles USA 24 01 2009 DHZ Inc Release.torrent
c:\documents and settings\user\Application Data\uTorrent\Top 500 Country Music Songs.torrent
c:\documents and settings\user\Application Data\uTorrent\Trace_Adkins-American_Man_Greatest_Hits_Vol_2-2007-TRACEADKiNS.torrent
c:\documents and settings\user\Application Data\uTorrent\Trapt Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\Twilight [Soundtrack] [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\user\Application Data\uTorrent\Type O Negative - October Rust.1.torrent
c:\documents and settings\user\Application Data\uTorrent\Type O Negative - October Rust.torrent
c:\documents and settings\user\Application Data\uTorrent\UK Top 40 [2009-03-01] (SħA) [320].torrent
c:\documents and settings\user\Application Data\uTorrent\UNDERGROUND OLDIES.torrent
c:\documents and settings\user\Application Data\uTorrent\utorrent.lng
c:\documents and settings\user\Application Data\uTorrent\VA-Club_Hits_2008_(Best_of_Dance_House_Electro_Trance_and_Techno)-WEB-2008-VOiCE.1.torrent
c:\documents and settings\user\Application Data\uTorrent\VA-Club_Hits_2008_(Best_of_Dance_House_Electro_Trance_and_Techno)-WEB-2008-VOiCE.torrent
c:\documents and settings\user\Application Data\uTorrent\VA-Country_Hits_2009-2008-C4.torrent
c:\documents and settings\user\Application Data\uTorrent\VA-Lost_Boys-The_Tribe-(OST)-2008-(Kingdom-music by Bob White).torrent
c:\documents and settings\user\Application Data\uTorrent\VA-Lost_Boys-The_Tribe-(OST)-2008-XXL.torrent
c:\documents and settings\user\Application Data\uTorrent\VA-New_And_Lateest_Instrumentals_(Part_1)-2007-DjNilo.torrent
c:\documents and settings\user\Application Data\uTorrent\VA - Best of the 70s [2CDs][Oldies][2008].www.lokotorrents.com.torrent
c:\documents and settings\user\Application Data\uTorrent\VA.-.Erasure.Pop!.Remixed.(2009).LanzamientosMp3.es.torrent
c:\documents and settings\user\Application Data\uTorrent\VA.-.Popcorn.Mega.Dance.Hits.1.2CDs.(2009).TOP.40.LanzamientosMp3.es.torrent
c:\documents and settings\user\Application Data\uTorrent\VA.-.Summer.Remix.2CDs.(2009).LanzamientosMp3.es.torrent
c:\documents and settings\user\Application Data\uTorrent\VA.-.Top.40.Hits.And.Dance.(2009).LanzamientosMp3.es.torrent
c:\documents and settings\user\Application Data\uTorrent\VA_-_Trance_Floor_2008-2CD-2008-ZzZz.torrent
c:\documents and settings\user\Application Data\uTorrent\White Zombie + Rob Zombie Discography (Kingdom-music by KloWn).torrent
c:\documents and settings\user\Application Data\uTorrent\WWE Greatest Hits.torrent
c:\documents and settings\user\Application Data\uTorrent\WWE Music (Theme Songs).torrent
c:\documents and settings\user\Application Data\uTorrent\WWE Randy Orton Voices theme.mp3.torrent
c:\documents and settings\user\Application Data\uTorrent\WWE Themes.torrent
c:\documents and settings\user\Application Data\uTorrent\WWE.torrent
C:\gldmo.exe
C:\lxdwn.exe
c:\windows\system32\bajibuli.dll.tmp
c:\windows\system32\debabawe.dll
c:\windows\system32\drivers\naeqporu.sys
c:\windows\system32\ezepuron.ini
c:\windows\system32\funerevu.exe
c:\windows\system32\furihepi.dll.tmp
c:\windows\system32\kerebodi.dll
c:\windows\system32\nonomaso.dll.vir
c:\windows\system32\norupeze.dll
c:\windows\system32\suwunahe.dll
c:\windows\system32\toyuwipi.dll
c:\windows\system32\tuweseje.exe
c:\windows\system32\vosorudi.dll
c:\windows\system32\zukogulu.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUPNTGLM7X
-------\Legacy_XDVA158
-------\Service_AmdTools
-------\Service_GzOCBus
-------\Service_GzOCMdm
-------\Service_GzOCVsp
-------\Service_nmuggzfe
-------\Service_p17filt
-------\Service_SetupNTGLM7X
-------\Service_upkqpceb
-------\Service_XDva158


