Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting redirected to other websites


  • This topic is locked This topic is locked
16 replies to this topic

#1 enjibenji

enjibenji

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 17 October 2009 - 03:03 PM

Hi,

Basically I keep getting redirected to all kinds of websites - especially when clicking on a link from google. Most times now, I have to go to google and click 3 times or so on the same website before I actually get onto that website. Even when I want to go on wikipedia from google, I will have to try a number of times before I get to it.

I should say, when I do click a link, from the loading bar at the bottom left of Firefox, I see it getting redirected to a number of IPs instead of going straight to the website I want it to.


It is very frustrating.



My DDS is here:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Ben at 18:03:52.30 on 17/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1622 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\vsnp2std.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ben\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.club-vaio.com/
uDefault_Page_URL = hxxp://www.club-vaio.com
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CubeDesktop]
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [fsm]
uRun: [WindowsSideShow] "regsvr32" /s /u "c:\users\ben\appdata\local\windows\WindowsSideShow.dll"
uRun: [RegistryMechanic] "c:\program files\registry mechanic\RMTray.exe" /H
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [snp2std] "c:\windows\vsnp2std.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] "c:\program files\realtek\audio\hda\RtHDVCpl.exe"
mRun: [Skytel] "c:\program files\realtek\audio\hda\Skytel.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: doctor-serv.com\livefooty
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BEED76B7-F5FF-4FBE-99CE-E8529591BC9F} - hxxp://www.rebirth.in.th/startgame/RebirthLauncher.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\qpfoy6hh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-13 206256]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-26 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-26 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-26 297752]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-1-8 233472]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-25 1205760]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-22 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-22 812544]
S2 vvdsvc;VJVodServices;c:\windows\system32\svchost.exe -k vvdsvc [2008-5-25 21504]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\drivers\cam1690.sys [2008-9-8 177280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-8-25 99376]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-22 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-13 348752]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-1-8 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2008-1-8 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2008-1-8 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-22 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-5-28 87328]

=============== Created Last 30 ================

2009-10-15 03:02 <DIR> --d----- c:\windows\SQL9_KB970892_ENU
2009-10-14 07:10 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-14 07:10 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-14 07:10 3,546,184 a------- c:\windows\system32\ntoskrnl.exe
2009-10-14 07:08 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-14 07:08 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 07:08 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 01:09 <DIR> --d----- c:\windows\RegisteredPackages
2009-10-05 01:09 <DIR> --d----- c:\program files\Windows Media Components
2009-10-04 12:51 <DIR> --d----- c:\windows\system32\TVUAx
2009-10-03 13:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-03 02:09 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-17 19:30 <DIR> --d----- c:\users\ben\appdata\roaming\PPLive

==================== Find3M ====================

2009-09-29 21:53 216,277 a------- c:\programdata\nvModes.dat
2009-09-29 21:53 216,277 a------- c:\progra~2\nvModes.dat
2009-09-16 00:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-16 00:24 51,200 a------- c:\windows\inf\infpub.dat
2009-09-16 00:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-16 00:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-16 00:24 86,016 a------- c:\windows\inf\infstor.dat
2009-08-31 14:55 293,376 a------- c:\windows\system32\psisdecd.dll
2009-08-31 14:55 428,544 a------- c:\windows\system32\EncDec.dll
2009-08-29 09:35 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-29 09:35 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 11:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 06:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 06:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 06:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-27 04:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-24 14:05 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 11:01 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 17:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 15:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-02-03 01:58 34 a------- c:\users\ben\jagex_runescape_preferences.dat
2008-09-05 12:22 48,697 a------- c:\users\ben\appdata\roaming\nvModes.dat
2008-06-11 03:21 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-26 00:21 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-05-26 01:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-05-26 01:53 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-05-26 01:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 11:48 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-12 11:48 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-12 11:48 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 11:48 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 18:06:03.19 ===============



Appreciate any help.

Attached Files


Edited by enjibenji, 17 October 2009 - 03:06 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:37 AM

Posted 29 October 2009 - 01:31 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please. Also, follow instructions here to create Rootrepeal log (step 7).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 enjibenji

enjibenji
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 29 October 2009 - 02:32 PM

Can't do rootrepeal log. Basically, I do the scan and it stops (no idea at what time, but the scan runs fine for 30 minutes +), up comes a box (part of the program/scan) and i can't move past that. I've run the scan a number of times, not just today, and it is always the same result. The only thing it will let me do is click the "X" to close the box, and then the whole thing closes.

Here is an image of what happens: Here

DDS log here, with a new attatch uploaded.

Thanks for the help :(


DDS (Ver_09-07-30.01) - NTFSx86
Run by Ben at 18:47:10.69 on 29/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2067 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\vsnp2std.exe
C:\Windows\StiD1690.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Users\Ben\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.club-vaio.com/
uDefault_Page_URL = hxxp://www.club-vaio.com
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CubeDesktop]
uRun: [fsm]
uRun: [WindowsSideShow] "regsvr32" /s /u "c:\users\ben\appdata\local\windows\WindowsSideShow.dll"
uRun: [RegistryMechanic] "c:\program files\registry mechanic\RMTray.exe" /H
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [Waiting1690] c:\windows\stid1690.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: doctor-serv.com\livefooty
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BEED76B7-F5FF-4FBE-99CE-E8529591BC9F} - hxxp://www.rebirth.in.th/startgame/RebirthLauncher.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\qpfoy6hh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-13 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-25 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-25 108552]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-22 9344]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\drivers\cam1690.sys [2008-9-8 177280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-8-25 99376]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]

=============== Created Last 30 ================

2009-10-27 21:18 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-27 21:18 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-27 00:30 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-27 00:29 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-27 00:28 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-27 00:28 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\eu-ES
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\ca-ES
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\vi-VN
2009-10-26 18:47 <DIR> --d----- c:\windows\system32\EventProviders
2009-10-24 00:45 63 a------- c:\users\ben\jagex_runescape_preferences2.dat
2009-10-20 17:46 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-10-20 17:46 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-10-20 17:46 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-10-20 17:46 65,536 a------- c:\windows\system32\DevicePairingWizard.exe
2009-10-20 17:46 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-10-20 17:46 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-10-20 17:44 527,848 a------- c:\windows\system32\drivers\ndis.sys
2009-10-20 17:43 153 a------- c:\windows\system32\RacUREx.xml
2009-10-20 17:43 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-10-20 17:43 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-10-20 17:43 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-10-20 17:43 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-10-20 17:43 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-10-20 17:43 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-10-20 17:43 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-10-20 17:43 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-10-20 17:43 218,624 a------- c:\windows\system32\wdscore.dll
2009-10-20 17:43 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-10-20 17:43 247,808 a------- c:\windows\system32\drvstore.dll
2009-10-15 02:02 <DIR> --d----- c:\windows\SQL9_KB970892_ENU
2009-10-14 06:10 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-14 06:10 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-14 06:10 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-10-14 06:08 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-14 06:08 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 06:08 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 00:09 <DIR> --d----- c:\windows\RegisteredPackages
2009-10-05 00:09 <DIR> --d----- c:\program files\Windows Media Components
2009-10-04 11:51 <DIR> --d----- c:\windows\system32\TVUAx
2009-10-03 12:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-03 01:09 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-26 19:57 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-26 19:57 143,360 a------- c:\windows\inf\infstor.dat
2009-10-26 19:57 51,200 a------- c:\windows\inf\infpub.dat
2009-10-26 19:32 665,600 a------- c:\windows\inf\drvindex.dat
2009-10-24 01:01 38 a------- c:\users\ben\jagex_runescape_preferences.dat
2009-09-29 20:53 216,277 a------- c:\programdata\nvModes.dat
2009-09-29 20:53 216,277 a------- c:\progra~2\nvModes.dat
2009-09-15 23:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-15 23:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-08-29 08:35 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-29 02:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 02:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 02:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 02:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 00:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 05:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-27 03:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 15:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 13:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 13:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 13:48 105,984 a------- c:\windows\system32\netiohlp.dll
2008-09-05 11:22 48,697 a------- c:\users\ben\appdata\roaming\nvModes.dat
2008-05-25 23:21 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-12 10:48 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-12 10:48 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-12 10:48 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 10:48 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 18:52:55.86 ===============

