Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can someone plz take a look at my DDS logs


  • This topic is locked This topic is locked
8 replies to this topic

#1 SweetV

SweetV

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 31 August 2009 - 01:49 AM

Thanks in advance.:(

DDS (Ver_09-07-30.01) - NTFSx86
Run by PC at 9:21:45,46 on 31.08.2009 Ј.
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.959.400 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\PC\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.bg/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort10reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\10\config\ereg\ereg.ini"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\pc\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linkma~1.lnk - c:\program files\linkmagic\LINKMAGIC.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: avgrsstx.dll c:\progra~1\google\go333c~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\t6bb8xhy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://eurodict.com/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-23 40840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-25 130936]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2008-6-10 125952]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-3 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-3 27784]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-23 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-23 81288]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-3 297752]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-17 47640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-23 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-23 1095560]
S2 gupdate1c964ee4a643026;Google Update Service (gupdate1c964ee4a643026);c:\program files\google\update\GoogleUpdate.exe [2008-12-23 133104]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-23 30192]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-08-18 14:48 <DIR> --d----- c:\program files\PhotoFiltre
2009-08-13 18:11 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-11 15:33 58,296 a---h--- c:\windows\system32\mlfcache.dat
2009-08-05 16:34 258,048 a----r-- c:\windows\system32\hpzids01.dll
2009-08-05 16:34 118,272 a------- c:\windows\system32\hpz3l4x9.dll
2009-08-05 16:28 85 a------- c:\windows\bi_group.ini
2009-08-05 15:58 <DIR> --d----- c:\program files\common files\HP
2009-08-05 15:57 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-08-05 15:55 <DIR> --d----- c:\windows\carrier_jr
2009-08-05 15:55 <DIR> --d----- c:\program files\HP
2009-08-05 15:50 145,503 a------- c:\windows\hpwins18.dat
2009-08-05 15:46 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-08-05 15:46 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-08-05 15:44 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-08-05 15:44 364,544 a----r-- c:\windows\system32\hppldcoi.dll
2009-08-05 15:44 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-08-05 15:44 892,928 a----r-- c:\windows\system32\hpwtiop2.dll
2009-08-05 15:44 294,912 a----r-- c:\windows\system32\hpovst11.dll
2009-08-05 15:44 675,840 a----r-- c:\windows\system32\hpwwiax2.dll

==================== Find3M ====================

2009-08-17 09:47 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 09:47 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 12:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 22:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 19:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 19:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 19:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-26 08:51 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-16 17:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 17:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 15:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 15:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 17:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 22:09 1,291,264 a------- c:\windows\system32\quartz.dll
2008-12-30 11:46 0 -------- c:\documents and settings\pc\words.dat
2009-04-30 16:02 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-29 19:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 9:22:24,23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:04:08 AM

Posted 15 September 2009 - 10:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 SweetV

SweetV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 16 September 2009 - 03:53 AM

Hello again. Thanks for replying.

Kaspersky online scanner found this:

File name Threat name Threats count
C:\Documents and Settings\PC\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 4


Here are the logs:

DDS (Ver_09-07-30.01) - NTFSx86
Run by PC at 11:25:39,32 on 16.09.2009 Ј.
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.959.398 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\PC\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.bg/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort10reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\10\config\ereg\ereg.ini"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\pc\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linkma~1.lnk - c:\program files\linkmagic\LINKMAGIC.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\t6bb8xhy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://eurodict.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-23 40840]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-25 130936]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2008-6-10 125952]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-3 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-3 27784]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-23 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-23 81288]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-3 297752]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-17 47640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-23 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-23 1095560]
S2 gupdate1c964ee4a643026;Google Update Service (gupdate1c964ee4a643026);c:\program files\google\update\GoogleUpdate.exe [2008-12-23 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-09-07 13:03 <DIR> --d----- c:\program files\WOT
2009-08-18 14:48 <DIR> --d----- c:\program files\PhotoFiltre

