Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.delf.uc and other weird problems!


  • This topic is locked This topic is locked
16 replies to this topic

#1 Moogan99

Moogan99

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 02 July 2009 - 05:19 AM

Hello

First of all this is my first post so id like to say a warm hello to all the helpful members of the forum!

Now to the problem.

I restarted my computer (windows XP) and noticed that the windows log in screen had changed (No longer a blue background but a blank screen with a longin window asking for my username and password, even though i dont have a password) I just press enter and windows loads normally.

Until I Get an error messgae saying "To help protect your computer windows closed the following programe - RUN DCC AS AN APP"

Running spybot shows win32.delf.uc, which i remove but the problem keeps coming back.

Ive had a problem before where the windows login screen has changed but a system restore had fixed this... i tried it this time and its still there.

Any help would be much appreciated.

Cheers

Chris




DDS (Ver_09-06-26.01) - NTFSx86
Run by Chris at 11:15:25.85 on 02/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1266 [GMT 1:00]

FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\AutoProtect\DrvMonitor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://searchdnet.googlepages.com/index.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MSN helper: {4efd3aea-b660-4f24-8519-12531d2a3b0c} - khmx0.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WinUpdater AutoRun] c:\autoprotect\DrvMonitor.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\1pnx4e6u.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3132r5.sys [2006-10-9 181760]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2002-1-4 17149]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-18 38160]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2002-1-4 43392]
S3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\drivers\DTV_Capture_2X0.sys [2007-5-28 18432]
S3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\drivers\DTV_Loader_2X1.sys [2007-5-28 19328]

=============== Created Last 30 ================

2009-07-02 11:02 42,496 a------- c:\windows\system32\khmx0.dll
2009-07-02 11:02 40 a------- c:\windows\system32\4.tmp
2009-07-02 10:58 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-02 10:57 <DIR> --ds---- C:\ComboFix
2009-07-02 10:56 <DIR> --d----- c:\program files\iTunes
2009-07-02 10:56 <DIR> --d----- c:\program files\iPod
2009-07-02 10:53 <DIR> --ds---- C:\ComboFixtest
2009-07-02 10:40 <DIR> --d----- c:\program files\uTorrent
2009-07-02 10:40 <DIR> --d----- c:\program files\Kontiki
2009-07-02 10:40 <DIR> --d----- c:\program files\Channel4
2009-07-02 10:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 10:31 40 a------- c:\windows\system32\3.tmp
2009-07-02 09:45 40 a------- c:\windows\system32\2.tmp
2009-07-01 11:07 <DIR> --ds---- C:\ComboFixtest(3)
2009-06-29 21:52 <DIR> --d----- c:\program files\Free Audio Pack
2009-06-29 14:32 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-06-29 00:10 2 a------- c:\windows\010112010146118114.dat
2009-06-29 00:10 69,120 a------- c:\windows\system32\inform.dat
2009-06-29 00:10 15,477 a------- c:\windows\system32\lxf
2009-06-27 10:41 <DIR> --d----- c:\program files\iPod(2)
2009-06-27 10:41 <DIR> --d----- c:\program files\iTunes(2)
2009-06-27 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-27 10:40 <DIR> --d----- c:\program files\QuickTime(2)
2009-06-23 13:41 <DIR> --d----- c:\program files\PURE
2009-06-19 11:11 <DIR> --d----- c:\program files\gorka
2009-06-04 18:36 68,608 a------- c:\windows\system32\19.tmp
2009-06-04 18:36 1 a------- c:\windows\system32\18.tmp
2009-06-04 18:36 84 a------- c:\windows\system32\17.tmp
2009-06-04 17:25 68,608 a------- c:\windows\system32\A2.tmp
2009-06-04 17:25 1 a------- c:\windows\system32\A1.tmp
2009-06-04 17:25 84 a------- c:\windows\system32\A0.tmp
2009-06-02 13:09 <DIR> --d----- C:\ComboFixtest(2)

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-04 14:50 57,684 a---h--- c:\windows\system32\mlfcache.dat
2009-05-31 11:08 176,128 a------- c:\windows\PEV.exe
2009-05-21 14:34 69,692 a------- c:\windows\system32\B0.tmp
2009-05-07 16:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 23:54 862,782 a------- c:\windows\system32\rn.tmp
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-21 00:22 3,532 a------- C:\drmHeader.bin
2009-04-17 10:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 16:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2007-10-06 14:02 22,328 a------- c:\docume~1\chris\applic~1\PnkBstrK.sys
2005-07-25 07:41 131,137 a------- c:\program files\common files\UninstallDrv.exe
2003-06-20 04:05 138,288 a------- c:\windows\inf\usbport.sys
2003-06-20 04:05 49,776 a------- c:\windows\inf\usbhub20.sys
2003-06-20 04:05 24,752 a------- c:\windows\inf\hidclass.sys
2003-06-20 04:05 20,688 a------- c:\windows\inf\usbd.sys
2003-06-20 04:05 19,728 a------- c:\windows\inf\usbehci.sys
2003-05-30 18:22 344,064 a----r-- c:\program files\msvcr70.dll
2002-01-05 12:40 487,424 a------- c:\program files\msvcp70.dll

============= FINISH: 11:15:53.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 06 July 2009 - 10:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Moogan99

Moogan99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 July 2009 - 04:29 AM

Hi!

Thanks for getting back to me.

Unfortunatly the problem is still there. Tried Spybot and Malwarebytes Anti-malware and still cant get rid of the Win32.Delf.uc trojan. Whats even worse is that every time i reboot my computer both Spybot and anti-malware pick up a lot more trojans! I seem to have opened a portal to trojan hell on my computer and cant close it! help!

Your help would be very appreciated.

Once again here is the DDS info.

Also i have included the last Anti-malware scan log so you can see the other kind of stuff thats appearing on my PC.

Cheers
Chris


DDS (Ver_09-06-26.01) - NTFSx86
Run by Chris at 10:22:05.26 on 07/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1524 [GMT 1:00]

FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\AutoProtect\DrvMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://searchdnet.googlepages.com/index.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: {4EFD3AEA-B660-4f24-8519-12531D2A3B0C} - No File
BHO: MSN helper: {61dc85a0-4a32-4c38-92cf-24652b3f416c} - lodsock32.dll
BHO: {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WinUpdater AutoRun] c:\autoprotect\DrvMonitor.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\1pnx4e6u.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3132r5.sys [2006-10-9 181760]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2002-1-4 17149]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2002-1-4 43392]
S3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\drivers\DTV_Capture_2X0.sys [2007-5-28 18432]
S3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\drivers\DTV_Loader_2X1.sys [2007-5-28 19328]