Attached Files


Edited by enjibenji, 29 October 2009 - 02:33 PM.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:37 AM

Posted 30 October 2009 - 01:39 AM

Hi,

Let's see if you're able to run GMER.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply. Let me also know about the current symptoms with the system.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 enjibenji

enjibenji
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 31 October 2009 - 04:57 AM

OK. Basically, my internet is pretty slow when browsing, and when I do browse and use google (which everyone does often) I always get redirected to another website. I will type something in google, click on the website I want, then watch the bottom left of the internet browser showing me that i'm getting redirected to some sort of web address that looks like an IP address.


here,s the GMER.




GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-31 09:56:11
Windows 6.0.6002 Service Pack 2
Running: nnlpxrt5.exe; Driver: C:\Users\Ben\AppData\Local\Temp\fxldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT C3394EB8 ZwAllocateVirtualMemory
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xC8B3A9A6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xC8B3AB98]
SSDT C3393228 ZwCreateThread
SSDT C3394F30 ZwQueueApcThread
SSDT C3394DC8 ZwReadVirtualMemory
SSDT C3394020 ZwSetContextThread
SSDT C3393318 ZwSetInformationProcess
SSDT C3393138 ZwSetInformationThread
SSDT C33932A0 ZwSuspendProcess
SSDT C3394FA8 ZwSuspendThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xC8B3A656]
SSDT C33931B0 ZwTerminateThread
SSDT C3394E40 ZwWriteVirtualMemory
SSDT C3394CD8 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0xC8B3ADA0]

INT 0x51 ? C3375A50
INT 0x52 ? C4EDBCD0
INT 0x61 ? C6C0ACD0
INT 0x62 ? C4EDB050
INT 0x71 ? C50B5050
INT 0x72 ? C33757D0
INT 0x82 ? C33752D0
INT 0x92 ? C3375550
INT 0xA2 ? C4EDBA50
INT 0xB0 ? C4EDB2D0
INT 0xB1 ? C3375CD0
INT 0xB2 ? C50B5550
INT 0xB3 ? C4EDB7D0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 E2CCB874 4 Bytes [B8, 4E, 39, C3]
.text ntkrnlpa.exe!KeSetEvent + 209 E2CCB94C 8 Bytes [A6, A9, B3, C8, 98, AB, B3, ...] {CMPSB ; TEST EAX, 0xab98c8b3; MOV BL, 0xc8}
.text ntkrnlpa.exe!KeSetEvent + 221 E2CCB964 4 Bytes [28, 32, 39, C3] {SUB [EDX], DH; CMP EBX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 4E5 E2CCBC28 4 Bytes [30, 4F, 39, C3] {XOR [EDI+0x39], CL; RET }
.text ntkrnlpa.exe!KeSetEvent + 4FD E2CCBC40 4 Bytes JMP 1C1A8527
.text ...
? System32\Drivers\spvz.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload C897B41B 5 Bytes JMP C4C8C1D8
.text a685emmn.SYS CE592000 22 Bytes [82, F3, FD, E2, 6C, F2, FD, ...]
.text a685emmn.SYS CE592017 159 Bytes [00, 32, D7, 59, C8, 3D, D5, ...]
.text a685emmn.SYS CE5920B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a685emmn.SYS CE5920CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...]
.text a685emmn.SYS CE59211F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] kernel32.dll!FindResourceExA 77B02575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] kernel32.dll!FindResourceA 77B02653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] kernel32.dll!CreateEventA 77B244C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] kernel32.dll!LockResource 77B268DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] kernel32.dll!FindResourceExW 77B269FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] kernel32.dll!LoadResource 77B26ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] kernel32.dll!FindResourceW 77B27FA1 5 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] kernel32.dll!SizeofResource 77B27FBF 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] ADVAPI32.dll!CryptDeriveKey 772BFCAE 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] ADVAPI32.dll!CryptDecrypt 772BFE91 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!CreateDialogParamW 764272A2 5 Bytes JMP 28006040 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!SetWindowPlacement 76427963 5 Bytes JMP 28005DC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!SetWindowRgn 7642A221 7 Bytes JMP 28005F00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!LoadImageW 7642C9E5 5 Bytes JMP 28006690 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!LoadIconW 7642DA9F 5 Bytes JMP 28006880 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!CreateWindowExW 76431305 5 Bytes JMP 28003CA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!GetWindowLongW 7643F8BF 7 Bytes JMP 28006A20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!PeekMessageW 7644045A 5 Bytes JMP 280045E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!TrackPopupMenuEx 76450CE7 5 Bytes JMP 28004EC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] USER32.dll!MessageBoxIndirectW 7647D5D3 5 Bytes JMP 28006230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WS2_32.dll!closesocket 77AA330C 5 Bytes JMP 2800BC20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WS2_32.dll!recv 77AA343A 5 Bytes JMP 2800B440 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WS2_32.dll!WSASend 77AA4496 5 Bytes JMP 2800B9E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WS2_32.dll!send 77AA659B 5 Bytes JMP 2800B800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WS2_32.dll!WSARecv 77AA8400 5 Bytes JMP 2800B5E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] SHELL32.dll!Shell_NotifyIconW 767F8626 5 Bytes JMP 28003400 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] ole32.dll!CoRegisterClassObject 76027DB6 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] ole32.dll!CoCreateInstance 76069EA6 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] ole32.dll!CoInitializeEx 7606AD63 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WININET.dll!InternetReadFile 7617654B 5 Bytes JMP 2800A450 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WININET.dll!InternetCloseHandle 76179088 5 Bytes JMP 2800A600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WININET.dll!HttpOpenRequestA 7617D508 5 Bytes JMP 2800A2C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2528] WININET.dll!HttpSendRequestA 7618EE89 5 Bytes JMP 2800A530 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [C84946D2] \SystemRoot\System32\Drivers\spvz.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [C8494040] \SystemRoot\System32\Drivers\spvz.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [C84947FC] \SystemRoot\System32\Drivers\spvz.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [C84940BE] \SystemRoot\System32\Drivers\spvz.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [C849413C] \SystemRoot\System32\Drivers\spvz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [C84A4048] \SystemRoot\System32\Drivers\spvz.sys
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortCompleteRequest] 01642446
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortMoveMemory] 7E39CE5A
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 01902846
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468BCE5A
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\a685emmn.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73707817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7375A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7370BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [736FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [737075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [736FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73738395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7370DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [736FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [736FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [736F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7378CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7372C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [736FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [736F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [736F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73702AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [03BD01A6] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!ReadFile] [03BC51E9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [03BCBBF9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [03BCB0E7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [03BCB959] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!UnmapViewOfFile] [03BD16C5] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetFileSize] [03BB6D8A] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MapViewOfFile] [03BD6067] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileMappingW] [03BD308E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetFilePointerEx] [03BB94BD] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [03BD01A6] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetFilePointer] [03BB7F83] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileMappingW] [03BD308E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!MapViewOfFile] [03BD6067] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!UnmapViewOfFile] [03BD16C5] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetFileSizeEx] [03BB793D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [03BC51E9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [03BD01A6] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!_lclose] [03BB22D1] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSize] [03BB6D8A] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [03BB47BC] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FindNextFileW] [03BCB0E7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FindClose] [03BCBBF9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MapViewOfFile] [03BD6067] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!UnmapViewOfFile] [03BD16C5] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSizeEx] [03BB793D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingW] [03BD308E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetFilePointer] [03BB7F83] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!UnmapViewOfFile] [03BD16C5] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!MapViewOfFileEx] [03BD5853] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [03BCB0E7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileInformationByHandle] [03BB9E53] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetEndOfFile] [03BB9A12] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ExitProcess] [03BDB313] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [03BD01A6] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [03BCB959] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [03BCBBF9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFilePointer] [03BB7F83] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileMappingW] [03BD308E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MapViewOfFile] [03BD6067] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!UnmapViewOfFile] [03BD16C5] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileSizeEx] [03BB793D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [03BC51E9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileSize] [03BB6D8A] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [03BCBBF9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [03BCB575] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [03BCACB8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [03BCB959] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [03BCB0E7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] [03BDB313] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetEndOfFile] [03BB9A12] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileInformationByHandle] [03BB9E53] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] [03BB7F83] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [03BBB5B1] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [03BC51E9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [03BC51E9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFilePointerEx] [03BB94BD] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFilePointer] [03BB7F83] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetEndOfFile] [03BB9A12] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileInformationByHandle] [03BB9E53] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!MapViewOfFile] [03BD6067] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileMappingA] [03BD1BDF] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileMappingW] [03BD308E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!OpenFileMappingW] [03BD4EF2] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!UnmapViewOfFile] [03BD16C5] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [03BD01A6] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [03BCB959] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [03BCB0E7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [03BBB5B1] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [03BCB575] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [03BCACB8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [03BCBBF9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [03BCBBF9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [03BCB959] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [03BD01A6] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] [03BB7F83] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] [03BD5853] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] [03BD308E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] [03BD6067] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] [03BD4EF2] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] [03BD16C5] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetEndOfFile] [03BB9A12] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] [03BB6D8A] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileInformationByHandle] [03BB9E53] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] [03BC51E9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [03BD01A6] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FindClose] [03BCBBF9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FindNextFileW] [03BCB0E7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!FindFirstFileW] [03BCB959] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!ReadFile] [03BC51E9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetFileSize] [03BB6D8A] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [03BCD98E] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\IPHLPAPI.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\IPHLPAPI.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\IPHLPAPI.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\IPHLPAPI.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\IPHLPAPI.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!TerminateProcess] [03BDB896] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [03BCBFFE] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [03BCC8E8] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [03BBF277] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [03BC337D] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [03BC51E9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetFilePointer] [03BB7F83] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!DuplicateHandle] [03BD62F7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetEndOfFile] [03BB9A12] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetFileSize] [03BB6D8A] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FindClose] [03BCBBF9] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FindNextFileW] [03BCB0E7] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FindFirstFileW] [03BCB959] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [03BD01A6] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!MapViewOfFile] [03BD6067] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileMappingA] [03BD1BDF] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [03BBB5B1] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)
IAT C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe[4604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!UnmapViewOfFile] [03BD16C5] C:\Program Files\Eidos\Championship Manager 2010\CM2010_0\CM2010.exe (Championship Manager 2010/Eidos)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs C33261F8