((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-19 11:03 . 2009-04-19 11:03 552 ----a-w c:\windows\system32\DO_NOT_DELETE.backupSetID
2009-04-18 21:38 . 2009-04-18 21:48 -------- d-----w C:\Extreme
2009-04-16 07:00 . 2009-04-16 07:03 1374 ----a-w c:\windows\imsins.BAK
2009-04-15 17:49 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 17:49 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 17:49 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 17:49 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 17:49 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 17:49 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 17:49 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 17:49 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 17:49 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 17:49 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 17:49 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 17:49 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-01 05:28 . 2009-04-01 05:28 -------- d-----w c:\program files\Trend Micro
2009-03-30 16:07 . 2007-12-24 21:37 138384 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-30 16:07 . 2009-03-31 19:12 -------- d-----w c:\documents and settings\user\Application Data\HouseCall 6.6
2009-03-29 19:17 . 2009-03-29 19:18 -------- d-----w c:\program files\CCleaner
2009-03-29 19:17 . 2009-03-31 19:43 385 ----a-w c:\windows\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 05:30 . 2009-02-24 07:04 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-22 05:27 . 2007-12-10 22:06 63252 ----a-w C:\YServer.txt
2009-04-22 02:28 . 2008-01-07 20:44 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-21 01:35 . 2009-01-17 01:24 148 ----a-w C:\tomsteady.ini
2009-04-10 17:56 . 2008-11-14 04:49 -------- d-----w c:\program files\SecondLife
2009-04-10 17:50 . 2008-12-05 21:00 24 ----a-w C:\url_history.xml
2009-04-07 02:25 . 2009-04-07 00:49 519 ----a-w C:\Connector-2009-04-06.log
2009-04-05 19:51 . 2009-04-05 19:51 173 ----a-w C:\Connector-2009-04-05.log
2009-04-04 21:10 . 2009-04-04 17:33 519 ----a-w C:\Connector-2009-04-04.log
2009-04-04 03:15 . 2009-04-03 05:50 692 ----a-w C:\Connector-2009-04-03.log
2009-04-02 21:14 . 2009-04-02 21:14 173 ----a-w C:\Connector-2009-04-02.log
2009-04-02 06:36 . 2009-04-01 17:51 1038 ----a-w C:\Connector-2009-04-01.log
2009-04-01 03:45 . 2009-04-01 03:25 519 ----a-w C:\Connector-2009-03-31.log
2009-03-30 20:12 . 2007-12-14 21:38 -------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-03-30 18:50 . 2009-03-30 06:55 346 ----a-w C:\Connector-2009-03-30.log
2009-03-30 01:28 . 2009-03-29 17:04 865 ----a-w C:\Connector-2009-03-29.log
2009-03-29 19:26 . 2008-04-02 08:26 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-29 19:18 . 2009-02-04 07:28 -------- d-----w c:\documents and settings\user\Application Data\IObit
2009-03-29 19:18 . 2008-04-25 18:08 -------- d-----w c:\program files\IObit
2009-03-29 19:01 . 2008-04-02 08:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 02:02 . 2009-03-28 04:54 346 ----a-w C:\Connector-2009-03-28.log
2009-03-27 18:53 . 2009-03-27 18:53 173 ----a-w C:\Connector-2009-03-27.log
2009-03-27 02:15 . 2009-03-27 02:15 173 ----a-w C:\Connector-2009-03-26.log
2009-03-26 05:11 . 2008-03-10 04:59 63410 ----a-w C:\logfile
2009-03-26 03:29 . 2009-03-26 03:29 173 ----a-w C:\Connector-2009-03-25.log
2009-03-26 01:54 . 2009-03-26 01:53 4916 ----a-w C:\WinSSEvent.log
2009-03-26 01:54 . 2009-03-26 01:53 0 ----a-w C:\SystemEvent.log
2009-03-16 07:45 . 2009-03-16 07:45 173 ----a-w C:\Connector-2009-03-16.log
2009-03-15 04:07 . 2009-03-15 01:42 1384 ----a-w C:\Connector-2009-03-14.log
2009-03-14 07:39 . 2009-03-14 03:48 692 ----a-w C:\Connector-2009-03-13.log
