Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Undeletable Viruses

Started by RunnerofBears , Jun 10 2009 07:52 PM

  • This topic is locked This topic is locked
23 replies to this topic

#1 RunnerofBears

RunnerofBears

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 10 June 2009 - 07:52 PM

NEED HELP Please!!!

I have several problems.

1) On start up it goes from the Dell Start Up screen to the Windows load screen and then to a black screen where my mouse is the only thing that works. I restart and it will Go from the Dell sceen to Windows load sceen to the blue Welcome screen and then freeze. Then I start it a third time and start up is normal. Occasionally I get a blue screen that says Boot Cleaner and a few more lines and then it quickly starts up.

2) clicking a search result in Google results in a new tab opening and a misdirection.

3) Computer freezes after 1-2 hours of run time

4)I will run AVG, Spybot, Ad-aware and they find and delete malware, virus ect. I run them again after reboot and they find the same things.


Any help would be appreciated. DDS and Attach as follows:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 20:21:17.68 on Wed 06/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.234 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spybot - Search & Destroy\Spybo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
uRun: [Malware Sweeper] c:\program files\malwaresweeper.com\malwaresweeper\MalSwep.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{d946675d-1d6c-4dc8-9e0d-b4b8eaa30eaa}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DivX Free Codec] c:\program files\divx free codec\Divx Free Update.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [net] "c:\windows\system32\net.net"
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\6frubmvm.default\
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-17 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-30 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-22 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-7 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-22 108552]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-6-1 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-6-1 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-6-1 29776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-22 298776]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-6-1 361672]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-6-1 3052744]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-10-10 237784]
R3 WinMTBus;WinMount Bus;c:\windows\system32\drivers\WinMTBus.sys [2008-2-20 196224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1005904]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]

=============== Created Last 30 ================

2009-06-10 20:10 566 a---h--- C:\aaw7boot.cmd
2009-06-03 22:23 2,518 a------- c:\windows\wininit.ini
2009-06-02 18:44 38,528 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 18:44 17,200 a------- c:\windows\system32\drivers\mbam.sys
2009-06-02 18:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 22:40 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-01 22:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-01 22:16 <DIR> --d----- c:\docume~1\owner\applic~1\OnlineArmor
2009-06-01 22:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-06-01 22:16 198,224 a------- c:\windows\system32\drivers\OADriver.sys
2009-06-01 22:16 31,824 a------- c:\windows\system32\drivers\OAmon.sys
2009-06-01 22:16 29,776 a------- c:\windows\system32\drivers\OAnet.sys
2009-06-01 22:16 <DIR> --d----- c:\program files\Tall Emu

==================== Find3M ====================

2009-06-01 10:23 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-06 11:58 217,743 a------- c:\windows\jgzr.dat
2009-05-04 08:32 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-04 08:32 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-04 08:32 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2006-08-12 01:18 33,811,280 a------- c:\program files\AcroSetup.exe
2008-08-21 23:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082120080822\index.dat

============= FINISH: 20:23:30.23 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:25 PM

Posted 11 June 2009 - 10:55 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 RunnerofBears

RunnerofBears
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 11 June 2009 - 07:35 PM

OTL opened 2 logs. The OTL log and the Extras log. Both are posted below respectively.

OTL logfile created on: 6/11/2009 8:31:16 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 323.80 Mb Available Physical Memory | 31.92% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 27.71 Gb Free Space | 37.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER2
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/22 18:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2009/04/25 01:27:50 | 00,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2006/11/22 18:32:58 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/04/28 05:38:08 | 00,361,672 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe
PRC - [2009/04/28 05:38:02 | 03,052,744 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2009/06/01 10:22:45 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/05/04 08:31:58 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/10/10 04:33:54 | 00,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2008/09/12 18:46:32 | 00,061,856 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/05/19 20:05:23 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/05/04 08:32:02 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2005/10/07 00:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/12/13 03:41:08 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/12/13 03:45:00 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/11/22 18:35:50 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.exe
PRC - [2006/03/24 17:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/12/04 20:39:19 | 00,461,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2003/12/04 08:44:34 | 00,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2004/05/12 16:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004/02/02 04:41:58 | 00,495,616 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2005/12/13 03:41:00 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/09/12 18:46:32 | 00,160,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2003/12/05 15:41:44 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
PRC - [2005/12/09 21:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/06/28 09:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2005/07/27 02:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2003/05/14 02:45:04 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2009/06/01 10:22:46 | 00,518,488 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/05/04 08:32:07 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/04/28 05:37:50 | 02,045,128 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2007/01/30 00:39:34 | 01,432,064 | ---- | M] (Phoenix Labs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/04/28 05:37:58 | 01,037,000 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
PRC - [2009/04/28 23:47:15 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/11 20:28:28 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/05/04 08:31:58 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/06/21 02:29:54 | 00,227,328 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/06/01 10:22:45 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - File not found -- -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/04/28 05:38:08 | 00,361,672 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat [Auto | Running])
SRV - [2003/05/14 02:45:04 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Running])
SRV - [2009/04/28 05:38:02 | 03,052,744 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor [Auto | Running])
SRV - File not found -- -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2007/10/10 04:33:54 | 00,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4 [Auto | Running])
SRV - [2006/11/22 18:35:50 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/09/12 18:46:32 | 00,061,856 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/09/12 18:48:54 | 05,119,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/09/12 18:48:22 | 00,245,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/10/07 21:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/09/28 06:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/06/11 20:27:20 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/05/04 08:32:13 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/04 08:32:05 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/22 18:34:36 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/10/08 18:35:14 | 00,044,544 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2003/05/14 02:19:52 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2003/05/14 02:19:54 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2003/05/14 02:17:54 | 00,021,488 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/12/01 01:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 01:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2005/12/13 04:09:34 | 01,364,574 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2009/01/18 17:30:13 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/10/04 22:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2009/04/28 05:01:48 | 00,198,224 | ---- | M] (Tall Emu) -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice [System | Running])
DRV - [2009/04/28 05:02:02 | 00,031,824 | ---- | M] (Tall Emu) -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon [System | Running])
DRV - [2009/04/28 05:38:44 | 00,029,776 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet [System | Running])
DRV - [2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2005/12/01 19:57:56 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/07/26 19:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2006/03/24 17:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2005/12/01 01:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/04/11 13:35:38 | 00,196,224 | ---- | M] (WinMount International Inc.) -- C:\WINDOWS\system32\DRIVERS\WinMTBus.sys -- (WinMTBus [On_Demand | Running])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])
DRV - [2007/01/30 00:16:42 | 00,006,144 | ---- | M] () -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
IE - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
IE - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\S-1-5-21-1605704715-3362000588-3868042465-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2007/07/12 17:54:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/06 08:36:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED [2009/06/11 20:27:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/16 11:06:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/03 22:39:22 | 00,000,000 | ---D | M]