=============== Created Last 30 ================

2009-07-07 08:28 40 a------- c:\windows\system32\4.tmp
2009-07-07 08:09 40 a------- c:\windows\system32\15.tmp
2009-07-07 08:08 42,496 a------- c:\windows\system32\lodsock32.dll
2009-07-07 08:08 40 a------- c:\windows\system32\13.tmp
2009-07-05 02:09 45 a------- c:\windows\system32\ca.dat
2009-07-05 01:54 42,496 a------- c:\windows\system32\locsock32.dll
2009-07-05 01:54 15,477 a------- c:\windows\system32\lpd
2009-07-05 01:54 2 a------- c:\windows\0101120101464849.dat
2009-07-05 01:54 1 a------- c:\windows\934fdfg34fgjf23
2009-07-03 07:55 42,496 a------- c:\windows\system32\khmx1.dll
2009-07-02 11:02 42,496 a------- c:\windows\system32\khmx0.dll
2009-07-02 10:58 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-02 10:56 <DIR> --d----- c:\program files\iTunes
2009-07-02 10:56 <DIR> --d----- c:\program files\iPod
2009-07-02 10:40 <DIR> --d----- c:\program files\uTorrent
2009-07-02 10:40 <DIR> --d----- c:\program files\Kontiki
2009-07-02 10:40 <DIR> --d----- c:\program files\Channel4
2009-07-02 10:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 21:52 <DIR> --d----- c:\program files\Free Audio Pack
2009-06-29 14:32 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-06-29 00:10 2 a------- c:\windows\010112010146118114.dat
2009-06-29 00:10 69,120 a------- c:\windows\system32\inform.dat
2009-06-29 00:10 15,477 a------- c:\windows\system32\lxf
2009-06-27 10:41 <DIR> --d----- c:\program files\iPod(2)
2009-06-27 10:41 <DIR> --d----- c:\program files\iTunes(2)
2009-06-27 10:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-27 10:40 <DIR> --d----- c:\program files\QuickTime(2)
2009-06-23 13:41 <DIR> --d----- c:\program files\PURE
2009-06-19 11:11 <DIR> --d----- c:\program files\gorka

==================== Find3M ====================

2009-07-07 08:08 33,280 a------- c:\windows\system32\clipsrv.exe
2009-07-07 08:03 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-04 14:50 57,684 a---h--- c:\windows\system32\mlfcache.dat
2009-05-31 11:08 176,128 a------- c:\windows\PEV.exe
2009-05-21 14:34 69,692 a------- c:\windows\system32\B0.tmp
2009-05-07 16:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-21 00:22 3,532 a------- C:\drmHeader.bin
2009-04-17 10:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 16:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2007-10-06 14:02 22,328 a------- c:\docume~1\chris\applic~1\PnkBstrK.sys
2005-07-25 07:41 131,137 a------- c:\program files\common files\UninstallDrv.exe
2003-06-20 04:05 138,288 a------- c:\windows\inf\usbport.sys
2003-06-20 04:05 49,776 a------- c:\windows\inf\usbhub20.sys
2003-06-20 04:05 24,752 a------- c:\windows\inf\hidclass.sys
2003-06-20 04:05 20,688 a------- c:\windows\inf\usbd.sys
2003-06-20 04:05 19,728 a------- c:\windows\inf\usbehci.sys
2003-05-30 18:22 344,064 a----r-- c:\program files\msvcr70.dll
2002-01-05 12:40 487,424 a------- c:\program files\msvcp70.dll

============= FINISH: 10:23:04.56 ===============

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 07 July 2009 - 06:33 AM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

I need a deeper look at your computer.
Please do this................

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* OTL.txt
* OTL Extra.txt

Again. Please resist the urge to run any tools, fixes, & scans, from this point further unless I have directed you to do so. It will actually hamper my ability to help you.

I will review your logs and post instructions forthcoming.
Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Moogan99

Moogan99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 July 2009 - 07:13 AM

Hi, once again thanks for responding!

D/L'ed and ran OTL a few times but still only get one report popping up and thats the OTL.txt

So here it is

_______________



OTL logfile created on: 07/07/2009 13:11:11 - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.23% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 33.74 Gb Free Space | 11.32% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOOGS
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/10/03 10:53:34 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/04/23 12:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2005/10/03 11:26:26 | 00,118,848 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005/10/03 11:26:12 | 00,061,508 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2007/12/05 02:41:00 | 00,176,196 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007/10/13 18:18:24 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2005/10/03 10:53:34 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2005/10/03 11:29:22 | 00,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2007/06/13 11:23:07 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/10/09 07:52:23 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2005/08/17 11:39:58 | 00,110,592 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/10/31 11:51:52 | 00,077,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2000/10/16 18:37:36 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\rmctrl.exe
PRC - [2007/08/31 20:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/10/12 21:27:20 | 00,325,120 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2009/03/05 16:07:20 | 02,280,960 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/08/31 19:58:50 | 00,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/06/25 15:03:32 | 00,205,167 | ---- | M] (Winsoft) -- C:\AutoProtect\DrvMonitor.exe
PRC - [2006/10/12 21:27:40 | 00,278,016 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2004/10/06 17:56:28 | 00,503,892 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
PRC - [2009/04/23 22:59:33 | 00,273,200 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/07/07 12:51:00 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2009/06/12 16:43:26 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/06 17:39:29 | 00,248,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/07 08:03:49 | 00,012,800 | ---- | M] () -- C:\WINDOWS\TEMP\VRT5.tmp -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/07/07 08:05:32 | 00,033,280 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - File not found -- -- (CiSvc [On_Demand | Stopped])
SRV - [2009/07/07 08:08:58 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\clipsrv.exe -- (ClipSrv [Disabled | Stopped])
SRV - File not found -- -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/14 18:17:08 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2005/10/03 11:29:22 | 00,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
SRV - [2005/10/03 10:53:34 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])
SRV - [2009/04/23 20:08:22 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2006/10/09 07:52:03 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/15 14:10:54 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/04/23 12:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2006/11/11 04:18:02 | 00,794,624 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2005/10/03 11:26:26 | 00,118,848 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2005/10/03 11:26:12 | 00,061,508 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
SRV - [2007/12/05 02:41:00 | 00,176,196 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/03/09 21:31:02 | 00,102,400 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2007/10/13 18:18:24 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,933,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 08:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2005/08/19 10:31:52 | 03,644,800 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2007/06/29 14:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
DRV - [2004/10/15 11:41:24 | 00,285,216 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\System32\DRIVERS\wg11tnd5.sys -- (AR5523 [On_Demand | Running])
DRV - [2002/07/17 17:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32 [System | Running])
DRV - [2004/10/14 19:24:00 | 00,043,392 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\ATHFMWDL.sys -- (ATHFMWDL [On_Demand | Stopped])
DRV - [2004/08/04 08:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2004/08/04 08:10:00 | 00,013,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avcstrm.sys -- (AVCSTRM [On_Demand | Stopped])
DRV - [2005/01/10 11:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2003/01/10 11:56:34 | 00,030,921 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys -- (DCamUSBSQTECH [On_Demand | Stopped])
DRV - [2003/07/24 13:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Running])
DRV - [2004/09/06 20:40:04 | 00,018,432 | R--- | M] (Computer & Entertainment, Inc.) -- C:\WINDOWS\System32\Drivers\DTV_Capture_2X0.sys -- (DTV_Capture_2X0 [On_Demand | Stopped])
DRV - [2005/06/29 17:21:24 | 00,019,328 | R--- | M] (WideView Technology Inc.) -- C:\WINDOWS\System32\Drivers\DTV_Loader_2X1.sys -- (DTV_Loader_2X1 [On_Demand | Stopped])
DRV - [2004/10/25 21:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2004/08/04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/11/20 23:36:11 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2003/03/09 21:31:00 | 00,051,024 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2003/03/09 21:31:02 | 00,016,080 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2003/03/09 21:31:02 | 00,021,456 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2002/01/04 19:21:48 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2004/08/04 08:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2004/08/04 08:10:00 | 00,049,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mstape.sys -- (MSTAPE [On_Demand | Stopped])
DRV - [2001/08/17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2007/08/31 19:58:18 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2007/12/05 02:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/10/09 07:53:01 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/10/09 07:52:00 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2005/07/26 09:48:28 | 00,033,664 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/07/26 09:48:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2005/07/26 09:48:22 | 00,101,120 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVTcp.sys -- (NVTCP [System | Running])
DRV - [2005/01/10 11:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2005/07/07 09:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2007/08/21 09:12:59 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2006/10/09 07:52:06 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/10/09 07:52:10 | 00,067,200 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3132.sys -- (si3132 [Boot | Stopped])
DRV - [2006/10/09 07:53:02 | 00,181,760 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\Si3132r5.sys -- (Si3132r5 [Boot | Running])
DRV - [2006/10/09 07:53:02 | 00,010,368 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter [Boot | Running])
DRV - [2009/01/20 02:27:47 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/09/24 21:23:14 | 00,003,584 | ---- | M] (Realtime Soft) -- C:\WINDOWS\System32\DRIVERS\UltraMonMirror.sys -- (UltraMonMirror [On_Demand | Running])
DRV - [2006/09/24 21:22:52 | 00,011,776 | ---- | M] (Realtime Soft) -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility [Auto | Running])
DRV - [2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2006/11/29 14:26:09 | 00,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi [On_Demand | Stopped])
DRV - [2005/03/30 09:24:00 | 00,230,400 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-468306318-3284367556-756058804-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-468306318-3284367556-756058804-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-468306318-3284367556-756058804-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchdnet.googlepages.com/index.html
IE - HKU\S-1-5-21-468306318-3284367556-756058804-1005\S-1-5-21-468306318-3284367556-756058804-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-468306318-3284367556-756058804-1005\S-1-5-21-468306318-3284367556-756058804-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/20 23:47:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/29 19:03:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/27 10:40:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/02 10:57:28 | 00,000,000 | ---D | M]