2009-03-12 20:37 . 2009-03-03 10:40 -------- d-----w c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-03-12 04:16 . 2009-03-12 01:58 865 ----a-w C:\Connector-2009-03-11.log
2009-03-10 05:58 . 2009-03-10 05:58 173 ----a-w C:\Connector-2009-03-10.log
2009-03-06 14:22 . 2004-10-08 12:01 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 10:41 . 2009-03-03 10:41 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-03 10:40 . 2009-03-03 10:40 -------- d-----w c:\program files\Rosetta Stone
2009-03-03 10:38 . 2009-03-03 10:38 -------- d-----w c:\program files\PowerISO
2009-03-03 00:18 . 2004-10-08 12:01 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 18:43 . 2009-02-28 18:43 -------- d-----w c:\program files\Apple Software Update
2009-02-28 18:43 . 2009-02-28 18:43 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-28 18:43 . 2009-02-28 18:42 -------- d-----w c:\program files\QuickTime
2009-02-28 18:42 . 2009-02-28 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-25 03:53 . 2007-12-11 01:06 130384 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-25 02:45 . 2008-07-02 23:11 -------- d-----w c:\program files\Driver Sweeper
2009-02-25 02:45 . 2008-07-02 21:01 -------- d-----w c:\program files\RivaTuner v2.09
2009-02-25 02:45 . 2007-11-21 04:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 02:44 . 2008-04-05 00:09 -------- d-----w c:\program files\Disk Doctors Data Sanitizer
2009-02-25 02:44 . 2008-04-05 00:05 -------- d-----w c:\program files\Disk Doctors Digital Media Recovery
2009-02-25 02:42 . 2008-07-16 19:20 -------- d-----w c:\program files\Guild Wars
2009-02-24 07:02 . 2008-06-05 18:46 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-24 06:58 . 2009-02-18 17:35 -------- d-----w c:\program files\Google
2009-02-23 04:47 . 2009-01-22 04:42 -------- d-----w c:\program files\CHMC
2009-02-23 04:45 . 2008-07-16 17:44 -------- d--h--r c:\documents and settings\user\Application Data\yahoo!
2009-02-23 04:45 . 2007-12-10 22:06 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-23 04:44 . 2009-02-18 17:34 -------- d-s---w c:\documents and settings\All Users\Application Data\Memeo
2009-02-20 18:09 . 2004-10-08 12:01 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-11 07:26 . 2009-02-11 07:26 178 ----a-w C:\Connector-2009-02-11.log
2009-02-09 12:10 . 2004-10-08 12:01 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-10-08 12:01 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-10-08 12:01 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-10-08 12:01 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-10-08 12:01 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-10-08 12:01 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-10-08 12:01 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-10-08 12:01 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 23:15 . 2009-02-03 21:32 700 ----a-w C:\Connector-2009-02-03.log
2009-02-03 19:59 . 2004-10-08 12:01 56832 ----a-w c:\windows\system32\secur32.dll
2008-06-05 13:56 . 2008-06-03 12:00 16325 ----a-w c:\program files\CHARTER
2008-06-04 17:08 . 2008-03-31 01:18 22328 ----a-w c:\documents and settings\user\Application Data\PnkBstrK.sys
2008-04-25 21:28 . 2008-04-25 21:28 1587087 ----a-w c:\documents and settings\All Users\SPL19C.tmp
2008-03-09 09:26 . 2008-03-09 09:26 2548448 ----a-w c:\documents and settings\All Users\SPL1596.tmp
2008-02-16 22:05 . 2008-07-02 23:18 262144 ----a-w c:\program files\Uninstall Spy Blocker.dll
2008-08-15 07:49 . 2008-08-15 07:49 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081520080816\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\tomsteady.ini -- Not a PE file.
File Size: 148
Created Time: 2009-01-17 01:24
Modified Time: 2009-04-21 01:35
Accessed Time: 2009-01-17 01:24
MD5: 74BA7D6212A8F4AA17EB9B8E48C71803
SHA: 4F7A4BF7AA1E3453A95A4D0343BC5652B27A9F06