[2009/01/02 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/01/02 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/10 20:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6frubmvm.default\extensions
[2008/12/10 08:57:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\6frubmvm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/10 20:44:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 23:47:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/12 17:54:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\divx@partners.mozilla.com
[2009/04/28 23:47:15 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 23:47:15 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 04:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 04:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 12:54:58 | 00,001,495 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2008/12/02 04:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 04:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 04:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 04:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 04:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" (Tall Emu)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DivX Free Codec] C:\Program Files\DivX Free Codec\Divx Free Update.exe ()
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [net] "C:\WINDOWS\system32\net.net" File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe File not found
O4 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot File not found
O4 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1605704715-3362000588-3868042465-1003\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38f8a197-dfb9-11dc-be01-0019b97be836}\Shell - "" = AutoRun
O33 - MountPoints2\{38f8a197-dfb9-11dc-be01-0019b97be836}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38f8a197-dfb9-11dc-be01-0019b97be836}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{c9850184-5eff-11dd-8a2f-001bfc7dd8ea}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/11 20:30:21 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/11 20:30:21 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2009/06/11 20:28:28 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/11 20:27:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/06/10 20:21:03 | 00,359,893 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/06/10 19:45:24 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/06/09 11:45:05 | 10,637,14816 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/03 22:23:34 | 00,002,518 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/02 20:17:36 | 14,246,464 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2009/06/02 20:14:16 | 06,406,688 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2009/06/02 18:44:45 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/02 18:44:45 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/02 18:44:45 | 00,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/02 18:44:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/02 18:22:12 | 01,140,472 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGUltraGrid20.ocx
[2009/06/02 18:22:12 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2009/06/02 18:22:12 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/06/02 18:22:12 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2009/06/02 18:22:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.ocx
[2009/06/02 18:22:11 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2009/06/02 18:22:11 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2009/06/02 18:22:11 | 00,265,753 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\AS-Exp2.ocx
[2009/06/02 18:22:11 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actsplash.ocx
[2009/06/02 18:22:11 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009/06/02 18:22:11 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2009/06/02 18:22:11 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2009/06/02 18:22:11 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\md5.dll
[2009/06/02 18:21:28 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mb.exe.exe
[2009/06/02 18:21:15 | 07,099,542 | ---- | C] (MalwareSweeper.com ) -- C:\Documents and Settings\Owner\Desktop\ms2200fr.exe
[2009/06/01 22:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/06/01 22:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/01 22:38:33 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2009/06/01 22:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OnlineArmor
[2009/06/01 22:16:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/06/01 22:16:05 | 00,198,224 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/06/01 22:16:05 | 00,031,824 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/06/01 22:16:05 | 00,029,776 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/06/01 22:16:03 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2008/08/07 21:26:03 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/08/07 21:26:03 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/08/07 21:26:03 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/08/07 21:26:03 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/01 23:21:22 | 00,000,018 | ---- | C] () -- C:\WINDOWS\Protocol.ini
[2007/11/18 11:53:07 | 00,000,167 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2007/11/14 19:32:19 | 00,000,008 | ---- | C] () -- C:\WINDOWS\ctrdmrd3.ini
[2007/10/26 12:33:33 | 00,000,031 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2007/09/30 18:01:57 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/08/31 18:57:12 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/26 19:06:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/26 19:03:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/07 15:27:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/21 02:32:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/21 02:26:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/06/21 02:26:12 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/06/21 02:07:34 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 06:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/06/11 20:28:28 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/06/11 20:27:39 | 00,074,578 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/11 20:27:38 | 37,049,538 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/11 20:27:20 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/11 20:25:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/11 20:25:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/11 20:25:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/06/11 20:25:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 20:25:00 | 10,637,14816 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/10 22:36:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/06/10 20:21:03 | 00,359,893 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/06/10 19:52:00 | 00,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/10 19:49:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/08 23:17:47 | 00,002,518 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/06/02 20:20:23 | 14,246,464 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2009/06/02 20:14:37 | 06,406,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2009/06/02 19:04:18 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/02 18:43:51 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mb.exe.exe
[2009/06/02 18:26:28 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/02 18:21:39 | 07,099,542 | ---- | M] (MalwareSweeper.com ) -- C:\Documents and Settings\Owner\Desktop\ms2200fr.exe
[2009/06/02 10:20:46 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/01 22:38:56 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2009/06/01 22:16:26 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2009/06/01 22:16:16 | 00,401,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/01 22:16:16 | 00,062,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/01 18:58:06 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/01 10:23:02 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/14 07:33:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\mb.exe.exe:SummaryInformation
< End of report >