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\volmgr \Device\VolMgrControl C33211F8
Device \Driver\usbuhci \Device\USBPDO-0 C4C721F8
Device \Driver\PCI_PNP2941 \Device\00000051 spvz.sys
Device \Driver\usbuhci \Device\USBPDO-1 C4C721F8
Device \Driver\usbehci \Device\USBPDO-2 C4C851F8
Device \Driver\usbuhci \Device\USBPDO-3 C4C721F8
Device \Driver\usbuhci \Device\USBPDO-4 C4C721F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 C4C721F8
Device \Driver\usbehci \Device\USBPDO-6 C4C851F8
Device \Driver\volmgr \Device\HarddiskVolume1 C33211F8
Device \Driver\volmgr \Device\HarddiskVolume2 C33211F8
Device \Driver\cdrom \Device\CdRom0 C4DE31F8
Device \Driver\volmgr \Device\HarddiskVolume3 C33211F8
Device \Driver\cdrom \Device\CdRom1 C4DE31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 C33251F8
Device \Driver\iaStor \Device\Ide\iaStor0 [C8A48D30] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 C33251F8
Device \Driver\atapi \Device\Ide\IdePort1 C33251F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [C8A48D30] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume4 C33211F8
Device \Driver\netbt \Device\NetBt_Wins_Export C7B9B1F8
Device \Driver\Smb \Device\NetbiosSmb C7B8C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 C4E8D1F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\netbt \Device\NetBT_Tcpip_{2F4A5AA8-AE78-44BC-BC0B-5FFC7A91B07C} C7B9B1F8

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 C4C721F8
Device \Driver\usbuhci \Device\USBFDO-1 C4C721F8
Device \Driver\netbt \Device\NetBT_Tcpip_{9FCCB2F2-B66D-4065-A558-F1B7A450DAA3} C7B9B1F8
Device \Driver\usbehci \Device\USBFDO-2 C4C851F8
Device \Driver\usbuhci \Device\USBFDO-3 C4C721F8
Device \Driver\usbuhci \Device\USBFDO-4 C4C721F8
Device \Driver\sptd \Device\2048862961 spvz.sys
Device \Driver\usbuhci \Device\USBFDO-5 C4C721F8
Device \Driver\usbehci \Device\USBFDO-6 C4C851F8
Device \Driver\a685emmn \Device\Scsi\a685emmn1 C4E531F8
Device \Driver\a685emmn \Device\Scsi\a685emmn1Port4Path0Target0Lun0 C4E531F8
Device \FileSystem\cdfs \Cdfs C2D181F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xD4 0xAE 0x51 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x59 0x47 0xEA ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4D 0x2B 0x41 0x97 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{633DB6D6-418A-3B10-15A8-77263FB05205}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{633DB6D6-418A-3B10-15A8-77263FB05205}@jadkielmbbfmjfigheij 0x66 0x61 0x67 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{633DB6D6-418A-3B10-15A8-77263FB05205}@paljfjnfcdlojfejmdpkgdnmlnhlioej 0x62 0x61 0x68 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{633DB6D6-418A-3B10-15A8-77263FB05205}@hadkielmbbfmjfig 0x6E 0x62 0x67 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{633DB6D6-418A-3B10-15A8-77263FB05205}@paljfjnfcdlojfejmdpkgdnmlnhliofj 0x62 0x61 0x68 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB1C04C6-0499-E89E-EB51-5291753302AA}

---- EOF - GMER 1.0.15 ----

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:37 AM

Posted 31 October 2009 - 05:42 AM

Ok. Thanks for the log & description :(


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 enjibenji

enjibenji
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 31 October 2009 - 08:21 AM

DDS here:



DDS (Ver_09-07-30.01) - NTFSx86
Run by Ben at 13:10:26.95 on 31/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1856 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\StiD1690.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Ben\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.club-vaio.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WindowsSideShow] "regsvr32" /s /u "c:\users\ben\appdata\local\windows\WindowsSideShow.dll"
uRun: [RegistryMechanic] "c:\program files\registry mechanic\RMTray.exe" /H
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [RtHDVCpl] "c:\program files\realtek\audio\hda\RtHDVCpl.exe"
mRun: [Skytel] "c:\program files\realtek\audio\hda\Skytel.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [snp2std] "c:\windows\vsnp2std.exe"
mRun: [Waiting1690] "c:\windows\stid1690.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: doctor-serv.com\livefooty
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BEED76B7-F5FF-4FBE-99CE-E8529591BC9F} - hxxp://www.rebirth.in.th/startgame/RebirthLauncher.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\qpfoy6hh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-13 206256]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-25 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-25 297752]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-1-8 233472]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-25 1205760]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-22 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-22 812544]
S2 vvdsvc;VJVodServices;c:\windows\system32\svchost.exe -k vvdsvc [2008-5-25 21504]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\drivers\cam1690.sys [2008-9-8 177280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-8-25 99376]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-22 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-13 348752]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-1-8 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2008-1-8 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2008-1-8 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-22 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-5-28 87328]

=============== Created Last 30 ================

2009-10-31 12:17 277,784 a------- c:\windows\system32\drivers\iastor.sys
2009-10-31 12:17 232,040 a------- c:\windows\system32\drivers\iastorv.sys
2009-10-31 12:17 19,944 a------- c:\windows\system32\drivers\atapi.sys
2009-10-31 11:57 236,544 a------- c:\windows\PEV.exe
2009-10-31 11:57 161,792 a------- c:\windows\SWREG.exe
2009-10-31 11:57 98,816 a------- c:\windows\sed.exe
2009-10-31 11:57 77,312 a------- c:\windows\MBR.exe
2009-10-27 21:18 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-27 21:18 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-27 00:30 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-27 00:29 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-27 00:28 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-27 00:28 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\eu-ES
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\ca-ES
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\vi-VN
2009-10-26 18:47 <DIR> --d----- c:\windows\system32\EventProviders
2009-10-24 00:45 63 a------- c:\users\ben\jagex_runescape_preferences2.dat
2009-10-20 17:46 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-10-20 17:46 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-10-20 17:46 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-10-20 17:46 65,536 a------- c:\windows\system32\DevicePairingWizard.exe
2009-10-20 17:46 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-10-20 17:46 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-10-20 17:44 527,848 a------- c:\windows\system32\drivers\ndis.sys
2009-10-20 17:43 153 a------- c:\windows\system32\RacUREx.xml
2009-10-20 17:43 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-10-20 17:43 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-10-20 17:43 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-10-20 17:43 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-10-20 17:43 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-10-20 17:43 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-10-20 17:43 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-10-20 17:43 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-10-20 17:43 218,624 a------- c:\windows\system32\wdscore.dll
2009-10-20 17:43 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-10-20 17:43 247,808 a------- c:\windows\system32\drvstore.dll
2009-10-15 02:02 <DIR> --d----- c:\windows\SQL9_KB970892_ENU
2009-10-14 06:10 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-14 06:10 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-14 06:10 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-10-14 06:08 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-14 06:08 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 06:08 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 00:09 <DIR> --d----- c:\windows\RegisteredPackages
2009-10-05 00:09 <DIR> --d----- c:\program files\Windows Media Components
2009-10-04 11:51 <DIR> --d----- c:\windows\system32\TVUAx
2009-10-03 12:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-03 01:09 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-26 19:57 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-26 19:57 143,360 a------- c:\windows\inf\infstor.dat
2009-10-26 19:57 51,200 a------- c:\windows\inf\infpub.dat
2009-10-26 19:32 665,600 a------- c:\windows\inf\drvindex.dat
2009-10-24 01:01 38 a------- c:\users\ben\jagex_runescape_preferences.dat
2009-09-29 20:53 216,277 a------- c:\programdata\nvModes.dat
2009-09-29 20:53 216,277 a------- c:\progra~2\nvModes.dat
2009-09-15 23:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-15 23:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-08-29 08:35 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-29 02:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 02:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 02:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 02:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 00:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 05:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-27 03:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 15:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 13:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 13:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 13:48 105,984 a------- c:\windows\system32\netiohlp.dll
2008-09-05 11:22 48,697 a------- c:\users\ben\appdata\roaming\nvModes.dat
2008-05-25 23:21 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-12 10:48 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-12 10:48 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-12 10:48 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 10:48 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 13:17:10.81 ===============








I ran combofix. I should say, the first time I ran it, around 6 minutes or so into it a popup came up from combofix saying rootkit was detected and i needed to restart my laptop. I clicked OK, and it restarted automatically.


Anyway, the log is here:









ComboFix 09-10-30.01 - Ben 31/10/2009 12:17.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1968 [GMT 0:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1352612194-1282887977-565208807-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3444216981-1278015043-2524001371-500
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\windows\Downloaded Program Files\Install.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 12:50 . 2009-10-31 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-31 12:50 . 2009-10-31 12:52 -------- d-----w- c:\users\Ben\AppData\Local\temp
2009-10-31 12:17 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 12:17 . 2007-03-01 00:03 277784 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-10-31 12:17 . 2006-11-02 09:51 232040 ----a-w- c:\windows\system32\drivers\iastorv.sys
2009-10-27 21:18 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 21:18 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 00:30 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 00:30 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 00:30 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 00:30 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:29 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 00:29 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 00:29 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:28 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:28 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\ca-ES
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\eu-ES
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\vi-VN
2009-10-26 18:47 . 2009-10-26 18:47 -------- d-----w- c:\windows\system32\EventProviders
2009-10-24 00:45 . 2009-10-24 01:02 63 ----a-w- c:\users\Ben\jagex_runescape_preferences2.dat
2009-10-20 17:46 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-20 17:46 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-10-20 17:46 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-10-20 17:46 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-10-20 17:46 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-10-20 17:46 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-10-20 17:44 . 2009-04-11 06:32 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-20 17:43 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-20 17:43 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-20 17:43 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-20 17:43 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-20 17:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-20 17:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-20 17:43 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-20 17:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-20 17:43 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-20 17:43 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-20 17:43 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-15 02:02 . 2009-10-15 02:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-14 06:10 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 06:10 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 06:10 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 06:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 06:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 06:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 00:09 . 2009-10-05 00:09 -------- d-----w- c:\program files\Windows Media Components
2009-10-04 11:51 . 2009-10-25 12:31 -------- d-----w- c:\windows\system32\TVUAx
2009-10-03 01:09 . 2009-10-01 10:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 15:01 . 2008-10-11 16:39 -------- d-----w- c:\programdata\Google Updater
2009-10-30 04:02 . 2009-09-15 14:42 -------- d-----w- c:\program files\Eidos
2009-10-30 04:02 . 2007-11-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 23:27 . 2008-11-10 16:06 -------- d-----w- c:\users\Ben\AppData\Roaming\gtk-2.0
2009-10-26 20:05 . 2007-11-22 18:27 -------- d-----w- c:\programdata\NVIDIA
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-26 19:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-24 09:07 . 2007-11-22 20:03 -------- d-----w- c:\program files\Google BAE
2009-10-24 01:22 . 2008-05-25 22:35 1356 ----a-w- c:\users\Ben\AppData\Local\d3d9caps.dat
2009-10-24 01:01 . 2009-02-03 00:57 38 ----a-w- c:\users\Ben\jagex_runescape_preferences.dat
2009-10-17 17:01 . 2007-11-22 20:06 -------- d-----w- c:\program files\Java
2009-10-15 02:05 . 2007-11-22 19:55 -------- d-----w- c:\programdata\Microsoft Help
2009-10-15 02:03 . 2007-11-22 20:00 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-03 12:15 . 2009-10-03 12:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-01 18:27 . 2008-05-25 22:35 108400 ----a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-29 20:53 . 2008-11-19 23:28 216277 ----a-w- c:\programdata\nvModes.dat
2009-09-21 18:43 . 2009-02-28 02:07 -------- d-----w- c:\users\Ben\AppData\Roaming\LimeWire
2009-09-17 18:30 . 2009-09-17 18:30 -------- d-----w- c:\users\Ben\AppData\Roaming\PPLive
2009-09-17 18:30 . 2009-09-09 18:37 -------- d-----w- c:\program files\PPLive
2009-09-15 23:26 . 2009-09-15 23:26 -------- d-----w- c:\users\Ben\AppData\Roaming\Logitech
2009-09-15 23:24 . 2009-09-15 23:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-15 23:24 . 2009-09-15 23:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-15 23:22 . 2009-09-15 23:21 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-15 23:21 . 2009-09-15 23:21 -------- d-----w- c:\programdata\Logitech
2009-09-15 23:21 . 2009-09-15 23:21 -------- d-----w- c:\program files\Logitech
2009-09-15 23:20 . 2009-09-15 23:20 -------- d-----w- c:\programdata\LogiShrd
2009-09-15 15:04 . 2009-09-15 15:04 -------- d--h--r- c:\users\Ben\AppData\Roaming\SecuROM
2009-09-15 14:38 . 2009-09-15 14:22 -------- d-----w- c:\users\Ben\AppData\Roaming\GetRightToGo
2009-09-13 15:45 . 2009-09-13 15:20 -------- d-----w- c:\program files\Spyware Doctor
2009-09-13 15:21 . 2009-09-13 15:20 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-13 15:20 . 2009-09-13 15:20 -------- d-----w- c:\users\Ben\AppData\Roaming\PC Tools
2009-09-13 15:20 . 2009-09-13 15:20 -------- d-----w- c:\programdata\PC Tools
2009-09-10 02:20 . 2008-12-27 12:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 01:42 . 2009-09-09 18:38 -------- d-----w- c:\programdata\PPLive
2009-09-03 06:06 . 2009-06-27 12:44 -------- d-----w- c:\users\Ben\AppData\Roaming\play2p
2009-08-29 08:35 . 2009-02-25 23:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 08:35 . 2009-02-25 23:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 08:35 . 2009-02-25 23:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-29 00:27 . 2009-09-04 14:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-04 14:06 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 06:09 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 06:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 06:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 06:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-24 13:05 . 2009-09-13 15:21 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 10:01 . 2009-09-13 15:21 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 17:34 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 17:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 17:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 17:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 17:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 17:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 17:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 17:34 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 17:34 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 17:34 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 17:34 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-12-12 17:35 . 2008-12-12 17:35 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-16 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WindowsSideShow"="c:\users\Ben\AppData\Local\Windows\WindowsSideShow.dll" [2009-05-20 110592]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-12 1833504]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"Waiting1690"="c:\windows\stid1690.exe" [2007-06-05 60416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-15 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-15 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^play2p.lnk]
backup=c:\windows\pss\play2p.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:6b,08,92,42,76,56,ca,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [13/09/2009 15:21 206256]
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [21/04/2009 17:27 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25/02/2009 23:27 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25/02/2009 23:27 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25/02/2009 23:25 297752]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [08/01/2008 13:44 233472]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 04:09 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [25/02/2009 19:40 1205760]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [22/11/2007 17:22 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [22/11/2007 17:21 812544]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\System32\drivers\cam1690.sys [08/09/2008 14:55 177280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/08/2008 15:24 99376]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/11/2007 20:03 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [25/01/2007 17:31 42000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [13/09/2009 15:20 348752]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [08/01/2008 13:33 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [08/01/2008 13:33 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [08/01/2008 13:33 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [22/08/2008 17:13 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [28/05/2008 11:27 87328]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 12:25]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{A58A08F6-44AC-452E-ABD9-8D529A7737AF}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-vaio.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: doctor-serv.com\livefooty
DPF: {BEED76B7-F5FF-4FBE-99CE-E8529591BC9F} - hxxp://www.rebirth.in.th/startgame/RebirthLauncher.ocx
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\qpfoy6hh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CubeDesktop - (no file)
HKCU-Run-fsm - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 12:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3744430451-3571531818-1311759403-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{633DB6D6-418A-3B10-15A8-77263FB05205}*]
"jadkielmbbfmjfigheij"=hex:66,61,67,68,65,67,61,6c,6b,66,70,6c,00,00
"paljfjnfcdlojfejmdpkgdnmlnhlioej"=hex:62,61,68,68,00,67
"hadkielmbbfmjfig"=hex:6e,62,67,68,6f,66,70,61,61,70,6d,6e,66,62,67,69,68,66,
6f,68,68,66,67,6b,67,69,67,65,69,63,63,63,63,64,67,6c,70,6c,67,6f,65,6b,6b,\
"paljfjnfcdlojfejmdpkgdnmlnhliofj"=hex:62,61,68,68,00,67

[HKEY_USERS\S-1-5-21-3744430451-3571531818-1311759403-1003\Software\SecuROM\License information*]
"datasecu"=hex:5d,7d,a5,ff,ed,78,f7,18,dc,43,23,2a,a9,9b,1e,56,4b,74,18,97,6f,
9e,8a,01,ba,dd,06,d6,b9,a4,4a,29,2e,ac,17,ba,a2,22,4e,bb,24,01,ee,27,a9,47,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-31 12:57
ComboFix-quarantined-files.txt 2009-10-31 12:57

Pre-Run: 95,876,063,232 bytes free
Post-Run: 96,556,388,352 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 08A53228A533878696B1ED4E8969AE30




how is it looking?

thanks again

Attached Files


Edited by enjibenji, 31 October 2009 - 08:22 AM.


#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:37 AM

Posted 31 October 2009 - 10:09 AM

Hi again,


LimeWire
Vuze


Above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Open notepad and copy/paste the text in the quotebox below into it:

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Regnull::
[HKEY_USERS\S-1-5-21-3744430451-3571531818-1311759403-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{633DB6D6-418A-3B10-15A8-77263FB05205}*]
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Uninstall these vulnerable Javas:
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5




Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Edited by Blade81, 02 November 2009 - 12:34 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 enjibenji

enjibenji
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 01 November 2009 - 10:05 AM

Hi,


First off, thanks for the reply again :(


I am wanting to keep Vuze and Limewire. The reason is, not because I use it illegally, but because sometimes I download material that is not copyrighted for work or for uni. If I wanted to keep these programs, do I still need to post the combofix log?