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2007-08-30 4670704]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbucoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Voodoo\\voodoo1.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\SpacialAudio\\SAM2\\SAM2.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=

S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]

.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CPMd7ccbf4c - c:\windows\system32\vosorudi.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\yvjl29yq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 01:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdTools]
"ImagePath"="system32\DRIVERS\AmdTools.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GzOCBus]
"ImagePath"="system32\DRIVERS\GzOCBus.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GzOCMdm]
"ImagePath"="system32\DRIVERS\GzOCMdm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GzOCVsp]
"ImagePath"="system32\DRIVERS\GzOCVsp.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nmuggzfe]
"ImagePath"="\??\c:\windows\system32\drivers\nmuggzfe.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p17filt]
"ImagePath"="system32\drivers\p17filt.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SetupNTGLM7X]
"ImagePath"="\??\D:\NTGLM7X.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upkqpceb]
"ImagePath"="\??\c:\windows\system32\drivers\upkqpceb.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\XDva158]
"ImagePath"="\??\c:\windows\system32\XDva158.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(504)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\system32\Crypserv.exe
c:\windows\system32\dlbucoms.exe
c:\mysql\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-04-22 1:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 05:38
ComboFix2.txt 2009-04-18 21:48

Pre-Run: 198,447,865,856 bytes free
Post-Run: 198,445,441,024 bytes free

513 --- E O F --- 2009-04-16 07:03




I am unable to upload the requested file as it is too big for the forums. So I will upload to uploading.com and provide a link to that if it is ok.

http://uploading.com/files/X029KITZ/[4]-Submit_2009-04-22@1.32.zip.html


Here is the MBAM log

Malwarebytes' Anti-Malware 1.36
Database version: 2024
Windows 5.1.2600 Service Pack 3

4/22/2009 1:50:51 AM
mbam-log-2009-04-22 (01-50-51).txt

Scan type: Quick Scan
Objects scanned: 74027
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Let me know if there is anything else I can do please.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 22 April 2009 - 03:07 PM

Hello.

I am unable to upload the requested file as it is too big for the forums. So I will upload to uploading.com and provide a link to that if it is ok.

I suggest you remove the immediately! Those are infected files and should not be attached in the public like that. That link is dead anyways. Please remove it NOW, if it's already removed...

Please run GMER for me, post the log once it's done. Let me know how your computer is running now too.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..
  • When it's done scanning, you may receive another notice. Click OK if prompted.
  • Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
  • If you receive no notice, click on the Scan button near the bottom.
  • It will start scanning again like before.
  • When it is done, Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.If GMER doesn't work in Normal Mode try running it in Safe Mode
Note: Do Not run any program while GMER is running

Important!:Please do not select the Show all checkbox during the scan.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Sypporrah

Sypporrah
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 22 April 2009 - 07:09 PM

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-04-22 20:05:09
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT spig.sys ZwCreateKey
SSDT spig.sys ZwEnumerateKey
SSDT spig.sys ZwEnumerateValueKey
SSDT spig.sys ZwOpenKey
SSDT spig.sys ZwQueryKey
SSDT spig.sys ZwQueryValueKey
SSDT spig.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload B0F188AC 5 Bytes JMP 8A51D4E0
.text ap2aqtna.SYS B06DF384 1 Byte [ 20 ]
.text ap2aqtna.SYS B06DF386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text ap2aqtna.SYS B06DF3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text ap2aqtna.SYS B06DF3C4 3 Bytes [ 00, 00, 00 ]
.text ap2aqtna.SYS B06DF3C9 1 Byte [ 00 ]
.text ...