OTL Extras logfile created on: 6/11/2009 8:31:16 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 323.80 Mb Available Physical Memory | 31.92% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 27.71 Gb Free Space | 37.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER2
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1605704715-3362000588-3868042465-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/05/11 07:19:30 | 05,423,104 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2009/06/11 20:26:39 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/05/04 08:32:02 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
[2009/04/28 23:47:15 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{04AA1207-D8C6-45DC-A96D-48358EBE09F3}" = PSShortcuts
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43A3B44-2FBE-45A4-86A3-1CB9D3BC230A}" = PS7200
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG8Uninstall" = AVG 8.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Free Codec" = DivX Free Codec
"eMule" = eMule
"Freedom Fighters" = Freedom Fighters
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Instant CD & DVD Burner_is1" = Instant CD & DVD Burner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1" = Online Armor 3.5
"PeerGuardian_is1" = PeerGuardian 2.0
"PS3 Video 9" = PS3 Video 9 2.25
"Scrabble" = Scrabble (remove only)
"SearchAssist" = SearchAssist
"The Rosetta Stone" = The Rosetta Stone
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Web Update Wizard (Redistributable)" = Web Update Wizard (Redistributable) 4.0
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMount_is1" = WinMount V2.2.1
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1605704715-3362000588-3868042465-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2008 4:07:00 PM | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.20121, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00011f6c.

Error - 8/2/2008 4:05:49 PM | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.4669, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2008 9:07:36 PM | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.4669, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/7/2008 7:05:15 PM | Computer Name = COMPUTER2 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application zune.exe, version 2.1.888.2, stamp 473d2ea7,
faulting module zunenativelib.dll, version 2.1.888.2, stamp 473d2ef4, debug? 0,
fault address 0x0006e8d1.

Error - 8/18/2008 10:10:06 PM | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware2007.exe, version 7.0.2.7, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/3/2008 4:03:11 PM | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Faulting application QuickTimePlayer.exe, version 7.4.0.91, faulting
module QuickTimePlayer.exe, version 7.4.0.91, fault address 0x0000130d.

Error - 9/8/2008 4:00:46 PM | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.10, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2008 4:41:23 PM | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.10, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2008 4:41:26 PM | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.10, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/18/2008 10:57:27 PM | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module xpcom_core.dll, version 1.8.20080.4669, fault address 0x000017da.

[ System Events ]
Error - 6/8/2009 11:17:58 PM | Computer Name = COMPUTER2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/8/2009 11:22:16 PM | Computer Name = COMPUTER2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/9/2009 11:44:09 AM | Computer Name = COMPUTER2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/9/2009 9:45:37 PM | Computer Name = COMPUTER2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 001BFC7DD8EA has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/9/2009 9:45:42 PM | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 6/10/2009 7:43:27 PM | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 6/10/2009 7:52:19 PM | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 6/10/2009 8:33:24 PM | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 6/10/2009 10:25:48 PM | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 6/11/2009 8:25:24 PM | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3


< End of report >

#4 RunnerofBears

RunnerofBears
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 11 June 2009 - 10:08 PM

The GMER scan has not completed and I will post it tomorrow.

Thank you for your help. I really do appreciate it.

#5 RunnerofBears

RunnerofBears
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 12 June 2009 - 06:17 AM

Here is the GMER log. I await further instructions.


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-12 07:14:47
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86E3E1C8 ZwEnumerateKey
Code 86E418B0 ZwFlushInstructionCache
Code 86D38E86 IofCallDriver
Code 86DBCAC6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86D38E8B
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86DBCACB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86E418B4
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86E3E1CC