==================== Find3M ====================

2009-09-08 08:59 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-09-08 08:59 87,352 a------- c:\windows\system32\LMIinit.dll
2009-09-08 08:59 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-08 08:59 25,248 a------- c:\windows\system32\lmimirr.dll
2009-09-08 08:59 11,552 a------- c:\windows\system32\lmimirr2.dll
2009-08-24 09:07 145,503 a------- c:\windows\hpwins18.dat
2009-08-17 09:47 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 09:47 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-11 15:33 58,296 a---h--- c:\windows\system32\mlfcache.dat
2009-08-05 12:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 22:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 19:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 19:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 19:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-26 08:51 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-30 11:46 0 -------- c:\documents and settings\pc\words.dat
2008-09-29 19:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 11:26:13,46 ===============

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:08 AM

Posted 17 September 2009 - 12:12 AM

Hello SweetV,

My name is Syler and I will be helping you to solve your Malware issues.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM report
  • log.txt
  • info.txt
Thanks

unite.jpg


#5 SweetV

SweetV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 18 September 2009 - 02:47 AM

Malwarebytes didn't detect anything.

Malwarebytes' Anti-Malware 1.41
Database version: 2819
Windows 5.1.2600 Service Pack 3

18.9.2009 г. 10:08:50
mbam-log-2009-09-18 (10-08-50).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 137217
Time elapsed: 29 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


There was no "info" log :( ...


Logfile of random's system information tool 1.06 (written by random/random)
Run by PC at 2009-09-18 10:09:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (36%) free of 20 GB
Total RAM: 959 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:44, on 18.9.2009 г.
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\PC\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort10reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\10\Config\Ereg\ereg.ini"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LINKMAGIC.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c964ee4a643026) (gupdate1c964ee4a643026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11653 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for PC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-24 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-10 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-04-15 1290912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-11-22 16858112]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-17 2007832]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-11-05 36864]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-11-05 40960]
"PPort10reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe [2005-06-03 729088]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-16 479232]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-24 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2005-11-09 128920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
LINKMAGIC.lnk - C:\Program Files\LINKMAGIC\LINKMAGIC.EXE

C:\Documents and Settings\PC\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-17 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-08 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2b12b4c-aa3f-11dd-908f-00196682e4c0}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f06e96ae-9487-11de-9185-00196682e4c0}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe


======List of files/folders created in the last 1 months======

2009-09-17 17:42:50 ----D---- C:\Program Files\trend micro
2009-09-17 17:42:49 ----D---- C:\rsit
2009-09-17 17:04:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-07 13:03:15 ----D---- C:\Program Files\WOT
2009-08-24 14:07:03 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-08-24 14:06:53 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-08-24 14:06:53 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-08-24 14:06:13 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-08-24 14:06:06 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-08-24 11:52:30 ----D---- C:\Documents and Settings\PC\Application Data\WinRAR