Secondly, I uninstalled all of the programs you said I should, and updated them with new ones :(



The DDS log is here:



DDS (Ver_09-07-30.01) - NTFSx86
Run by Ben at 14:38:47.86 on 01/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1235 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\StiD1690.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Ben\AppData\Local\temp\jkos-Ben\binaries\ScanningProcess.exe
C:\Users\Ben\AppData\Local\temp\jkos-Ben\binaries\ScanningProcess.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ben\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.club-vaio.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WindowsSideShow] "regsvr32" /s /u "c:\users\ben\appdata\local\windows\WindowsSideShow.dll"
uRun: [RegistryMechanic] "c:\program files\registry mechanic\RMTray.exe" /H
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [RtHDVCpl] "c:\program files\realtek\audio\hda\RtHDVCpl.exe"
mRun: [Skytel] "c:\program files\realtek\audio\hda\Skytel.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [snp2std] "c:\windows\vsnp2std.exe"
mRun: [Waiting1690] "c:\windows\stid1690.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: doctor-serv.com\livefooty
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BEED76B7-F5FF-4FBE-99CE-E8529591BC9F} - hxxp://www.rebirth.in.th/startgame/RebirthLauncher.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\qpfoy6hh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ben\appdata\roaming\mozilla\firefox\profiles\qpfoy6hh.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-13 206256]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-25 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-25 297752]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-1-8 233472]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-25 1205760]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-22 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-22 812544]
S2 vvdsvc;VJVodServices;c:\windows\system32\svchost.exe -k vvdsvc [2008-5-25 21504]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\drivers\cam1690.sys [2008-9-8 177280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-8-25 99376]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-5-25 21504]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-22 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-13 348752]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-1-8 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2008-1-8 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2008-1-8 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-22 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-5-28 87328]

=============== Created Last 30 ================

2009-10-31 19:13 <DIR> --d----- c:\windows\system32\Adobe
2009-10-31 19:03 <DIR> --d----- c:\programdata\NOS
2009-10-31 12:17 277,784 a------- c:\windows\system32\drivers\iastor.sys
2009-10-31 12:17 232,040 a------- c:\windows\system32\drivers\iastorv.sys
2009-10-31 12:17 19,944 a------- c:\windows\system32\drivers\atapi.sys
2009-10-31 11:57 236,544 a------- c:\windows\PEV.exe
2009-10-31 11:57 161,792 a------- c:\windows\SWREG.exe
2009-10-31 11:57 98,816 a------- c:\windows\sed.exe
2009-10-31 11:57 77,312 a------- c:\windows\MBR.exe
2009-10-27 21:18 310,784 a------- c:\windows\system32\unregmp2.exe
2009-10-27 21:18 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-10-27 00:30 2,421,760 a------- c:\windows\system32\wucltux.dll
2009-10-27 00:29 87,552 a------- c:\windows\system32\wudriver.dll
2009-10-27 00:28 171,608 a------- c:\windows\system32\wuwebv.dll
2009-10-27 00:28 33,792 a------- c:\windows\system32\wuapp.exe
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\eu-ES
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\ca-ES
2009-10-26 19:32 <DIR> --d----- c:\windows\system32\vi-VN
2009-10-26 18:47 <DIR> --d----- c:\windows\system32\EventProviders
2009-10-24 00:45 63 a------- c:\users\ben\jagex_runescape_preferences2.dat
2009-10-20 17:46 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-10-20 17:46 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-10-20 17:46 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-10-20 17:46 65,536 a------- c:\windows\system32\DevicePairingWizard.exe
2009-10-20 17:46 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-10-20 17:46 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-10-20 17:44 527,848 a------- c:\windows\system32\drivers\ndis.sys
2009-10-20 17:43 153 a------- c:\windows\system32\RacUREx.xml
2009-10-20 17:43 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-10-20 17:43 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-10-20 17:43 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-10-20 17:43 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-10-20 17:43 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-10-20 17:43 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-10-20 17:43 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-10-20 17:43 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-10-20 17:43 218,624 a------- c:\windows\system32\wdscore.dll
2009-10-20 17:43 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-10-20 17:43 247,808 a------- c:\windows\system32\drvstore.dll
2009-10-15 02:02 <DIR> --d----- c:\windows\SQL9_KB970892_ENU
2009-10-14 06:10 218,624 a------- c:\windows\system32\msv1_0.dll
2009-10-14 06:10 3,600,456 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-14 06:10 3,548,216 a------- c:\windows\system32\ntoskrnl.exe
2009-10-14 06:08 60,928 a------- c:\windows\system32\msasn1.dll
2009-10-14 06:08 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 06:08 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 00:09 <DIR> --d----- c:\windows\RegisteredPackages
2009-10-05 00:09 <DIR> --d----- c:\program files\Windows Media Components
2009-10-04 11:51 <DIR> --d----- c:\windows\system32\TVUAx
2009-10-03 12:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-03 01:09 195,440 -------- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-26 19:57 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-26 19:57 143,360 a------- c:\windows\inf\infstor.dat
2009-10-26 19:57 51,200 a------- c:\windows\inf\infpub.dat
2009-10-26 19:32 665,600 a------- c:\windows\inf\drvindex.dat
2009-10-24 01:01 38 a------- c:\users\ben\jagex_runescape_preferences.dat
2009-09-29 20:53 216,277 a------- c:\programdata\nvModes.dat
2009-09-29 20:53 216,277 a------- c:\progra~2\nvModes.dat
2009-09-15 23:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-15 23:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-08-29 08:35 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-29 02:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 02:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 02:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 02:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 00:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 05:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-27 03:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 15:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 13:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 13:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 13:48 105,984 a------- c:\windows\system32\netiohlp.dll
2008-09-05 11:22 48,697 a------- c:\users\ben\appdata\roaming\nvModes.dat
2008-05-25 23:21 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-12 10:48 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-12 10:48 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-12 10:48 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 10:48 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 14:44:54.64 ===============








The kaspersky scan took a hell of a long time (just checked - 10 hours+). Found 2 infections though. The log is here: (I know, i know limwire. From just checking, this file has been on my laptop for 8 months now!).



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 1, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 31, 2009 18:27:13
Records in database: 3109503
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 229846
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 10:02:23


File name / Threat / Threats count
C:\Users\Ben\AppData\Local\VirtualStore\Windows\System32\winhoq32.rom Infected: Backdoor.Win32.WinUOJ.o 1
C:\Users\Ben\Documents\LimeWire\Incomplete\ju-trailer.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

Selected area has been scanned.









So, just again, do you still want me to post the combofix log if I wish to keep those programs?


Also, when searching on google I still get redirected to other websites. Could it be one of those infections causing it?

When I used ATF Cleaner like you said, I did delete everything except firefox history (I like to keep my history). If it could be a problem however, I would delete the web history. Just wanted to ask you first.


Thanks again!

Attached Files



#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:37 AM

Posted 01 November 2009 - 10:07 AM

Yep, still want to see ComboFix results.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 enjibenji

enjibenji
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 01 November 2009 - 10:36 AM

Ok - do I still need to do the notepad thing you wrote above with combofix?

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:37 AM

Posted 01 November 2009 - 10:42 AM

Yes, unless you ran ComboFix with that script contents already. Short put: if you didn't run ComboFix as instructed yet then do so.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 enjibenji

enjibenji
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 01 November 2009 - 02:25 PM