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[124] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\spoolsv.exe[124] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\spoolsv.exe[124] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\System32\svchost.exe[336] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\WebUpdateSvc4.exe[396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\WebUpdateSvc4.exe[396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\WebUpdateSvc4.exe[396] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\csrss.exe[484] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\winlogon.exe[508] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006A000A
.text C:\WINDOWS\system32\winlogon.exe[508] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\lsass.exe[568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\lsass.exe[568] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0076000A
.text C:\WINDOWS\system32\lsass.exe[568] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[744] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\System32\svchost.exe[856] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\HPZipm12.exe[1088] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\HPZipm12.exe[1088] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\HPZipm12.exe[1088] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D8000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D9000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015F0001
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 012CF9F0 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012D0A60 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 012D08A0 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012D0780 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 012CFDA0 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012CFFD0 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] WININET.dll!HttpAddRequestHeadersA 7805FB4D 5 Bytes JMP 0116000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1116] WININET.dll!HttpAddRequestHeadersW 780CD14D 5 Bytes JMP 011F000A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text c:\WINDOWS\system32\ZuneBusEnum.exe[1356] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A2000A
.text c:\WINDOWS\system32\ZuneBusEnum.exe[1356] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A3000A
.text c:\WINDOWS\system32\ZuneBusEnum.exe[1356] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0074000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1376] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1376] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1400] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007A000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1400] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007B000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1400] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\Explorer.EXE[1404] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D1000A
.text C:\WINDOWS\Explorer.EXE[1404] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D2000A
.text C:\WINDOWS\Explorer.EXE[1404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 36630001
.text C:\WINDOWS\Explorer.EXE[1404] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1404] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1404] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\Explorer.EXE[1404] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Documents[1436] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D6000A
.text C:\Documents[1436] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D7000A
.text C:\Documents[1436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01200001
.text C:\Documents[1436] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Documents[1436] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Documents[1436] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents[1436] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Documents[1436] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1440] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1440] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0095000A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1440] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\System32\bcmwltry.exe[1480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DD000A
.text C:\WINDOWS\System32\bcmwltry.exe[1480] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DE000A
.text C:\WINDOWS\System32\bcmwltry.exe[1480] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1488] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BE000A
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1488] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BF000A
.text C:\Program Files\Tall Emu\Online Armor\OAcat.exe[1488] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1572] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1572] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Tall Emu\Online Armor\oasrv.exe[1572] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[1588] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\ctfmon.exe[1588] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\ctfmon.exe[1588] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01380001
.text C:\WINDOWS\system32\ctfmon.exe[1588] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1588] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[1588] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text C:\WINDOWS\system32\ctfmon.exe[1588] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D4000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1884] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D5000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011E0001
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1884] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1884] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1884] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[1884] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1908] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Owner\Desktop\sgeqvvse.exe[1944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D6000A
.text C:\Documents and Settings\Owner\Desktop\sgeqvvse.exe[1944] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D7000A
.text C:\Documents and Settings\Owner\Desktop\sgeqvvse.exe[1944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01200001
.text C:\Documents and Settings\Owner\Desktop\sgeqvvse.exe[1944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Owner\Desktop\sgeqvvse.exe[1944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Owner\Desktop\sgeqvvse.exe[1944] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Owner\Desktop\sgeqvvse.exe[1944] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Owner\Desktop\sgeqvvse.exe[1944] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Documents[2236] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D6000A
.text C:\Documents[2236] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D7000A
.text C:\Documents[2236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01200001
.text C:\Documents[2236] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Documents[2236] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Documents[2236] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents[2236] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Documents[2236] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Owner\Desktop\nsjss.exe[2412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D6000A
.text C:\Documents and Settings\Owner\Desktop\nsjss.exe[2412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D7000A
.text C:\Documents and Settings\Owner\Desktop\nsjss.exe[2412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01200001
.text C:\Documents and Settings\Owner\Desktop\nsjss.exe[2412] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Owner\Desktop\nsjss.exe[2412] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Owner\Desktop\nsjss.exe[2412] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Owner\Desktop\nsjss.exe[2412] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Owner\Desktop\nsjss.exe[2412] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2464] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0076000A
.text C:\WINDOWS\System32\alg.exe[2464] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0078000A
.text C:\WINDOWS\System32\alg.exe[2464] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents[2652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D6000A
.text C:\Documents[2652] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D7000A
.text C:\Documents[2652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01200001
.text C:\Documents[2652] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Documents[2652] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Documents[2652] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents[2652] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Documents[2652] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2732] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2732] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2732] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F1000A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00F2000A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2788] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013B0001
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2788] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2788] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2788] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2788] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2788] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[2816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0141000A
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[2816] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0142000A
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[2816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01950001
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[2816] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[2816] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Tall Emu\Online Armor\oaui.exe[2816] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell Support\DSAgnt.exe[2940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CF000A
.text C:\Program Files\Dell Support\DSAgnt.exe[2940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D0000A
.text C:\Program Files\Dell Support\DSAgnt.exe[2940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D70001
.text C:\Program Files\Dell Support\DSAgnt.exe[2940] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell Support\DSAgnt.exe[2940] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell Support\DSAgnt.exe[2940] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Dell Support\DSAgnt.exe[2940] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell Support\DSAgnt.exe[2940] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[3008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DC000A
.text C:\Program Files\Digital Line Detect\DLG.exe[3008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DD000A
.text C:\Program Files\Digital Line Detect\DLG.exe[3008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01260001
.text C:\Program Files\Digital Line Detect\DLG.exe[3008] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[3008] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[3008] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Digital Line Detect\DLG.exe[3008] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[3008] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Program Files\Apoint\Apoint.exe[3088] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D1000A
.text C:\Program Files\Apoint\Apoint.exe[3088] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D2000A
.text C:\Program Files\Apoint\Apoint.exe[3088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\Program Files\Apoint\Apoint.exe[3088] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Apoint\Apoint.exe[3088] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Apoint\Apoint.exe[3088] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Apoint\Apoint.exe[3088] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PeerGuardian2\pg2.exe[3100] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D9000A
.text C:\Program Files\PeerGuardian2\pg2.exe[3100] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DC000A
.text C:\Program Files\PeerGuardian2\pg2.exe[3100] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001
.text C:\Program Files\PeerGuardian2\pg2.exe[3100] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PeerGuardian2\pg2.exe[3100] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\PeerGuardian2\pg2.exe[3100] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\PeerGuardian2\pg2.exe[3100] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D0000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D1000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014D0001