[2009/04/20 23:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Extensions
[2009/04/20 23:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/07 08:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Firefox\Profiles\1pnx4e6u.default\extensions
[2009/04/20 23:47:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Firefox\Profiles\1pnx4e6u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/05/08 18:43:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Firefox\Profiles\1pnx4e6u.default\extensions\personas@christopher.beard
[2009/07/02 08:40:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 16:43:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/17 14:06:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/01/29 19:04:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/21 00:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/12 16:43:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 16:43:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2006/03/09 20:23:00 | 00,073,728 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\mozilla firefox\plugins\npCID.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/11/06 17:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2006/09/29 03:21:47 | 00,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/06/12 16:43:27 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/15 06:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/10/23 07:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/10/24 13:21:08 | 00,140,624 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/12/07 21:36:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/12/07 21:36:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/12/07 21:36:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/12/07 21:36:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/12/07 21:36:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/12/07 21:36:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/12/07 21:36:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/10/24 13:21:12 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/10/24 13:21:06 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (24 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O2 - BHO: (no name) - {4EFD3AEA-B660-4f24-8519-12531D2A3B0C} - No CLSID value found.
O2 - BHO: (MSN helper) - {61DC85A0-4A32-4c38-92CF-24652B3F416C} - C:\WINDOWS\System32\lodsock32.dll (EuroGroup)
O2 - BHO: (no name) - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-468306318-3284367556-756058804-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-468306318-3284367556-756058804-1005..\Run: [WinUpdater AutoRun] C:\AutoProtect\DrvMonitor.exe (Winsoft)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-468306318-3284367556-756058804-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-468306318-3284367556-756058804-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-468306318-3284367556-756058804-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-468306318-3284367556-756058804-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-468306318-3284367556-756058804-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-468306318-3284367556-756058804-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 94 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 94 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-468306318-3284367556-756058804-1005\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/chatsource/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/10 21:51:25 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/29 22:15:15 | 00,000,000 | RHSD | M] - C:\AutoProtect -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/07 12:50:55 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/07/07 08:08:46 | 00,042,496 | ---- | C] (EuroGroup) -- C:\WINDOWS\System32\lodsock32.dll
[2009/07/05 02:09:31 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\ca.dat
[2009/07/05 01:54:26 | 00,042,496 | ---- | C] (EuroGroup) -- C:\WINDOWS\System32\locsock32.dll
[2009/07/05 01:54:26 | 00,015,477 | ---- | C] () -- C:\WINDOWS\System32\lpd
[2009/07/05 01:54:15 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101464849.dat
[2009/07/05 01:54:15 | 00,000,001 | ---- | C] () -- C:\WINDOWS\934fdfg34fgjf23
[2009/07/03 07:55:09 | 00,042,496 | ---- | C] (EuroGroup) -- C:\WINDOWS\System32\khmx1.dll
[2009/07/02 13:53:24 | 01,466,368 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Chris\Desktop\winsockxpfix.exe
[2009/07/02 11:15:20 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2009/07/02 11:04:44 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup.exe
[2009/07/02 11:02:41 | 00,042,496 | ---- | C] (EuroGroup) -- C:\WINDOWS\System32\khmx0.dll
[2009/07/02 11:01:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Deliveries
[2009/07/02 10:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/02 10:56:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/02 10:56:54 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/02 10:40:47 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/07/02 10:40:46 | 00,000,000 | ---D | C] -- C:\Program Files\Kontiki
[2009/07/02 10:40:46 | 00,000,000 | ---D | C] -- C:\Program Files\Channel4
[2009/07/02 10:40:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/29 23:07:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\FileZilla
[2009/06/29 23:04:58 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/06/29 22:54:04 | 01,150,754 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\vp6_decoder.zip
[2009/06/29 21:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack
[2009/06/29 14:32:53 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2009/06/29 00:10:35 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146118114.dat
[2009/06/29 00:10:34 | 00,069,120 | ---- | C] () -- C:\WINDOWS\System32\inform.dat
[2009/06/29 00:10:34 | 00,015,477 | ---- | C] () -- C:\WINDOWS\System32\lxf
[2009/06/28 19:30:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\23
[2009/06/28 19:30:35 | 00,028,521 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\23.zip
[2009/06/28 19:13:45 | 00,511,474 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NBA_2009_Awards_Logo_National.eps
[2009/06/28 19:13:36 | 00,222,504 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\NBA-Trophy-2009.jpg
[2009/06/28 18:54:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\66
[2009/06/28 18:53:56 | 00,015,913 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\66.zip
[2009/06/28 12:22:02 | 00,355,747 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\62.zip
[2009/06/28 12:19:11 | 00,280,575 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\vc_presets.zip
[2009/06/27 17:34:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Sam Evans work
[2009/06/27 17:25:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\after effects tutorials
[2009/06/27 10:41:11 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2009/06/27 10:41:09 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2009/06/27 10:41:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/27 10:40:12 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[2009/06/27 10:26:48 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/23 13:41:30 | 00,000,000 | ---D | C] -- C:\Program Files\PURE
[2009/06/19 11:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\gorka
[2009/06/08 00:43:58 | 00,189,669 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\IMG_6973.jpg
[2009/06/07 16:10:01 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/02/15 15:51:03 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/02/02 12:43:53 | 00,006,602 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/05 02:41:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/04 22:02:13 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/14 00:51:22 | 00,000,316 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/08/05 23:16:54 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/03/15 11:57:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/08 15:21:57 | 00,000,243 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/02/05 11:04:35 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/02/05 11:04:35 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/02/05 11:04:35 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/01/29 10:38:44 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/01/29 10:38:41 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/01/29 10:38:41 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/01/07 10:58:40 | 00,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/01/07 10:58:35 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/01 14:51:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/11/29 14:24:04 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/11/29 10:57:26 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ctrldll.dll
[2006/11/29 00:14:13 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/11/23 17:03:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/21 15:55:38 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2006/11/21 15:55:38 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/11/21 15:32:36 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/11/10 22:35:32 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/11/10 22:02:21 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/11/10 21:58:27 | 00,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2006/11/10 21:57:09 | 00,026,888 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2006/11/10 21:56:56 | 00,026,850 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/11/10 21:56:56 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2006/11/10 21:56:45 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/10/09 07:53:02 | 00,001,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/09 07:52:20 | 00,000,922 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/10/09 07:52:15 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/07/27 18:28:42 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/07/11 23:33:49 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005/05/03 12:38:42 | 00,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 11:48:18 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/03/09 21:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 23:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 02:41:06 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2002/01/04 19:21:45 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/01/04 19:21:45 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/07 13:00:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/07 13:00:34 | 00,231,936 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 12:51:00 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/07/07 12:45:11 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\µTorrent.lnk
[2009/07/07 12:22:10 | 00,003,841 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\springsettings.cfg
[2009/07/07 12:06:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/07 10:22:16 | 00,069,120 | ---- | M] () -- C:\WINDOWS\System32\inform.dat
[2009/07/07 10:22:16 | 00,042,496 | ---- | M] (EuroGroup) -- C:\WINDOWS\System32\lodsock32.dll
[2009/07/07 10:22:16 | 00,015,477 | ---- | M] () -- C:\WINDOWS\System32\lpd
[2009/07/07 10:08:18 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/07 10:08:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/07 10:08:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/07 08:28:55 | 00,042,496 | ---- | M] (EuroGroup) -- C:\WINDOWS\System32\locsock32.dll
[2009/07/07 08:08:58 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\clipsrv.exe
[2009/07/07 08:04:29 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/07 08:04:05 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\ca.dat
[2009/07/07 08:03:36 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2009/07/07 08:03:36 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2009/07/07 08:01:39 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/05 01:54:15 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101464849.dat
[2009/07/05 01:54:15 | 00,000,001 | ---- | M] () -- C:\WINDOWS\934fdfg34fgjf23
[2009/07/05 01:52:37 | 00,000,922 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/05 01:52:37 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2009/07/05 01:52:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/03 16:01:43 | 00,042,496 | ---- | M] (EuroGroup) -- C:\WINDOWS\System32\khmx0.dll
[2009/07/03 16:01:43 | 00,015,477 | ---- | M] () -- C:\WINDOWS\System32\lxf
[2009/07/03 07:55:09 | 00,042,496 | ---- | M] (EuroGroup) -- C:\WINDOWS\System32\khmx1.dll
[2009/07/02 13:53:35 | 01,466,368 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Chris\Desktop\winsockxpfix.exe
[2009/07/02 12:46:31 | 00,470,652 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/02 12:46:31 | 00,400,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/02 12:46:31 | 00,062,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/02 11:15:21 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2009/07/02 11:05:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/02 11:05:25 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\Desktop\mbam-setup.exe
[2009/07/02 10:17:27 | 00,073,064 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/02 08:14:46 | 02,409,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/29 22:54:14 | 01,150,754 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\vp6_decoder.zip
[2009/06/29 17:18:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/29 14:32:53 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2009/06/29 00:10:35 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146118114.dat
[2009/06/28 19:30:35 | 00,028,521 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\23.zip
[2009/06/28 19:13:45 | 00,511,474 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NBA_2009_Awards_Logo_National.eps
[2009/06/28 19:13:36 | 00,222,504 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\NBA-Trophy-2009.jpg
[2009/06/28 18:53:57 | 00,015,913 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\66.zip
[2009/06/28 12:22:03 | 00,355,747 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\62.zip
[2009/06/28 12:19:11 | 00,280,575 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\vc_presets.zip
[2009/06/19 16:02:23 | 03,706,222 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 08:13:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/08 00:43:59 | 00,189,669 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\IMG_6973.jpg
< End of report >