combofix is here :(




ComboFix 09-10-30.01 - Ben 01/11/2009 18:33.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2057 [GMT 0:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 19:05 . 2009-11-01 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-01 18:32 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-01 18:32 . 2007-03-01 00:03 277784 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-11-01 18:32 . 2006-11-02 09:51 232040 ----a-w- c:\windows\system32\drivers\iastorv.sys
2009-10-31 21:45 . 2009-10-31 21:45 -------- d-----w- c:\users\Ben\AppData\Local\Apple
2009-10-31 21:45 . 2009-10-31 21:45 -------- d-----w- c:\users\Ben\AppData\Local\Apple Computer
2009-10-31 19:13 . 2009-10-31 19:13 -------- d-----w- c:\windows\system32\Adobe
2009-10-31 19:05 . 2009-10-31 19:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-31 19:03 . 2009-11-01 18:27 -------- d-----w- c:\programdata\NOS
2009-10-31 12:57 . 2009-11-01 19:09 -------- d-----w- c:\users\Ben\AppData\Local\temp
2009-10-27 21:18 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 21:18 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 00:30 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 00:30 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 00:30 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 00:30 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:29 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 00:29 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 00:29 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:28 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:28 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\ca-ES
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\eu-ES
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\vi-VN
2009-10-26 18:47 . 2009-10-26 18:47 -------- d-----w- c:\windows\system32\EventProviders
2009-10-24 00:45 . 2009-10-24 01:02 63 ----a-w- c:\users\Ben\jagex_runescape_preferences2.dat
2009-10-20 17:46 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-20 17:46 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-10-20 17:46 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-10-20 17:46 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-10-20 17:46 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-10-20 17:46 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-10-20 17:44 . 2009-04-11 06:32 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-20 17:43 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-20 17:43 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-20 17:43 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-20 17:43 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-20 17:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-20 17:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-20 17:43 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-20 17:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-20 17:43 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-20 17:43 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-20 17:43 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-15 02:02 . 2009-10-15 02:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-14 06:10 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 06:10 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 06:10 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 06:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 06:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 06:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 00:09 . 2009-10-05 00:09 -------- d-----w- c:\program files\Windows Media Components
2009-10-04 11:51 . 2009-10-25 12:31 -------- d-----w- c:\windows\system32\TVUAx
2009-10-03 01:09 . 2009-10-01 10:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 17:03 . 2008-10-11 16:39 -------- d-----w- c:\programdata\Google Updater
2009-10-31 19:18 . 2007-11-22 20:06 -------- d-----w- c:\program files\Java
2009-10-31 19:07 . 2008-07-11 22:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 04:02 . 2009-09-15 14:42 -------- d-----w- c:\program files\Eidos
2009-10-30 04:02 . 2007-11-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 23:27 . 2008-11-10 16:06 -------- d-----w- c:\users\Ben\AppData\Roaming\gtk-2.0
2009-10-26 20:05 . 2007-11-22 18:27 -------- d-----w- c:\programdata\NVIDIA
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-26 19:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-24 09:07 . 2007-11-22 20:03 -------- d-----w- c:\program files\Google BAE
2009-10-24 01:22 . 2008-05-25 22:35 1356 ----a-w- c:\users\Ben\AppData\Local\d3d9caps.dat
2009-10-24 01:01 . 2009-02-03 00:57 38 ----a-w- c:\users\Ben\jagex_runescape_preferences.dat
2009-10-15 02:05 . 2007-11-22 19:55 -------- d-----w- c:\programdata\Microsoft Help
2009-10-15 02:03 . 2007-11-22 20:00 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-03 12:15 . 2009-10-03 12:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-01 18:27 . 2008-05-25 22:35 108400 ----a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-29 20:53 . 2008-11-19 23:28 216277 ----a-w- c:\programdata\nvModes.dat
2009-09-21 18:43 . 2009-02-28 02:07 -------- d-----w- c:\users\Ben\AppData\Roaming\LimeWire
2009-09-17 18:30 . 2009-09-17 18:30 -------- d-----w- c:\users\Ben\AppData\Roaming\PPLive
2009-09-17 18:30 . 2009-09-09 18:37 -------- d-----w- c:\program files\PPLive
2009-09-15 23:26 . 2009-09-15 23:26 -------- d-----w- c:\users\Ben\AppData\Roaming\Logitech
2009-09-15 23:24 . 2009-09-15 23:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-15 23:24 . 2009-09-15 23:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-15 23:22 . 2009-09-15 23:21 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-15 23:21 . 2009-09-15 23:21 -------- d-----w- c:\programdata\Logitech
2009-09-15 23:21 . 2009-09-15 23:21 -------- d-----w- c:\program files\Logitech
2009-09-15 23:20 . 2009-09-15 23:20 -------- d-----w- c:\programdata\LogiShrd
2009-09-15 15:04 . 2009-09-15 15:04 -------- d--h--r- c:\users\Ben\AppData\Roaming\SecuROM
2009-09-15 14:38 . 2009-09-15 14:22 -------- d-----w- c:\users\Ben\AppData\Roaming\GetRightToGo
2009-09-13 15:45 . 2009-09-13 15:20 -------- d-----w- c:\program files\Spyware Doctor
2009-09-13 15:21 . 2009-09-13 15:20 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-13 15:20 . 2009-09-13 15:20 -------- d-----w- c:\users\Ben\AppData\Roaming\PC Tools
2009-09-13 15:20 . 2009-09-13 15:20 -------- d-----w- c:\programdata\PC Tools
2009-09-10 02:20 . 2008-12-27 12:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 01:42 . 2009-09-09 18:38 -------- d-----w- c:\programdata\PPLive
2009-09-03 06:06 . 2009-06-27 12:44 -------- d-----w- c:\users\Ben\AppData\Roaming\play2p
2009-08-29 08:35 . 2009-02-25 23:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 08:35 . 2009-02-25 23:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 08:35 . 2009-02-25 23:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-29 00:27 . 2009-09-04 14:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-04 14:06 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 06:09 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 06:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 06:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 06:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-24 13:05 . 2009-09-13 15:21 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 10:01 . 2009-09-13 15:21 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 17:34 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 17:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 17:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 17:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 17:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 17:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 17:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 17:34 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 17:34 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 17:34 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 17:34 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-12-12 17:35 . 2008-12-12 17:35 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_12.52.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-22 18:22 . 2009-11-01 19:09 59132 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 22:37 . 2009-11-01 19:09 14928 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3744430451-3571531818-1311759403-1003_UserData.bin
- 2008-05-25 22:37 . 2009-10-31 12:11 14928 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3744430451-3571531818-1311759403-1003_UserData.bin
+ 2009-10-31 20:36 . 2009-10-31 20:36 85173 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2008-05-25 22:33 . 2009-11-01 17:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-25 22:33 . 2009-10-30 18:19 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-25 22:33 . 2009-11-01 17:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-25 22:33 . 2009-10-30 18:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-25 22:33 . 2009-10-30 18:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-25 22:33 . 2009-11-01 17:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-31 19:13 . 2009-10-31 19:13 87617 c:\windows\System32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-07-21 08:02 . 2009-07-21 08:02 94208 c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 79488 c:\windows\System32\Adobe\Shockwave 11\gtapi.dll
+ 2009-10-31 19:05 . 2009-10-31 19:05 21504 c:\windows\Installer\142825d.msi
+ 2009-10-31 19:05 . 2009-10-31 19:05 27648 c:\windows\Installer\1428258.msi
+ 2009-07-21 08:04 . 2009-07-21 08:04 9216 c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
- 2009-10-31 12:09 . 2009-10-31 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-01 19:07 . 2009-11-01 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-01 19:07 . 2009-11-01 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-31 12:09 . 2009-10-31 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-11-01 19:09 104296 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-11-01 13:57 650514 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-31 12:17 650514 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-01 13:57 124742 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-31 12:17 124742 c:\windows\System32\perfc009.dat
+ 2009-05-03 01:13 . 2009-11-01 14:16 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-03 01:13 . 2009-10-15 02:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-21 06:59 . 2009-07-21 06:59 132472 c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-07-21 08:07 . 2009-07-21 08:07 114688 c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
+ 2009-07-21 08:17 . 2009-07-21 08:17 468408 c:\windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe
+ 2009-07-21 08:07 . 2009-07-21 08:07 446464 c:\windows\System32\Adobe\Shockwave 11\Proj.dll
+ 2009-07-21 08:02 . 2009-07-21 08:02 372736 c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 714752 c:\windows\System32\Adobe\Shockwave 11\gi.dll
+ 2009-07-21 08:04 . 2009-07-21 08:04 614400 c:\windows\System32\Adobe\Shockwave 11\Control.dll
+ 2009-07-21 08:18 . 2009-07-21 08:18 206264 c:\windows\System32\Adobe\Director\SwDir.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 131072 c:\windows\System32\Adobe\Director\np32dsw.dll
+ 2009-07-21 07:07 . 2009-07-21 07:07 1011712 c:\windows\System32\Adobe\Shockwave 11\iml32.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 1886320 c:\windows\System32\Adobe\Shockwave 11\gt.exe
+ 2009-07-21 07:12 . 2009-07-21 07:12 1798144 c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
+ 2008-09-26 04:52 . 2009-11-01 19:06 1016008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-09-26 04:52 . 2009-10-31 12:08 1016008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-10-31 19:08 . 2009-10-31 19:08 3940352 c:\windows\Installer\1428262.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-16 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WindowsSideShow"="c:\users\Ben\AppData\Local\Windows\WindowsSideShow.dll" [2009-05-20 110592]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-12 1833504]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"Waiting1690"="c:\windows\stid1690.exe" [2007-06-05 60416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-15 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-15 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^play2p.lnk]
backup=c:\windows\pss\play2p.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:6b,08,92,42,76,56,ca,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [13/09/2009 15:21 206256]
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [21/04/2009 17:27 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25/02/2009 23:27 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25/02/2009 23:27 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25/02/2009 23:25 297752]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [08/01/2008 13:44 233472]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 04:09 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [25/02/2009 19:40 1205760]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [22/11/2007 17:22 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [22/11/2007 17:21 812544]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\System32\drivers\cam1690.sys [08/09/2008 14:55 177280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/08/2008 15:24 99376]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/11/2007 20:03 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [25/01/2007 17:31 42000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [13/09/2009 15:20 348752]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [08/01/2008 13:33 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [08/01/2008 13:33 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [08/01/2008 13:33 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [22/08/2008 17:13 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [28/05/2008 11:27 87328]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 12:25]