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0119F9F0 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011A0A60 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 011A08A0 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011A0780 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0119FDA0 \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3112] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3136] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\hkcmd.exe[3136] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\hkcmd.exe[3136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text C:\WINDOWS\system32\hkcmd.exe[3136] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3136] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[3136] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\hkcmd.exe[3136] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3156] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\igfxpers.exe[3156] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\igfxpers.exe[3156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01140001
.text C:\WINDOWS\system32\igfxpers.exe[3156] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3156] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxpers.exe[3156] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\igfxpers.exe[3156] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[3176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\WLTRAY.exe[3176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\WLTRAY.exe[3176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001
.text C:\WINDOWS\system32\WLTRAY.exe[3176] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[3176] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\WLTRAY.exe[3176] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\WLTRAY.exe[3176] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[3176] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\stsystra.exe[3224] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B7000A
.text C:\WINDOWS\stsystra.exe[3224] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B8000A
.text C:\WINDOWS\stsystra.exe[3224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01310001
.text C:\WINDOWS\stsystra.exe[3224] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\stsystra.exe[3224] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\stsystra.exe[3224] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\stsystra.exe[3224] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\stsystra.exe[3224] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3252] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D1000A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3252] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D2000A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3252] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3252] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3252] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3252] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3324] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3324] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D50001
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3324] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3324] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3324] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe[3324] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3392] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00EE000A
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3392] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00EF000A
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01640001
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3392] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3392] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Tall Emu\Online Armor\OAhlp.exe[3392] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CE000A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CF000A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3396] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01180001
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3396] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3396] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3396] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3396] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[3396] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\hphmon05.exe[3416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\hphmon05.exe[3416] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\hphmon05.exe[3416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\WINDOWS\system32\hphmon05.exe[3416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hphmon05.exe[3416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hphmon05.exe[3416] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\hphmon05.exe[3416] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hphmon05.exe[3416] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3444] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\igfxsrvc.exe[3444] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\igfxsrvc.exe[3444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01150001
.text C:\WINDOWS\system32\igfxsrvc.exe[3444] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3444] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3444] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\igfxsrvc.exe[3444] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Zune\ZuneLauncher.exe[3472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BB000A
.text C:\Program Files\Zune\ZuneLauncher.exe[3472] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BC000A
.text C:\Program Files\Zune\ZuneLauncher.exe[3472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00950001
.text C:\Program Files\Zune\ZuneLauncher.exe[3472] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Zune\ZuneLauncher.exe[3472] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Zune\ZuneLauncher.exe[3472] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Zune\ZuneLauncher.exe[3472] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C7000A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C8000A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3612] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3612] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3612] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3612] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3612] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3732] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BF000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3732] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C0000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3732] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3732] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3732] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F100F5A
.text C:\Program Files\Apoint\HidFind.exe[4040] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C6000A
.text C:\Program Files\Apoint\HidFind.exe[4040] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C7000A
.text C:\Program Files\Apoint\HidFind.exe[4040] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
.text C:\Program Files\Apoint\HidFind.exe[4040] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Apoint\HidFind.exe[4040] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Apoint\HidFind.exe[4040] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Apoint\HidFind.exe[4040] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Apoint\Apntex.exe[4092] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B9000A
.text C:\Program Files\Apoint\Apntex.exe[4092] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BA000A
.text C:\Program Files\Apoint\Apntex.exe[4092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001
.text C:\Program Files\Apoint\Apntex.exe[4092] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Apoint\Apntex.exe[4092] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text C:\Program Files\Apoint\Apntex.exe[4092] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Apoint\Apntex.exe[4092] USER32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 5F0D0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7730300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7730360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7730610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7730650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7730610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7730360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7730300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F7730300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F7730360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F7730650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F7730610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7730610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7730650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7730300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7730360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)
Device \FileSystem\Fastfat \Fat A7C97D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [336] 0x00B10000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [336] 0x00BC0000
Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [744] 0x02F60000
Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [812] 0x00B10000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [812] 0x00BC0000
Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [856] 0x00B10000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [856] 0x00BC0000
Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [912] 0x00B10000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [912] 0x00BC0000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1116] 0x012C0000
Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1132] 0x00B10000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1132] 0x00BC0000
Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1192] 0x00B10000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1192] 0x00BC0000
Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1404] 0x00E10000
Library C:\Documents (*** hidden *** ) @ C:\Documents [1436] 0x00400000
Library \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1804] 0x00B10000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1804] 0x00BC0000
Library C:\Documents (*** hidden *** ) @ C:\Documents [2236] 0x00400000
Library C:\Documents (*** hidden *** ) @ C:\Documents [2652] 0x00400000
Library \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [3112] 0x01190000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACoyntrrnomxgwpmd.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACoyntrrnomxgwpmd.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACoyntrrnomxgwpmd.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvmloyrebyxckmnm.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdeylvndwdqcwtjl.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACcjklydknatvakti.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACuhtpjkydxxnchei.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UAChjdlsdogsdeafxh.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACcttxakrdtlfooud.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACvwnxtwkeeobxuob.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACppweagglhcxxnxd.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACpkshgrxqpivsads.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACoyntrrnomxgwpmd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACoyntrrnomxgwpmd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvmloyrebyxckmnm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdeylvndwdqcwtjl.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACcjklydknatvakti.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACuhtpjkydxxnchei.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UAChjdlsdogsdeafxh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACcttxakrdtlfooud.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACvwnxtwkeeobxuob.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACppweagglhcxxnxd.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACpkshgrxqpivsads.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACoyntrrnomxgwpmd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACoyntrrnomxgwpmd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACvmloyrebyxckmnm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdeylvndwdqcwtjl.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACcjklydknatvakti.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACuhtpjkydxxnchei.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UAChjdlsdogsdeafxh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACcttxakrdtlfooud.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACescjdimugvdfbsx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACliyyunooeqxyood.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACvwnxtwkeeobxuob.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACppweagglhcxxnxd.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACpkshgrxqpivsads.log