======List of files/folders modified in the last 1 months======

2009-09-18 10:09:42 ----D---- C:\WINDOWS\Temp
2009-09-18 09:57:43 ----D---- C:\Program Files\Mozilla Firefox
2009-09-18 09:40:47 ----D---- C:\Program Files\Spyware Doctor
2009-09-18 09:40:17 ----D---- C:\WINDOWS\Prefetch
2009-09-18 09:40:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-18 09:13:50 ----SD---- C:\WINDOWS\Tasks
2009-09-18 09:12:15 ----RD---- C:\Program Files
2009-09-18 09:10:21 ----D---- C:\WINDOWS
2009-09-18 09:07:28 ----D---- C:\WINDOWS\system32\drivers
2009-09-18 09:07:02 ----D---- C:\Program Files\LogMeIn
2009-09-17 17:49:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-17 17:41:59 ----HD---- C:\$AVG8.VAULT$
2009-09-17 17:13:53 ----SHD---- C:\System Volume Information
2009-09-17 17:13:53 ----D---- C:\WINDOWS\system32\Restore
2009-09-17 15:03:41 ----D---- C:\WINDOWS\system32
2009-09-17 11:58:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-09-15 19:28:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-11 15:01:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-10 18:04:13 ----D---- C:\WINDOWS\Debug
2009-09-10 13:52:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-10 13:52:07 ----HD---- C:\WINDOWS\inf
2009-09-10 13:52:00 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 13:51:39 ----SHD---- C:\WINDOWS\Installer
2009-09-08 08:59:05 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2009-09-08 08:59:04 ----A---- C:\WINDOWS\system32\LMIport.dll
2009-09-08 08:59:04 ----A---- C:\WINDOWS\system32\lmimirr2.dll
2009-09-08 08:59:04 ----A---- C:\WINDOWS\system32\lmimirr.dll
2009-09-08 08:59:04 ----A---- C:\WINDOWS\system32\LMIinit.dll
2009-09-07 13:04:00 ----HD---- C:\Config.Msi
2009-09-03 15:06:19 ----D---- C:\Program Files\Favorite-Games
2009-09-03 12:03:54 ----D---- C:\Program Files\Google
2009-08-29 00:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-28 16:39:26 ----D---- C:\Program Files\Common Files
2009-08-28 16:39:26 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-08-28 09:03:24 ----D---- C:\Documents and Settings\PC\Application Data\skypePM
2009-08-26 13:21:02 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-24 14:07:38 ----D---- C:\Documents and Settings\PC\Application Data\Real
2009-08-24 14:07:07 ----D---- C:\Program Files\Common Files\Real
2009-08-24 09:06:03 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-12-23 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-12-23 81288]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-10-03 223128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-04 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-04 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-04 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-27 4630016]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-08 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gupdate1c964ee4a643026;Google Update Service (gupdate1c964ee4a643026); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:08 AM

Posted 22 September 2009 - 03:35 AM

Hi SweetV,

Sorry for my late reply, I somehow missed your reply. I am not seeing anything to worry about in your logs, can you tell me what problems you
are currently having?

Info.txt should be located at C:\Rsit\info.txt please post it in your next reply.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Thanks

unite.jpg


#7 SweetV

SweetV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 23 September 2009 - 02:35 AM

I'm happy there's nothing suspicious so far in my logs. here are the last one:

info.txt logfile of random's system information tool 1.06 2009-09-17 17:43:04

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BulgarianPhonetic XP by JAG™-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Deinst 132 C:\WINDOWS\INF\BgphXP.inf
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
ES-->MsiExec.exe /I{CBFAD664-763E-4A7D-BF92-BB0E493F3C66}
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Officejet Pro L7400 Series-->C:\Program Files\HP\Digital Imaging\{EFF55B46-106F-4151-A0BB-E327F8844FD3}\setup\hpzscr01.exe -datfile hpwscr18.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kel's CPL 24-in-One Bonus Pack!-->rundll32.exe advpack.dll,LaunchINFSection CPLBonus.inf,uninstall
K-Lite Codec Pack 4.0.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPM-->MsiExec.exe /X{DB27B1CA-A19D-4253-81C4-70968CBA1F0E}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MV2Player (remove only)-->C:\Program Files\Mv2Player\uninst.exe
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PagePro 1380 MF-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF8EC04D-9544-11D9-AAFC-0050BA1ACA6F}\setup.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
POLYGLOT 7-->"C:\Program Files\Polyglot7\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
ScanSoft PaperPort 10-->MsiExec.exe /I{0DE35B5F-3284-48F6-B732-C97A2C2459B9}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WOT for Internet Explorer-->MsiExec.exe /X{DB6BD5D5-8482-45C0-99CF-745C5B924497}

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HOME-73D9590413
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.

Record Number: 1862
Source Name: Ntfs
Time Written: 20090707084745.000000+180
Event Type: error
User:

Computer Name: HOME-73D9590413
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00196682E4C0. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1859
Source Name: Dhcp
Time Written: 20090707084738.000000+180
Event Type: warning
User:

Computer Name: HOME-73D9590413
Event Code: 7001
Message: The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 1855
Source Name: Service Control Manager
Time Written: 20090706131731.000000+180
Event Type: error
User:

Computer Name: HOME-73D9590413
Event Code: 10005
Message: DCOM got error "%1068" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Record Number: 1854
Source Name: DCOM
Time Written: 20090706131731.000000+180
Event Type: error
User: HOME-73D9590413\PC

Computer Name: HOME-73D9590413
Event Code: 7001
Message: The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 1853
Source Name: Service Control Manager
Time Written: 20090706131622.000000+180
Event Type: error
User:

=====Application event log=====

Computer Name: HOME-73D9590413
Event Code: 1000
Message: Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028, faulting module wwlib.dll, version 12.0.4518.1014, stamp 454285fb, debug? 0, fault address 0x00388504.