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 07 July 2009 - 10:35 AM

Hi.
No problem.
In place of the OTL Extra.txt please do this..........

Visit this site: http://billsway.com/vbspage/
Scroll down to the section that says "List Installed Programs" and download it, by using this icon: Posted Image
Save it to your Desktop, then right-click and select Extract all.
A folder should open, double click on the file inside called InstalledPrograms.vbs.
Press OK at the prompt, then Yes to view the results.
A text file will open, copy and paste this in your next reply.

Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Moogan99

Moogan99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 July 2009 - 04:16 PM

Heres the log as requested.

Cheers

INSTALLED SOFTWARE (347) - MOOGS - 07/07/2009 22:15:14

4oD Ver: 2.0.23.0 Installed: 22/01/2009
4oD Ver: 2.0.23.0 Installed: 22/01/2009 - 21:13:18
Ableton Live v7.0.1 Installed: 17/05/2009
Adobe After Effects 7.0 Ver: 7.0.0.244
Adobe After Effects 7.0 Ver: 7.0.0.244 Installed: 29/11/2006
Adobe AIR Ver: 1.1.0.5790
Adobe AIR Ver: 1.1.0.5790 Installed: 14/05/2009
Adobe Anchor Service CS3 Ver: 1.0 Installed: 21/06/2007
Adobe Anchor Service CS4 Ver: 2.0 Installed: 14/05/2009
Adobe Asset Services CS3 Ver: 3 Installed: 21/06/2007
Adobe Bridge 1.0 Ver: 1.0.1.1 Installed: 29/11/2006
Adobe Bridge CS3 Ver: 2 Installed: 21/06/2007
Adobe Bridge CS4 Ver: 3 Installed: 14/05/2009
Adobe Bridge Start Meeting Ver: 1.0 Installed: 21/06/2007
Adobe Camera Raw 4.0 Ver: 4.0 Installed: 21/06/2007
Adobe CMaps CS4 Ver: 2.0 Installed: 14/05/2009
Adobe Color EU Extra Settings CS4 Ver: 2.0 Installed: 14/05/2009
Adobe Color EU Recommended Settings Ver: 1.0 Installed: 21/06/2007
Adobe Color JA Extra Settings CS4 Ver: 2.0 Installed: 14/05/2009
Adobe Color NA Extra Settings Ver: 1.0 Installed: 21/06/2007
Adobe Color NA Recommended Settings CS4 Ver: 2.0 Installed: 14/05/2009
Adobe Common File Installer Ver: 1.00.002 Installed: 29/11/2006
Adobe CSI CS4 Ver: 1 Installed: 14/05/2009
Adobe Default Language CS4 Ver: 2.0 Installed: 14/05/2009
Adobe Device Central CS4 Ver: 2 Installed: 14/05/2009
Adobe Drive CS4 Ver: 1 Installed: 14/05/2009
Adobe Encore DVD 2.0 Ver: 2.0
Adobe Encore DVD 2.0 Ver: 2.0 Installed: 29/11/2006
Adobe ExtendScript Toolkit 2 Ver: 2.0 Installed: 21/06/2007
Adobe ExtendScript Toolkit CS4 Ver: 3.0.0 Installed: 14/05/2009
Adobe Extension Manager CS4 Ver: 2.0 Installed: 14/05/2009
Adobe Flash Player 10 Plugin Ver: 10.0.22.87
Adobe Flash Player 9 ActiveX Ver: 9
Adobe Fonts All Ver: 2.0 Installed: 14/05/2009
Adobe Help Center 2.0 Ver: 2.0.0 Installed: 29/11/2006
Adobe Help Viewer CS3 Ver: 1 Installed: 21/06/2007
Adobe Illustrator CS4 Ver: 14.0
Adobe Illustrator CS4 Ver: 14.0 Installed: 14/05/2009
Adobe InDesign CS3 Ver: 5.0
Adobe InDesign CS3 Ver: 5.0 Installed: 21/06/2007
Adobe InDesign CS3 Icon Handler Ver: 5.0 Installed: 21/06/2007
Adobe Linguistics CS3 Ver: 3.0.0 Installed: 21/06/2007
Adobe Linguistics CS4 Ver: 4.0.0 Installed: 14/05/2009
Adobe Media Player Ver: 0.0.0 Installed: 14/05/2009
Adobe Media Player Ver: 1.1
Adobe Output Module Ver: 2.0 Installed: 14/05/2009
Adobe PDF Library Files CS4 Ver: 9.0 Installed: 14/05/2009
Adobe Photoshop CS2 Ver: 9.0
Adobe Photoshop CS2 Ver: 9.0 Installed: 29/11/2006
Adobe Premiere Pro 2.0 Ver: 2.000.000
Adobe Premiere Pro 2.0 Ver: 2.000.000 Installed: 29/11/2006
Adobe Reader 8 Ver: 8.0.0 Installed: 11/04/2007
Adobe Search for Help Ver: 1.0 Installed: 14/05/2009
Adobe Service Manager Extension Ver: 1.0 Installed: 14/05/2009
Adobe Setup Ver: 1.0 Installed: 21/06/2007
Adobe Setup Ver: 2.0 Installed: 14/05/2009
Adobe SING CS3 Ver: 0.1 Installed: 21/06/2007
Adobe Stock Photos 1.0 Ver: 001.000.000 Installed: 29/11/2006
Adobe Stock Photos 1.0 Ver: 1.0.2 Installed: 29/11/2006
Adobe Stock Photos CS3 Ver: 1.5 Installed: 21/06/2007
Adobe Type Support CS4 Ver: 9.0 Installed: 14/05/2009
Adobe Update Manager CS3 Ver: 5.1.0 Installed: 21/06/2007
Adobe Update Manager CS4 Ver: 6.0.0 Installed: 14/05/2009
Adobe Version Cue CS3 Client Ver: 3 Installed: 21/06/2007
Adobe WinSoft Linguistics Plugin Ver: 1.0 Installed: 21/06/2007
Adobe WinSoft Linguistics Plugin Ver: 1.1 Installed: 14/05/2009
Adobe XMP Panels CS3 Ver: 1.0 Installed: 21/06/2007
Adobe XMP Panels CS4 Ver: 2.0 Installed: 14/05/2009
AdobeColorCommonSetCMYK Ver: 2.0 Installed: 14/05/2009
AdobeColorCommonSetRGB Ver: 2.0 Installed: 14/05/2009
Adobe® Photoshop® Album Starter Edition 3.0 Ver: 3.00.000 Installed: 11/04/2007
AMD Processor Driver Ver: 1.3.2.0053 Installed: 25/04/2009
Apple Mobile Device Support Ver: 1.1.2.23 Installed: 23/11/2007
Apple Software Update Ver: 2.0.2.92 Installed: 23/11/2007
Audacity 1.2.6
AutoUpdate Ver: 1.1
BioShock Ver: 2.5.0000 Installed: 21/04/2009
Command & Conquer™ Red Alert™ 3 Ver: 1.0.1.0 Installed: 28/12/2008
Connect Ver: 1.0.0.1 Installed: 14/05/2009
Creative System Information
Critical Update for Windows Media Player 11 (KB959772) Installed: 20/04/2009
Cycore FX 1.0.1 for After Effects
DAEMON Tools Toolbar Ver: 1.0.7.0088
DivX Codec Ver: 6.4.0
DivX Content Uploader Ver: 1.0.0
DivX Converter Ver: 6.2.1
DivX Player Ver: 6.4
DivX Web Player Ver: 1.4.2
Dual-Core Optimizer Ver: 1.1.4.0169 Installed: 25/04/2009
DVB-T USB 2.0
DVD Decrypter (Remove Only)
Enemy Territory - QUAKE Wars™ Ver: 1.0 Installed: 06/10/2007
Enemy Territory - QUAKE Wars™ Ver: 1.1 Installed: 06/10/2007
Enemy Territory - QUAKE Wars™ 1.1 Patch
Enemy Territory - QUAKE Wars™ 1.1 Patch Ver: 1.1 Installed: 13/10/2007
Enemy Territory - QUAKE Wars™ Beta 2 1.1 Patch
ERUNT 1.1j
Google Earth Ver: 4.3.7284.3916 Installed: 31/01/2009
Google Updater Ver: 2.4.1536.6592
HijackThis 2.0.2 Ver: 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399) Installed: 30/01/2009
Hotfix for Windows Media Player 11 (KB939683) Installed: 30/01/2009
Hotfix for Windows XP (KB915865) Ver: 10 Installed: 30/01/2009
Hotfix for Windows XP (KB926239) Ver: 2 Installed: 17/01/2009
Hotfix for Windows XP (KB952287) Ver: 1 Installed: 07/10/2008
hp instant support Ver: 5.0.2.4.asst_classic.asst_install
HP Photo and Imaging 2.0 - All-in-One Ver: 1.10.0000 Installed: 04/08/2007