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\uacliyyunooeqxyood.dll.8f64756049a5187f0355adf45677239.aawqff 66564 bytes
File C:\Documents and Settings\Owner\Local Settings\Temp\UAC6dd5.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACoyntrrnomxgwpmd.sys 53760 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACcjklydknatvakti.dll 19968 bytes executable
File C:\WINDOWS\system32\UACcttxakrdtlfooud.db 1110399 bytes
File C:\WINDOWS\system32\UACdeylvndwdqcwtjl.dat 224 bytes
File C:\WINDOWS\system32\UACescjdimugvdfbsx.dll 30208 bytes executable
File C:\WINDOWS\system32\UAChjdlsdogsdeafxh.dll 19456 bytes executable
File C:\WINDOWS\system32\uacinit.dll 5975 bytes
File C:\WINDOWS\system32\UACliyyunooeqxyood.dll 66560 bytes
File C:\WINDOWS\system32\uactmp.db 3976714 bytes
File C:\WINDOWS\system32\UACuhtpjkydxxnchei.dll 17408 bytes executable
File C:\WINDOWS\system32\UACvmloyrebyxckmnm.dll 25600 bytes executable
File C:\WINDOWS\system32\UACvwnxtwkeeobxuob.log 63746 bytes
File C:\WINDOWS\Temp\UACe639.tmp 66560 bytes