Record Number: 2185
Source Name: Microsoft Office 12
Time Written: 20090713090243.000000+180
Event Type: error
User:

Computer Name: HOME-73D9590413
Event Code: 2000
Message: Accepted Safe Mode action : Microsoft Office Outlook.

Record Number: 2158
Source Name: Microsoft Office 12
Time Written: 20090709151659.000000+180
Event Type: error
User:

Computer Name: HOME-73D9590413
Event Code: 5000
Message: EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3 ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Record Number: 2142
Source Name: Microsoft Office 12
Time Written: 20090708135843.000000+180
Event Type: error
User:

Computer Name: HOME-73D9590413
Event Code: 5000
Message: EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3 ntdll.dll, P4 5.1.2600.5755, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Record Number: 2078
Source Name: Microsoft Office 12
Time Written: 20090701165639.000000+180
Event Type: error
User:

Computer Name: HOME-73D9590413
Event Code: 2000
Message: Accepted Safe Mode action : Microsoft Office Outlook.

Record Number: 2077
Source Name: Microsoft Office 12
Time Written: 20090701123507.000000+180
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=7f01
"NUMBER_OF_PROCESSORS"=1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

-----------------EOF-----------------



GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-23 10:05:32
Windows 5.1.2600 Service Pack 3
Running: t3oxlbis.exe; Driver: C:\DOCUME~1\PC\LOCALS~1\Temp\pflyrfow.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF715B514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF714A282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF714A474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF715BD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF715BFB8]
SSDT sptd.sys ZwEnumerateKey [0xF72B8C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF72B8F9A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF715A3FA]
SSDT sptd.sys ZwQueryKey [0xF72B9064]
SSDT sptd.sys ZwQueryValueKey [0xF72B8EFC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF715C422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF715B7D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7149F32]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xF3D69384]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD1357.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F69FA4F0 16 Bytes [2C, BF, BD, D1, DB, 9C, B2, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F69FA501 31 Bytes [90, 9F, F6, 5E, 5F, 7E, ED, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\system32\svchost.exe[176] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[176] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015D0001
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe[240] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01330001
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[296] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01060001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[312] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01190001
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[416] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\RTHDCPL.EXE[500] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[500] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[500] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[500] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[500] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[500] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04A60001
.text C:\WINDOWS\RTHDCPL.EXE[500] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\RTHDCPL.EXE[500] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[532] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\AVG\AVG8\avgscanx.exe[564] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01270001
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[568] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[636] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01060001
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[676] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[712] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001
.text C:\WINDOWS\system32\csrss.exe[712] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\csrss.exe[712] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01C00001
.text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01770001
.text C:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006B0001
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1024] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01590001
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1060] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Documents and Settings\PC\Desktop\t3oxlbis.exe[1092] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1120] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04490001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1120] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1120] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1120] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01D60001
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008B0001
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01260001
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[1260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1336] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DF0001
.text C:\WINDOWS\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[1476] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1476] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1476] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1476] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1476] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1476] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\WINDOWS\system32\ctfmon.exe[1476] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\ctfmon.exe[1476] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01300001
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1480] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1584] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1608] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01700001
.text C:\WINDOWS\system32\spoolsv.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\spoolsv.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01B50001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1660] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\WgaTray.exe[1748] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WgaTray.exe[1748] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\WgaTray.exe[1748] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WgaTray.exe[1748] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\WgaTray.exe[1748] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WgaTray.exe[1748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\WgaTray.exe[1748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01150001
.text C:\WINDOWS\system32\WgaTray.exe[1748] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\WgaTray.exe[1748] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1776] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02C70001
.text C:\WINDOWS\Explorer.EXE[1776] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\Explorer.EXE[1776] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 06640001
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1876] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02B30001