HP Photo and Imaging 2.0 - All-in-One Drivers Ver: 1.10.0000 Installed: 04/08/2007
HP Photo and Imaging 2.0 - hp psc 2100 series
hp psc 2100 series Ver: 1.10.0000 Installed: 04/08/2007
iTunes Ver: 7.5.0.20 Installed: 23/11/2007
Java™ 6 Update 13 Ver: 6.0.130 Installed: 29/01/2009
K-Lite Mega Codec Pack 1.53 Ver: 1.53
Keylight 1.1v1 for After Effects 7.0
kuler Ver: 2.0 Installed: 14/05/2009
Malwarebytes' Anti-Malware Installed: 02/07/2009
Marvell Miniport Driver Ver: 8.24.3.3 Installed: 10/11/2006
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 05/12/2007
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Ver: 2.0.50727 Installed: 11/07/2007
Microsoft Application Error Reporting Ver: 12.0.6012.5000 Installed: 03/01/2009
Microsoft Compression Client Pack 1.0 for Windows XP Ver: 1 Installed: 17/01/2009
Microsoft IntelliPoint 6.2 Ver: 6.20.182.0 Installed: 03/01/2009
Microsoft Internationalized Domain Names Mitigation APIs Installed: 30/01/2009
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Installed: 03/01/2009
Microsoft National Language Support Downlevel APIs Installed: 30/01/2009
Microsoft Office Professional Edition 2003 Ver: 11.0.5614.0 Installed: 15/03/2007
Microsoft User-Mode Driver Framework Feature Pack 1.0 Installed: 17/01/2009
Microsoft Visual C++ 2005 Redistributable Ver: 8.0.56336 Installed: 21/08/2007
mIRC Ver: 6.21
Mozilla Firefox (3.0.11) Ver: 3.0.11 (en-GB)
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 29/11/2006
MSXML 4.0 SP2 (KB936181) Ver: 4.20.9848.0 Installed: 16/08/2007
MSXML 4.0 SP2 (KB954430) Ver: 4.20.9870.0 Installed: 26/11/2008
MSXML 6 Service Pack 2 (KB954459) Ver: 6.20.1099.0 Installed: 14/01/2009
My DSC
Nero 7 Ultra Edition Ver: 7.02.2620 Installed: 29/11/2006
NETGEAR WG111T Smart Wizard Wireless Utility
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager Ver: 2.03.490 Installed: 21/11/2006
NVIDIA ForceWare Network Access Manager Ver: 2.03.490 Installed: 21/11/2006
On2 Technologies Flix Pro 8.005
PDF Settings CS4 Ver: 9.0 Installed: 14/05/2009
Photoshop Camera Raw Ver: 5.0 Installed: 14/05/2009
PowerDVD
QuickTime Ver: 7.3.0.80 Installed: 23/11/2007
RealPlayer
Realtek AC'97 Audio Ver: 5.16 Installed: 21/11/2006
Resolume 2.41 Ver: 2.41
Security Update for Microsoft .NET Framework 2.0 (KB928365) Ver: 2
Security Update for Windows Internet Explorer 7 (KB938127) Ver: 1 Installed: 31/01/2009
Security Update for Windows Internet Explorer 7 (KB938127-v2) Ver: 2 Installed: 31/01/2009
Security Update for Windows Internet Explorer 7 (KB958215) Ver: 1 Installed: 31/01/2009
Security Update for Windows Internet Explorer 7 (KB960714) Ver: 1 Installed: 31/01/2009
Security Update for Windows Internet Explorer 7 (KB961260) Ver: 1 Installed: 11/02/2009
Security Update for Windows Internet Explorer 7 (KB963027) Ver: 1 Installed: 20/04/2009
Security Update for Windows Internet Explorer 7 (KB969897) Ver: 1 Installed: 11/06/2009
Security Update for Windows Media Player (KB911564) Installed: 28/11/2006
Security Update for Windows Media Player (KB952069) Installed: 30/12/2008
Security Update for Windows Media Player 10 (KB917734) Installed: 06/01/2007
Security Update for Windows Media Player 10 (KB936782) Installed: 16/08/2007
Security Update for Windows Media Player 11 (KB936782) Installed: 30/01/2009
Security Update for Windows Media Player 11 (KB954154) Installed: 30/01/2009
Security Update for Windows Media Player 6.4 (KB925398) Installed: 17/12/2006
Security Update for Windows Media Player 9 (KB917734) Installed: 28/11/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB896423) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB899587) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB902400) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB904706) Ver: 2 Installed: 28/11/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB918118) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB918439) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB920213) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB920214) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB921503) Ver: 1 Installed: 16/08/2007
Security Update for Windows XP (KB922616) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB922760) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB923561) Ver: 1 Installed: 20/04/2009
Security Update for Windows XP (KB923689) Installed: 17/12/2006
Security Update for Windows XP (KB923694) Ver: 1 Installed: 17/12/2006
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB924270) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB924667) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB925454) Ver: 1 Installed: 17/12/2006
Security Update for Windows XP (KB925486) Ver: 1 Installed: 28/11/2006
Security Update for Windows XP (KB925902) Ver: 1 Installed: 04/04/2007
Security Update for Windows XP (KB926255) Ver: 1 Installed: 17/12/2006
Security Update for Windows XP (KB926436) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB927779) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB927802) Ver: 1 Installed: 19/02/2007
Security Update for Windows XP (KB928090) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB928255) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB928843) Ver: 1 Installed: 16/02/2007
Security Update for Windows XP (KB929123) Ver: 1 Installed: 13/06/2007
Security Update for Windows XP (KB929969) Ver: 1 Installed: 11/01/2007
Security Update for Windows XP (KB930178) Ver: 1 Installed: 11/04/2007
Security Update for Windows XP (KB931261) Ver: 1 Installed: 11/04/2007
Security Update for Windows XP (KB931768) Ver: 1 Installed: 10/05/2007
Security Update for Windows XP (KB931784) Ver: 1 Installed: 11/04/2007
Security Update for Windows XP (KB932168) Ver: 1 Installed: 11/04/2007
Security Update for Windows XP (KB933566) Ver: 1 Installed: 13/06/2007
Security Update for Windows XP (KB933729) Ver: 1 Installed: 15/10/2007
Security Update for Windows XP (KB935839) Ver: 1 Installed: 13/06/2007
Security Update for Windows XP (KB935840) Ver: 1 Installed: 13/06/2007
Security Update for Windows XP (KB936021) Ver: 1 Installed: 16/08/2007
Security Update for Windows XP (KB937143) Ver: 1 Installed: 16/08/2007