---- EOF - GMER 1.0.15 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:25 PM

Posted 12 June 2009 - 10:29 AM

We need to run Combofix.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 RunnerofBears

RunnerofBears
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 12 June 2009 - 06:15 PM

Combofix.exe will not run. I double click, click run, and then nothing happens. Also tried renaming same result. No prompts or anything.

Please advise.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:25 PM

Posted 13 June 2009 - 10:58 AM

It's not uncommon for malware to block combofix from running. Let's try to work around that.
First delete combofix off your desktop.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 RunnerofBears

RunnerofBears
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 13 June 2009 - 01:11 PM

ComboFix log.



ComboFix 09-06-13.01 - Owner 06/13/2009 13:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.464 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACoyntrrnomxgwpmd.sys
c:\windows\system32\UACcjklydknatvakti.dll
c:\windows\system32\UACcttxakrdtlfooud.db
c:\windows\system32\UACdeylvndwdqcwtjl.dat
c:\windows\system32\UACescjdimugvdfbsx.dll
c:\windows\system32\UAChjdlsdogsdeafxh.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACliyyunooeqxyood.dll
c:\windows\system32\UACpkshgrxqpivsads.log
c:\windows\system32\UACppweagglhcxxnxd.log
c:\windows\system32\UACuhtpjkydxxnchei.dll
c:\windows\system32\UACvmloyrebyxckmnm.dll
c:\windows\system32\UACvwnxtwkeeobxuob.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-12 23:04 . 2009-06-12 23:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-06-12 00:27 . 2009-06-12 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 00:27 . 2009-06-12 00:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-12 00:26 . 2009-05-20 00:04 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-11 02:27 . 2009-06-11 02:27 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-02 22:44 . 2008-09-10 04:04 38528 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 22:44 . 2008-09-10 04:03 17200 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 22:44 . 2009-06-02 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 22:22 . 2004-05-11 14:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2009-06-02 22:22 . 2003-11-19 18:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2009-06-02 22:22 . 2006-05-31 19:38 10752 ----a-w- c:\windows\system32\md5.dll
2009-06-02 22:22 . 2000-07-15 10:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-02 02:40 . 2009-06-11 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 02:40 . 2009-06-04 02:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 02:16 . 2009-06-02 02:16 -------- d-----w- c:\documents and settings\Owner\Application Data\OnlineArmor
2009-06-02 02:16 . 2009-06-02 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-06-02 02:16 . 2009-04-28 09:38 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-06-02 02:16 . 2009-04-28 09:02 31824 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-06-02 02:16 . 2009-04-28 09:01 198224 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-06-02 02:16 . 2009-06-02 02:16 -------- d-----w- c:\program files\Tall Emu
2009-06-01 14:23 . 2009-06-01 14:23 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-01 14:23 . 2009-06-01 14:23 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-01 14:23 . 2009-06-01 14:23 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 14:23 . 2009-06-01 14:23 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-01 14:23 . 2009-06-01 14:23 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-01 14:23 . 2009-06-01 14:23 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-01 14:22 . 2009-06-01 14:22 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-01 14:22 . 2009-06-01 14:22 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-01 14:22 . 2009-06-01 14:22 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-01 14:22 . 2009-06-01 14:22 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-01 14:22 . 2009-06-01 14:22 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-01 14:22 . 2009-06-01 14:22 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-01 14:22 . 2009-06-01 14:22 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-01 14:22 . 2009-06-01 14:22 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-01 14:22 . 2009-06-01 14:22 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-01 14:22 . 2009-06-01 14:22 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-01 14:22 . 2009-06-01 14:22 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 17:34 . 2009-03-30 20:03 -------- d-----w- c:\program files\PeerGuardian2
2009-06-13 17:23 . 2009-04-22 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-12 17:23 . 2007-08-17 19:35 -------- d-----w- c:\program files\eMule
2009-06-12 00:27 . 2009-04-22 13:50 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 02:39 . 2009-03-04 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-03 22:33 . 2009-03-04 14:10 -------- d-----w- c:\program files\Common Files\AOL
2009-06-03 00:32 . 2009-06-03 00:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-01 23:34 . 2009-04-22 13:50 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-06-01 14:23 . 2009-02-18 03:20 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-16 18:01 . 2007-11-21 00:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-07 17:42 . 2009-05-07 17:42 127877 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-05-07 17:42 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-07 17:41 . 2009-05-07 17:41 1685856 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 15:59 . 2008-10-29 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Examsoft
2009-05-06 15:58 . 2008-10-29 13:48 217743 ----a-w- c:\windows\jgzr.dat
2009-05-04 12:32 . 2009-04-22 13:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 12:32 . 2007-07-07 20:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 12:32 . 2009-04-22 13:50 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-29 04:56 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 13:50 . 2009-04-22 13:50 -------- d-----w- c:\program files\AVG
2009-04-22 02:53 . 2009-04-22 02:53 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 14:20 . 2009-04-07 14:20 69664 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-04-07 14:20 . 2009-04-07 14:20 274792 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-04-07 14:20 . 2009-04-07 14:20 73064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-03-19 17:59 . 2009-03-19 17:59 965344 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2006-08-12 05:18 . 2007-10-20 20:05 33811280 ----a-w- c:\program files\AcroSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 17:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-21 227328]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DivX Free Codec"="c:\program files\DivX Free Codec\Divx Free Update.exe" [2007-03-30 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-01 518488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-04-28 2045128]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-28 335048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 12:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/17/2009 11:20 AM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/30/2009 4:01 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/22/2009 9:50 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/22/2009 9:50 AM 108552]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/1/2009 10:16 PM 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/1/2009 10:16 PM 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/1/2009 10:16 PM 29776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/22/2009 9:50 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1005904]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/1/2009 10:16 PM 361672]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/1/2009 10:16 PM 3052744]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [10/10/2007 4:33 AM 237784]
R3 WinMTBus;WinMount Bus;c:\windows\system32\drivers\WinMTBus.sys [2/20/2008 4:02 PM 196224]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:22]

2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-06-12 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 18:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
HKCU-Run-Malware Sweeper - c:\program files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
HKLM-Run-net - c:\windows\system32\net.net


.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
FF - ProfilePath -
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3300)
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Tall Emu\Online Armor\oahlp.exe
.
**************************************************************************
.
Completion time: 2009-06-13 14:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 18:09

Pre-Run: 29,519,151,104 bytes free
Post-Run: 29,524,144,128 bytes free

227 --- E O F --- 2009-06-10 23:49

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:25 PM

Posted 13 June 2009 - 01:18 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

DDS::
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


=====================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 RunnerofBears

RunnerofBears
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 13 June 2009 - 02:35 PM

Combofix log and Malwarebytes log posted below.

One problem that has arisen is that PeerGuardian is unable to run. Is says Peer Guardian is unable to load the packet filtering driver.
Then it says "class driver_error CreateService/OpenService: the specified device as an installed service does not existed" I have tried removing it and reinstalling but I continue to get the same error.

If you cannot fix this is there another IP blocker to protect my privacy on P2P? A better blocker?