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8A7591F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8A7591F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 892741F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 892741F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_CREATE 893BE1F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_CLOSE 893BE1F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_READ 893BE1F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_WRITE 893BE1F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_INTERNAL_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_POWER 893BE1F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_SYSTEM_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008e IRP_MJ_PNP 893BE1F8
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_CREATE [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_CREATE_NAMED_PIPE [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_CLOSE [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_READ [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_WRITE [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_QUERY_INFORMATION [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_SET_INFORMATION [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_QUERY_EA [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_SET_EA [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_FLUSH_BUFFERS [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_QUERY_VOLUME_INFORMATION [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_SET_VOLUME_INFORMATION [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_DIRECTORY_CONTROL [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_FILE_SYSTEM_CONTROL [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_DEVICE_CONTROL [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_SHUTDOWN [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_LOCK_CONTROL [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_CLEANUP [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_CREATE_MAILSLOT [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_QUERY_SECURITY [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_SET_SECURITY [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_POWER [BA6B2E1C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_SYSTEM_CONTROL [BA6C6514] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_DEVICE_CHANGE [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_QUERY_QUOTA [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_SET_QUOTA [BA6ECB0C] spig.sys
Device \Driver\PCI_PNP0642 \Device\00000051 IRP_MJ_PNP [BA6EAB7A] spig.sys
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8A51F500
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8A51F500
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8A51F500
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A51F500
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8A51F500
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8A51F500
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8A51F500
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 8A4F9500
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 8A4F9500
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8A4F9500
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A4F9500
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 8A4F9500
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8A4F9500
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 8A4F9500
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8A7CD1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8A7CD1F8
Device \Driver\sptd \Device\3420955642 IRP_MJ_CREATE [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_CREATE_NAMED_PIPE [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_CLOSE [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_READ [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_WRITE [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_QUERY_INFORMATION [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_SET_INFORMATION [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_QUERY_EA [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_SET_EA [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_FLUSH_BUFFERS [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_QUERY_VOLUME_INFORMATION [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_SET_VOLUME_INFORMATION [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_DIRECTORY_CONTROL [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_FILE_SYSTEM_CONTROL [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_DEVICE_CONTROL [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_SHUTDOWN [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_LOCK_CONTROL [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_CLEANUP [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_CREATE_MAILSLOT [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_QUERY_SECURITY [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_SET_SECURITY [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_POWER [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_SYSTEM_CONTROL [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_DEVICE_CHANGE [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_QUERY_QUOTA [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_SET_QUOTA [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 IRP_MJ_PNP [BA6AB000] spig.sys
Device \Driver\sptd \Device\3420955642 FastIoDeviceControl [BA6B5954] spig.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8A75C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8A75C1F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8A50C500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8A50C500
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8A50C500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 893D31F8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 893D31F8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 893D31F8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 893D31F8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 893D31F8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 893D31F8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 893D31F8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 893D31F8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 893D31F8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 893D31F8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 893D31F8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 893D31F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_CREATE 893BE1F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_CLOSE 893BE1F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_READ 893BE1F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_WRITE 893BE1F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_INTERNAL_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_POWER 893BE1F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_SYSTEM_CONTROL 893BE1F8
Device \Driver\usbstor \Device\00000086 IRP_MJ_PNP 893BE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EBB12A5-974A-45D5-A6F3-9CCB9CB3568C} IRP_MJ_CREATE 893D31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EBB12A5-974A-45D5-A6F3-9CCB9CB3568C} IRP_MJ_CLOSE 893D31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EBB12A5-974A-45D5-A6F3-9CCB9CB3568C} IRP_MJ_DEVICE_CONTROL 893D31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EBB12A5-974A-45D5-A6F3-9CCB9CB3568C} IRP_MJ_INTERNAL_DEVICE_CONTROL 893D31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EBB12A5-974A-45D5-A6F3-9CCB9CB3568C} IRP_MJ_CLEANUP 893D31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5EBB12A5-974A-45D5-A6F3-9CCB9CB3568C} IRP_MJ_PNP 893D31F8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8A51F500
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8A51F500
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8A51F500
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A51F500
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8A51F500
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8A51F500
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8A51F500
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 8A4F9500
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 8A4F9500
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8A4F9500
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A4F9500
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 8A4F9500
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8A4F9500
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 8A4F9500
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 8A7CC1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 8A7CC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 893CB1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_CREATE 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_CREATE_NAMED_PIPE 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_CLOSE 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_READ 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_WRITE 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_QUERY_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_SET_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_QUERY_EA 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_SET_EA 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_FLUSH_BUFFERS 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_QUERY_VOLUME_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_SET_VOLUME_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_DIRECTORY_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_FILE_SYSTEM_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_DEVICE_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_SHUTDOWN 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_LOCK_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_CLEANUP 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_CREATE_MAILSLOT 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_QUERY_SECURITY 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_SET_SECURITY 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_POWER 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_SYSTEM_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_DEVICE_CHANGE 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_QUERY_QUOTA 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_SET_QUOTA 8A7CC1F8
Device \Driver\nvata \Device\0000007b IRP_MJ_PNP 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 8A7CC1F8
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 8A7CC1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 893CB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 893CB1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLOSE 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_READ 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_WRITE 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_EA 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_EA 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SHUTDOWN 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_LOCK_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLEANUP 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_SECURITY 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_SECURITY 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_POWER 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_QUOTA 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_QUOTA 8A7CC1F8
Device \Driver\nvata \Device\NvAta2 IRP_MJ_PNP 8A7CC1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8A75C1F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8A75C1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_CREATE 893BE1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_CLOSE 893BE1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_READ 893BE1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_WRITE 893BE1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_INTERNAL_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_POWER 893BE1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_SYSTEM_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008b IRP_MJ_PNP 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_CREATE 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_CLOSE 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_READ 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_WRITE 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_INTERNAL_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_POWER 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_SYSTEM_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008c IRP_MJ_PNP 893BE1F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1 IRP_MJ_CREATE 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1 IRP_MJ_CLOSE 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1 IRP_MJ_DEVICE_CONTROL 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1 IRP_MJ_POWER 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1 IRP_MJ_SYSTEM_CONTROL 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1 IRP_MJ_PNP 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1Port5Path0Target0Lun0 IRP_MJ_CREATE 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1Port5Path0Target0Lun0 IRP_MJ_CLOSE 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1Port5Path0Target0Lun0 IRP_MJ_POWER 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8A5771F8
Device \Driver\ap2aqtna \Device\Scsi\ap2aqtna1Port5Path0Target0Lun0 IRP_MJ_PNP 8A5771F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_CREATE 893BE1F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_CLOSE 893BE1F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_READ 893BE1F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_WRITE 893BE1F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_INTERNAL_DEVICE_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_POWER 893BE1F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_SYSTEM_CONTROL 893BE1F8
Device \Driver\usbstor \Device\0000008d IRP_MJ_PNP 893BE1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 892741F8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 892741F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 893C11F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 893C11F8