Security Update for Windows XP (KB938127) Ver: 1 Installed: 16/08/2007
Security Update for Windows XP (KB938464) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB938829) Ver: 1 Installed: 16/08/2007
Security Update for Windows XP (KB939653) Ver: 1 Installed: 15/10/2007
Security Update for Windows XP (KB941202) Ver: 1 Installed: 15/10/2007
Security Update for Windows XP (KB941568) Ver: 1 Installed: 12/12/2007
Security Update for Windows XP (KB941569) Installed: 12/12/2007
Security Update for Windows XP (KB941644) Ver: 1 Installed: 26/01/2008
Security Update for Windows XP (KB942615) Ver: 1 Installed: 12/12/2007
Security Update for Windows XP (KB943055) Ver: 1 Installed: 14/02/2008
Security Update for Windows XP (KB943460) Ver: 1 Installed: 19/11/2007
Security Update for Windows XP (KB943485) Ver: 1 Installed: 26/01/2008
Security Update for Windows XP (KB944338-v2) Ver: 2 Installed: 07/10/2008
Security Update for Windows XP (KB944533) Ver: 1 Installed: 14/02/2008
Security Update for Windows XP (KB944653) Ver: 1 Installed: 12/12/2007
Security Update for Windows XP (KB946026) Ver: 1 Installed: 14/02/2008
Security Update for Windows XP (KB946648) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB950749) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB950762) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB950974) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB951066) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB951376-v2) Ver: 2 Installed: 07/10/2008
Security Update for Windows XP (KB951698) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB951748) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB952004) Ver: 1 Installed: 20/04/2009
Security Update for Windows XP (KB952954) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB953838) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB953839) Ver: 1 Installed: 07/10/2008
Security Update for Windows XP (KB954211) Ver: 1 Installed: 19/11/2008
Security Update for Windows XP (KB954600) Ver: 1 Installed: 30/12/2008
Security Update for Windows XP (KB955069) Ver: 1 Installed: 26/11/2008
Security Update for Windows XP (KB956390) Ver: 1 Installed: 19/11/2008
Security Update for Windows XP (KB956391) Ver: 1 Installed: 19/11/2008
Security Update for Windows XP (KB956572) Ver: 1 Installed: 20/04/2009
Security Update for Windows XP (KB956802) Ver: 1 Installed: 30/12/2008
Security Update for Windows XP (KB956803) Ver: 1 Installed: 19/11/2008
Security Update for Windows XP (KB956841) Ver: 1 Installed: 19/11/2008
Security Update for Windows XP (KB957095) Ver: 1 Installed: 19/11/2008
Security Update for Windows XP (KB957097) Ver: 1 Installed: 26/11/2008
Security Update for Windows XP (KB958215) Ver: 1 Installed: 30/12/2008
Security Update for Windows XP (KB958644) Ver: 1 Installed: 19/11/2008
Security Update for Windows XP (KB958687) Ver: 1 Installed: 14/01/2009
Security Update for Windows XP (KB958690) Ver: 1 Installed: 20/04/2009
Security Update for Windows XP (KB959426) Ver: 1 Installed: 20/04/2009
Security Update for Windows XP (KB960225) Ver: 1 Installed: 20/04/2009
Security Update for Windows XP (KB960714) Ver: 1 Installed: 30/12/2008
Security Update for Windows XP (KB960715) Ver: 1 Installed: 11/02/2009
Security Update for Windows XP (KB960803) Ver: 1 Installed: 20/04/2009
Security Update for Windows XP (KB961373) Ver: 1 Installed: 20/04/2009
Security Update for Windows XP (KB961501) Ver: 1 Installed: 11/06/2009
Security Update for Windows XP (KB968537) Ver: 1 Installed: 11/06/2009
Security Update for Windows XP (KB969898) Ver: 1 Installed: 11/06/2009
Security Update for Windows XP (KB970238) Ver: 1 Installed: 11/06/2009
Sound Blaster Audigy Ver: 1.0
Spring 0.79.1 Ver: 0.79.1
Spybot - Search & Destroy Ver: 1.6.2 Installed: 21/04/2009
Suite Shared Configuration CS4 Ver: 1.0 Installed: 14/05/2009
Supreme Commander Ver: 1.00.0000 Installed: 24/03/2007
UltraMon Ver: 2.7.1 Installed: 21/05/2009
Update for Windows XP (KB894391) Ver: 1 Installed: 28/11/2006
Update for Windows XP (KB898461) Ver: 1 Installed: 28/11/2006
Update for Windows XP (KB900485) Ver: 2 Installed: 28/11/2006
Update for Windows XP (KB908531) Ver: 2 Installed: 28/11/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 28/11/2006
Update for Windows XP (KB911280) Ver: 2 Installed: 28/11/2006
Update for Windows XP (KB916595) Ver: 1 Installed: 28/11/2006
Update for Windows XP (KB920872) Ver: 1 Installed: 28/11/2006
Update for Windows XP (KB922582) Ver: 1 Installed: 28/11/2006
Update for Windows XP (KB927891) Ver: 3 Installed: 24/05/2007
Update for Windows XP (KB929338) Ver: 1 Installed: 15/03/2007
Update for Windows XP (KB930916) Ver: 1 Installed: 10/05/2007
Update for Windows XP (KB931836) Ver: 1 Installed: 16/02/2007
Update for Windows XP (KB933360) Ver: 1 Installed: 30/08/2007
Update for Windows XP (KB938828) Ver: 1 Installed: 16/08/2007
Update for Windows XP (KB942763) Ver: 1 Installed: 12/12/2007
Update for Windows XP (KB942840) Ver: 1 Installed: 12/12/2007
Update for Windows XP (KB946627) Ver: 1 Installed: 22/12/2007
Update for Windows XP (KB951072-v2) Ver: 2 Installed: 07/10/2008
Update for Windows XP (KB955839) Ver: 1 Installed: 30/12/2008
Update for Windows XP (KB967715) Ver: 1 Installed: 20/04/2009
VC80CRTRedist - 8.0.50727.762 Ver: 1.0.0 Installed: 30/01/2009
VideoLAN VLC media player 0.8.6b Ver: 0.8.6b
Vuze
WalkerFX 2.2 Professional Edition Ver: 2.2.0 Installed: 30/11/2006
Water 1.03. for Adobe After Effects
WebFldrs XP Ver: 9.50.7523 Installed: 10/11/2006
Winamp Ver: 5.551
Winamp Remote Ver: 2.2008.0121.1800
Winamp Toolbar for Firefox Ver: 1.0.0.1
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Internet Explorer 7 Ver: 20070813.185237 Installed: 30/01/2009
Windows Live Sign-in Assistant Ver: 4.000.249.1 Installed: 09/12/2006
Windows Media Format 11 runtime
Windows Media Format 11 runtime Installed: 17/01/2009
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11 Installed: 17/01/2009
Windows Media Player Firefox Plugin Ver: 1.0.0.8 Installed: 17/01/2009
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890859 Ver: 1 Installed: 28/11/2006
Windows XP Hotfix - KB891781 Ver: 20050110.165439
WinRAR archiver
Xvid 1.1.3 final uninstall Ver: 1.1