ComboFix 09-06-13.02 - Owner 06/13/2009 15:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.397 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 17:51 . 2009-06-13 18:09 -------- d-s---w- C:\Combo-Fix
2009-06-12 23:04 . 2009-06-12 23:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-06-12 00:27 . 2009-06-12 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 00:27 . 2009-06-12 00:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-12 00:26 . 2009-05-20 00:04 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-11 02:27 . 2009-06-13 18:37 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-02 22:44 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 22:44 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 22:44 . 2009-06-13 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 22:22 . 2004-05-11 14:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2009-06-02 22:22 . 2003-11-19 18:59 512688 ----a-w- c:\windows\system32\XceedCry.dll
2009-06-02 22:22 . 2006-05-31 19:38 10752 ----a-w- c:\windows\system32\md5.dll
2009-06-02 22:22 . 2000-07-15 10:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-02 02:40 . 2009-06-11 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 02:40 . 2009-06-04 02:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 02:16 . 2009-06-02 02:16 -------- d-----w- c:\documents and settings\Owner\Application Data\OnlineArmor
2009-06-02 02:16 . 2009-06-02 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-06-02 02:16 . 2009-04-28 09:38 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-06-02 02:16 . 2009-04-28 09:02 31824 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-06-02 02:16 . 2009-04-28 09:01 198224 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-06-02 02:16 . 2009-06-02 02:16 -------- d-----w- c:\program files\Tall Emu
2009-06-01 14:23 . 2009-06-01 14:23 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-01 14:23 . 2009-06-01 14:23 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-01 14:23 . 2009-06-01 14:23 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 14:23 . 2009-06-01 14:23 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-01 14:23 . 2009-06-01 14:23 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-01 14:23 . 2009-06-01 14:23 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-01 14:22 . 2009-06-01 14:22 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-01 14:22 . 2009-06-01 14:22 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-01 14:22 . 2009-06-01 14:22 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-01 14:22 . 2009-06-01 14:22 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-01 14:22 . 2009-06-01 14:22 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-01 14:22 . 2009-06-01 14:22 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-01 14:22 . 2009-06-01 14:22 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-01 14:22 . 2009-06-01 14:22 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-01 14:22 . 2009-06-01 14:22 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-01 14:22 . 2009-06-01 14:22 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-01 14:22 . 2009-06-01 14:22 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 18:47 . 2009-03-30 20:03 -------- d-----w- c:\program files\PeerGuardian2
2009-06-13 18:43 . 2007-08-17 19:35 -------- d-----w- c:\program files\eMule
2009-06-13 17:23 . 2009-04-22 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-12 00:27 . 2009-04-22 13:50 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 02:39 . 2009-03-04 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-03 22:33 . 2009-03-04 14:10 -------- d-----w- c:\program files\Common Files\AOL
2009-06-03 00:32 . 2009-06-03 00:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-01 23:34 . 2009-04-22 13:50 -------- d-----w- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-06-01 14:23 . 2009-02-18 03:20 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-16 18:01 . 2007-11-21 00:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-05-07 17:42 . 2009-05-07 17:42 127877 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe
2009-05-07 17:42 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-07 17:41 . 2009-05-07 17:41 1685856 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 15:59 . 2008-10-29 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Examsoft
2009-05-06 15:58 . 2008-10-29 13:48 217743 ----a-w- c:\windows\jgzr.dat
2009-05-04 12:32 . 2009-04-22 13:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 12:32 . 2007-07-07 20:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 12:32 . 2009-04-22 13:50 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-29 04:56 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 13:50 . 2009-04-22 13:50 -------- d-----w- c:\program files\AVG
2009-04-22 02:53 . 2009-04-22 02:53 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 14:20 . 2009-04-07 14:20 69664 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-04-07 14:20 . 2009-04-07 14:20 274792 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-04-07 14:20 . 2009-04-07 14:20 73064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-03-19 17:59 . 2009-03-19 17:59 965344 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2006-08-12 05:18 . 2007-10-20 20:05 33811280 ----a-w- c:\program files\AcroSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 17:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-21 227328]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DivX Free Codec"="c:\program files\DivX Free Codec\Divx Free Update.exe" [2007-03-30 274432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-01 518488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-04-28 2045128]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-28 335048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 12:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/17/2009 11:20 AM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/30/2009 4:01 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/22/2009 9:50 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/22/2009 9:50 AM 108552]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/1/2009 10:16 PM 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/1/2009 10:16 PM 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/1/2009 10:16 PM 29776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/22/2009 9:50 AM 298776]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/1/2009 10:16 PM 361672]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/1/2009 10:16 PM 3052744]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [10/10/2007 4:33 AM 237784]
R3 WinMTBus;WinMount Bus;c:\windows\system32\drivers\WinMTBus.sys [2/20/2008 4:02 PM 196224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1005904]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:22]

2009-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-06-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 18:05]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070621
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 15:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1780)
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-13 15:22
ComboFix-quarantined-files.txt 2009-06-13 19:22
ComboFix2.txt 2009-06-13 18:09

Pre-Run: 29,466,406,912 bytes free
Post-Run: 29,459,300,352 bytes free

191 --- E O F --- 2009-06-10 23:49









Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 3

6/13/2009 3:30:02 PM
mbam-log-2009-06-13 (15-30-02).txt

Scan type: Quick Scan
Objects scanned: 88972
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\All Users\Start Menu\Programs\MalwareSweeper.com (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\malwaresweeper.com\Malware Sweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\md5.dll (Rogue.Trace) -> Quarantined and deleted successfully.

#12 RunnerofBears

RunnerofBears
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 13 June 2009 - 02:44 PM

In addition Online Armor keeps asking for authorization for BCMWLTRY.EXE and WgaTray.exe. Both are trying to remotely access C:\WINDOWS\system32\svchost.exe

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:25 PM

Posted 13 June 2009 - 07:52 PM

In addition Online Armor keeps asking for authorization for BCMWLTRY.EXE and WgaTray.exe. Both are trying to remotely access C:\WINDOWS\system32\svchost.exe


Both of those files are legitimate files and can be granted access.

http://www.processlibrary.com/directory/files/bcmwltry/

http://www.processlibrary.com/directory/files/wgatray/


I don't know much about Peer Guardian. I would check with the program's support site, if there is one. Although my guess is that it's conflicting with your firewall in some way.


Are you getting any indication that malware may still be present?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 RunnerofBears

RunnerofBears
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
    •  
  • Local time:08:25 PM

Posted 14 June 2009 - 02:48 PM

As of right now there is no indication of malware. Thank you for your help. I could not have done this without you.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:25 PM

Posted 15 June 2009 - 10:41 AM

Excellent! :)
Just a few last steps for you then.



We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·