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2092] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2428] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[2452] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2452] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[2452] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2452] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[2452] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2452] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[2452] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009A0001
.text C:\WINDOWS\System32\svchost.exe[2452] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\svchost.exe[2452] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2540] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2540] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[2540] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2540] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[2540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2540] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[2540] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\WINDOWS\system32\nvsvc32.exe[2540] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2540] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[2644] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2644] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[2644] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2644] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[2644] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2644] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[2644] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009A0001
.text C:\WINDOWS\System32\svchost.exe[2644] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\svchost.exe[2644] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2752] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2796] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2796] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[2796] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2796] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[2796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[2796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00870001
.text C:\WINDOWS\System32\alg.exe[2796] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[2796] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\alg.exe[2796] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2876] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013B0001
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text c:\program files\common files\installshield\updateservice\isuspm.exe[3016] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[3112] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3112] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[3112] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3112] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[3112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3112] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[3112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\WINDOWS\system32\svchost.exe[3112] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[3112] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3516] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F140F5A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3720] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F100F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72B4AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72B4C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72B4B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72B576C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72B5642] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72D7056] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86082C78
Device \FileSystem\Fastfat \FatCdrom 84767728
Device \Driver\00000042 \Device\00000040 sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8603AA40
Device \Driver\dmio \Device\DmControl\DmConfig 8603AA40
Device \Driver\dmio \Device\DmControl\DmPnP 8603AA40
Device \Driver\dmio \Device\DmControl\DmInfo 8603AA40
Device \Driver\Ftdisk \Device\HarddiskVolume1 8603AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 8603AC78
Device \Driver\Cdrom \Device\CdRom0 85F9B0E8
Device \FileSystem\Rdbss \Device\FsWrap 84EC1A90
Device \Driver\Cdrom \Device\CdRom1 85F9B0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DDB5FA6F-3FB8-4430-98AB-12B98F1A155E} 84E46EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export 84E46EB0
Device \Driver\NetBT \Device\NetbiosSmb 84E46EB0
Device \Driver\Disk \Device\Harddisk0\DR0 86082EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84E4C898
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84E4C898
Device \FileSystem\Npfs \Device\NamedPipe 84EC2A28
Device \Driver\Ftdisk \Device\FtControl 8603AC78
Device \FileSystem\Msfs \Device\Mailslot 84E910E8
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 8603A550
Device \Driver\nvgts \Device\Scsi\nvgts1 8603A550
Device \Driver\nvgts \Device\Scsi\nvgts2 8603A550
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 85EF50E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 85EF50E8
Device \FileSystem\Fastfat \Fat 84767728

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 84E21A98

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xA1 0xF1 0x75 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x03 0x30 0xC1 0x9B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xD6 0xF8 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1785501422
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1709430408
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -443717725
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xA1 0xF1 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x03 0x30 0xC1 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x2E 0x51 0x79 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x77 0xA1 0xF1 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x03 0x30 0xC1 0x9B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x2E 0x51 0x79 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xAD 0x79 0x27 0x13 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{c3156b42-0fd5-47d5-9508-720e4949c1e1}@Model 215
Reg HKLM\SOFTWARE\Classes\CLSID\{c3156b42-0fd5-47d5-9508-720e4949c1e1}@Therad 30
Reg HKLM\SOFTWARE\Classes\CLSID\{c3156b42-0fd5-47d5-9508-720e4949c1e1}@MData 0x2B 0x8F 0x78 0x29 ...

---- EOF - GMER 1.0.15 ----

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:08 AM

Posted 23 September 2009 - 05:08 AM

Still nothing showing, are you currently having any problems??


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

You have an outdated version of Adobe Reader, these have vulnerabilities that can be exploited by malware, to get in to your machine. Please follow these
steps to remove older versions of Adobe Reader and download the latest version.

Go to Start >> Settings >> Control Panel, double-click on Add/Remove Programs and remove any older versions of Adobe Reader.
  • Download the latest version of Adobe Acrobat Reader
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back here with the following logs:
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:08 AM

Posted 28 September 2009 - 05:36 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users