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 08 July 2009 - 03:22 PM

Hello again.
Let's begin.

Please note.........

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

==========

:thumbup2: P2P Warning :)

Your log indicates that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
==========

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.

==========

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* Combofix.txt
* Gmer.log
* How is your computer running now?

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Moogan99

Moogan99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 July 2009 - 10:13 AM

Hi there.

Ok had a few problems... when loading combofix i get an error saying Combofix has been compromised. This isnt looking good. If i try running it in safemode will that help?

Anyway, here is the GMER log as requested.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-09 16:10:18
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 8A55CBF8
INT 0x63 ? 8A5CCBF8
INT 0x73 ? 8A5CCBF8
INT 0xA4 ? 8A55ABF8
INT 0xB4 ? 8A5CFBF8

---- Kernel code sections - GMER 1.0.15 ----

? spmz.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B859662C 5 Bytes JMP 8A55A1D8
.text a9ywk9r3.SYS B7FAA386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a9ywk9r3.SYS B7FAA3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a9ywk9r3.SYS B7FAA3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a9ywk9r3.SYS B7FAA3C9 1 Byte [2E]
.text a9ywk9r3.SYS B7FAA3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[196] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[196] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[196] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[196] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[208] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe[208] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Bonjour\mDNSResponder.exe[236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Bonjour\mDNSResponder.exe[236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Bonjour\mDNSResponder.exe[236] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Bonjour\mDNSResponder.exe[236] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Bonjour\mDNSResponder.exe[236] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Bonjour\mDNSResponder.exe[236] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[284] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[284] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[284] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[284] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[284] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[284] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\SOUNDMAN.EXE[388] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\SOUNDMAN.EXE[388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\SOUNDMAN.EXE[388] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\SOUNDMAN.EXE[388] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\SOUNDMAN.EXE[388] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\SOUNDMAN.EXE[388] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\Rundll32.exe[460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\Rundll32.exe[460] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\Rundll32.exe[460] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\Rundll32.exe[460] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\Rundll32.exe[460] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\Rundll32.exe[460] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\rmctrl.exe[464] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\rmctrl.exe[464] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\rmctrl.exe[464] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\rmctrl.exe[464] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\rmctrl.exe[464] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\rmctrl.exe[464] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Java\jre6\bin\jqs.exe[472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Java\jre6\bin\jqs.exe[472] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Java\jre6\bin\jqs.exe[472] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Java\jre6\bin\jqs.exe[472] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Java\jre6\bin\jqs.exe[472] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Java\jre6\bin\jqs.exe[472] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\AutoProtect\DrvMonitor.exe[488] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\AutoProtect\DrvMonitor.exe[488] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\AutoProtect\DrvMonitor.exe[488] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\AutoProtect\DrvMonitor.exe[488] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\AutoProtect\DrvMonitor.exe[488] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\AutoProtect\DrvMonitor.exe[488] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\RUNDLL32.EXE[528] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\RUNDLL32.EXE[528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\RUNDLL32.EXE[528] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\RUNDLL32.EXE[528] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\RUNDLL32.EXE[528] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\RUNDLL32.EXE[528] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[548] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[548] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[548] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[548] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Java\jre6\bin\jusched.exe[568] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Java\jre6\bin\jusched.exe[568] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Java\jre6\bin\jusched.exe[568] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Java\jre6\bin\jusched.exe[568] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Java\jre6\bin\jusched.exe[568] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Java\jre6\bin\jusched.exe[568] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\UltraMon\UltraMon.exe[592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\UltraMon\UltraMon.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\UltraMon\UltraMon.exe[592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\UltraMon\UltraMon.exe[592] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\UltraMon\UltraMon.exe[592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\UltraMon\UltraMon.exe[592] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[660] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[660] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[660] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[660] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[660] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[660] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[720] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[720] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[744] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[744] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[744] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[760] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[760] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[760] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[760] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\nvsvc32.exe[772] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\nvsvc32.exe[772] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\nvsvc32.exe[772] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\nvsvc32.exe[772] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\nvsvc32.exe[772] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\nvsvc32.exe[772] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe[876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe[876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe[876] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe[876] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe[876] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe[876] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[900] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[900] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[900] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[900] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[900] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[900] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\rundll32.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\rundll32.exe[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\rundll32.exe[908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\rundll32.exe[908] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\rundll32.exe[908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\rundll32.exe[908] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[928] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[928] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[928] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[928] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\PnkBstrA.exe[972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\PnkBstrA.exe[972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\PnkBstrA.exe[972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\PnkBstrA.exe[972] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\PnkBstrA.exe[972] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\PnkBstrA.exe[972] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\system32\services.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\services.exe[1088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\services.exe[1088] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\services.exe[1088] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\services.exe[1088] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\services.exe[1088] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\system32\lsass.exe[1100] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF94778
.text C:\WINDOWS\system32\lsass.exe[1100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF94807
.text C:\WINDOWS\system32\lsass.exe[1100] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF94814
.text C:\WINDOWS\system32\lsass.exe[1100] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF94A8E
.text C:\WINDOWS\system32\lsass.exe[1100] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF947FD
.text C:\WINDOWS\system32\lsass.exe[1100] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF94855
.text C:\WINDOWS\Explorer.EXE[1104] Explorer.EXE 0101A8EB 4 Bytes [FF, 15, 1C, 11]
.text C:\WINDOWS\Explorer.EXE[1104] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44AD9, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[1104] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040]
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\Explorer.EXE[1104] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\Mozilla Firefox\firefox.exe[1356] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FF84778
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FF84807
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FF84814
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FF84A8E
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FF847FD
.text C:\WINDOWS\System32\svchost.exe[1472] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FF84855
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[1492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[1492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[1492] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[1492] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[1492] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[1492] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\spoolsv.exe[1988] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\wuauclt.exe[2296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\wuauclt.exe[2296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\wuauclt.exe[2296] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\wuauclt.exe[2296] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\wuauclt.exe[2296] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\wuauclt.exe[2296] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\Documents and Settings\Chris\Desktop\qfrwnq6h.exe[2444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\Documents and Settings\Chris\Desktop\qfrwnq6h.exe[2444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\Documents and Settings\Chris\Desktop\qfrwnq6h.exe[2444] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\Documents and Settings\Chris\Desktop\qfrwnq6h.exe[2444] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\Documents and Settings\Chris\Desktop\qfrwnq6h.exe[2444] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\Documents and Settings\Chris\Desktop\qfrwnq6h.exe[2444] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2924] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2924] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2924] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2924] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\wscntfy.exe[3132] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\wscntfy.exe[3132] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\wscntfy.exe[3132] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\wscntfy.exe[3132] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\wscntfy.exe[3132] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\wscntfy.exe[3132] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855
.text C:\WINDOWS\system32\svchost.exe[3316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4778
.text C:\WINDOWS\system32\svchost.exe[3316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA4807
.text C:\WINDOWS\system32\svchost.exe[3316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA4814
.text C:\WINDOWS\system32\svchost.exe[3316] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A8E
.text C:\WINDOWS\system32\svchost.exe[3316] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47FD
.text C:\WINDOWS\system32\svchost.exe[3316] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA4855