---- Files - GMER 1.0.12 ----

ADS C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\naeqporu.sys.vir:changelist
ADS C:\System Volume Information\_restore{4B40D7C5-8196-4BB5-8550-790B8FA6ED89}\RP519\A0110885.sys:changelist
ADS C:\System Volume Information\_restore{4B40D7C5-8196-4BB5-8550-790B8FA6ED89}\RP525\A0111886.sys:changelist
ADS C:\System Volume Information\_restore{4B40D7C5-8196-4BB5-8550-790B8FA6ED89}\RP526\A0111904.sys:changelist
ADS C:\System Volume Information\_restore{4B40D7C5-8196-4BB5-8550-790B8FA6ED89}\RP527\A0111943.sys:changelist
ADS C:\System Volume Information\_restore{4B40D7C5-8196-4BB5-8550-790B8FA6ED89}\RP527\A0111944.sys:changelist
ADS C:\System Volume Information\_restore{4B40D7C5-8196-4BB5-8550-790B8FA6ED89}\RP527\A0111945.sys:changelist
ADS C:\System Volume Information\_restore{4B40D7C5-8196-4BB5-8550-790B8FA6ED89}\RP539\A0113034.sys:changelist

---- EOF - GMER 1.0.12 ----

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 22 April 2009 - 07:51 PM

Hello.

O15 Entries Warning (Sites in your Trusted Zones)

The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in the Internet via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.

Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Re-run DDS and post a new set of DDS log as well.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 25 April 2009 - 11:30 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the day I replied, the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users