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spmz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spmz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spmz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spmz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spmz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spmz.sys
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!KfAcquireSpinLock] 8A000002
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!READ_PORT_UCHAR] 83880846
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!KeGetCurrentIrql] 000001C0
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!KfRaiseIrql] 2C4EB70F
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!KfLowerIrql] 8303C183
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!HalGetInterruptVector] D103FCE1
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!HalTranslateBusAddress] 2E7E8366
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!KeStallExecutionProcessor] 8D1C7400
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!KfReleaseSpinLock] 83893204
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00000218
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!READ_PORT_USHORT] 2E4EB70F
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 021C8B89
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[HAL.dll!WRITE_PORT_UCHAR] B70F0000
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[WMILIB.SYS!WmiSystemControl] 03D00304
IAT \SystemRoot\System32\Drivers\a9ywk9r3.SYS[WMILIB.SYS!WmiCompleteRequest] 0CB389F2

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5591F8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Fastfat \FatCdrom 89EDE500

AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{86494E4E-D543-45D2-A2F2-03DD3F64D63B} 887DA1F8
Device \Driver\usbohci \Device\USBPDO-0 8A0F7500
Device \Driver\usbehci \Device\USBPDO-1 8A0F6500

AttachedDevice \Driver\Tcpip \Device\Tcp NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5CD1F8
Device \Driver\Cdrom \Device\CdRom0 8A0E0500
Device \Driver\Cdrom \Device\CdRom1 8A0E0500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A55C1F8
Device \Driver\atapi \Device\Ide\IdePort0 8A55C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A55C1F8
Device \Driver\nvata \Device\00000073 8A5CC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 887DA1F8
Device \Driver\PCI_PNP2986 \Device\0000004b spmz.sys
Device \Driver\NetBT \Device\NetbiosSmb 887DA1F8
Device \Driver\usbohci \Device\USBFDO-0 8A0F7500
Device \Driver\usbehci \Device\USBFDO-1 8A0F6500
Device \Driver\nvata \Device\NvAta0 8A5CC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89F14500
Device \Driver\nvata \Device\NvAta1 8A5CC1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89F14500
Device \Driver\NetBT \Device\NetBT_Tcpip_{20108686-0A1E-44E6-94D6-FF0433A0AD0F} 887DA1F8
Device \Driver\Ftdisk \Device\FtControl 8A5CD1F8
Device \Driver\sptd \Device\1708601736 spmz.sys
Device \Driver\a9ywk9r3 \Device\Scsi\a9ywk9r31Port5Path0Target0Lun0 8A0381F8
Device \Driver\Si3132r5 \Device\Scsi\Si3132r51 8A55B1F8
Device \Driver\a9ywk9r3 \Device\Scsi\a9ywk9r31 8A0381F8
Device \Driver\Si3132r5 \Device\Scsi\Si3132r51Port4Path1Target1fLun0 8A55B1F8
Device \FileSystem\Fastfat \Fat 89EDE500

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Cdfs \Cdfs 89EAE3C8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x77 0x09 0x81 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0x25 0xDD 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x94 0x7F 0x7D 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0xB8 0x3D 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAB 0xF1 0xED 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0x99 0xA8 0x52 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x77 0x09 0x81 0x9B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFF 0x25 0xDD 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x94 0x7F 0x7D 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x89 0xB8 0x3D 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAB 0xF1 0xED 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0x99 0xA8 0x52 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xA1 0x06 0x3C 0x11 ...

---- EOF - GMER 1.0.15 ----

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 09 July 2009 - 10:53 AM

Hi there.
No problem. :thumbup2:

Please do this.......

1st.... delete the copy of Combofix you have on your desktop.

Next.....

Download Combofix from any of the links below again. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
==========

With your next post please provide:

* Combofix.txt
* How is your computer running now?

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Moogan99

Moogan99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 09 July 2009 - 02:04 PM

No luck, still says that it has been compromised :thumbup2:

Hopefully its not the deadly Viruit virus!

What can i do now?

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 10 July 2009 - 06:28 AM

See the next post.
Thanks,
t

Edited by thcbytes, 10 July 2009 - 11:22 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 10 July 2009 - 11:21 AM

Hi there.
Trying to run Combofix in Safe mode might prove to be an exercise in futility. I don't think it will work.

Your concerns are reasonable. :thumbup2:
Combofix has failed its own Sigcheck. This denotes the possible presence of a file infector.
I see one file that might suggest the dreaded Virut. Let's upload it and run another Scan to verify it.

Please do this.......

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\WINDOWS\System32\clipsrv.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

Perform an online scan with Kaspersky WebScanner.
(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
Posted Image



==========

With your next post please provide:

* Upload results
* Kaspersky log

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 Moogan99

Moogan99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 12 July 2009 - 07:16 AM

Ok now thats weird.... all 3 of them links dont work for me, just saying address not found. Is this something malware related?

I'll try my friends laptop later today when i get the time.

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 AM

Posted 13 July 2009 - 12:29 PM

Hi there.
Sorry for the delay.
Thanks for you patience.

Yes - unfortunately it might be malware related. :thumbup2:

Before we continue: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we continue.

Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Let's try this....

==========

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy
After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.

==========

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
==========

With your next post please provide:

* DrWeb.cvs report

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users