2009-11-01 c:\windows\Tasks\User_Feed_Synchronization-{A58A08F6-44AC-452E-ABD9-8D529A7737AF}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-vaio.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: doctor-serv.com\livefooty
DPF: {BEED76B7-F5FF-4FBE-99CE-E8529591BC9F} - hxxp://www.rebirth.in.th/startgame/RebirthLauncher.ocx
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\qpfoy6hh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 19:09
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3744430451-3571531818-1311759403-1003\Software\SecuROM\License information*]
"datasecu"=hex:97,0b,a4,f3,60,03,03,f0,46,46,3b,0e,e1,c5,f8,09,50,9b,61,2f,f0,
ef,ed,9d,5c,51,29,09,7b,1f,44,c5,92,64,01,76,8e,12,9d,0f,bb,16,42,93,5e,1c,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5868)
c:\users\Ben\AppData\Local\Windows\WindowsSideShow.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\regsvr32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-11-01 19:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 19:19
ComboFix2.txt 2009-10-31 12:57

Pre-Run: 80,781,623,296 bytes free
Post-Run: 81,122,353,152 bytes free

- - End Of File - - 536469FAF6D725329CB08B943774347D

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:37 AM

Posted 02 November 2009 - 12:41 AM

Good. A bit more left to do :(

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Users\Ben\AppData\Local\VirtualStore\Windows\System32\winhoq32.rom
C:\Users\Ben\Documents\LimeWire\Incomplete\ju-trailer.mp3


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. How's the system running?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 enjibenji

enjibenji
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 November 2009 - 02:44 PM

Hi there,

Here is the combofix log.


ComboFix 09-10-30.01 - Ben 02/11/2009 17:33.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2098 [GMT 0:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Ben\AppData\Local\VirtualStore\Windows\System32\winhoq32.rom"
"c:\users\Ben\Documents\LimeWire\Incomplete\ju-trailer.mp3"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Ben\AppData\Local\VirtualStore\Windows\System32\winhoq32.rom
c:\users\Ben\Documents\LimeWire\Incomplete\ju-trailer.mp3

.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-11-02 17:32 . 2007-03-01 00:03 277784 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-11-02 17:32 . 2006-11-02 09:51 232040 ----a-w- c:\windows\system32\drivers\iastorv.sys
2009-11-02 17:32 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 21:45 . 2009-10-31 21:45 -------- d-----w- c:\users\Ben\AppData\Local\Apple
2009-10-31 21:45 . 2009-10-31 21:45 -------- d-----w- c:\users\Ben\AppData\Local\Apple Computer
2009-10-31 19:13 . 2009-10-31 19:13 -------- d-----w- c:\windows\system32\Adobe
2009-10-31 19:05 . 2009-10-31 19:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-31 19:03 . 2009-11-01 18:27 -------- d-----w- c:\programdata\NOS
2009-10-31 12:57 . 2009-11-02 18:05 -------- d-----w- c:\users\Ben\AppData\Local\temp
2009-10-27 21:18 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 21:18 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 00:30 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 00:30 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 00:30 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 00:30 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 00:29 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 00:29 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 00:29 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 00:28 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 00:28 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\ca-ES
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\eu-ES
2009-10-26 19:32 . 2009-10-26 19:36 -------- d-----w- c:\windows\system32\vi-VN
2009-10-26 18:47 . 2009-10-26 18:47 -------- d-----w- c:\windows\system32\EventProviders
2009-10-24 00:45 . 2009-10-24 01:02 63 ----a-w- c:\users\Ben\jagex_runescape_preferences2.dat
2009-10-20 17:46 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-20 17:46 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-10-20 17:46 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-10-20 17:46 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-10-20 17:46 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-10-20 17:46 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-10-20 17:44 . 2009-04-11 06:32 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-20 17:43 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-20 17:43 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-20 17:43 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-20 17:43 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-20 17:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-20 17:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-20 17:43 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-20 17:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-20 17:43 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-20 17:43 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-20 17:43 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-15 02:02 . 2009-10-15 02:02 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-14 06:10 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 06:10 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 06:10 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 06:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 06:08 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 06:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-05 00:09 . 2009-10-05 00:09 -------- d-----w- c:\program files\Windows Media Components
2009-10-04 11:51 . 2009-10-25 12:31 -------- d-----w- c:\windows\system32\TVUAx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 18:04 . 2008-10-11 16:39 -------- d-----w- c:\programdata\Google Updater
2009-10-31 19:18 . 2007-11-22 20:06 -------- d-----w- c:\program files\Java
2009-10-31 19:07 . 2008-07-11 22:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 04:02 . 2009-09-15 14:42 -------- d-----w- c:\program files\Eidos
2009-10-30 04:02 . 2007-11-22 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 23:27 . 2008-11-10 16:06 -------- d-----w- c:\users\Ben\AppData\Roaming\gtk-2.0
2009-10-26 20:05 . 2007-11-22 18:27 -------- d-----w- c:\programdata\NVIDIA
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-26 19:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-26 19:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-24 09:07 . 2007-11-22 20:03 -------- d-----w- c:\program files\Google BAE
2009-10-24 01:22 . 2008-05-25 22:35 1356 ----a-w- c:\users\Ben\AppData\Local\d3d9caps.dat
2009-10-24 01:01 . 2009-02-03 00:57 38 ----a-w- c:\users\Ben\jagex_runescape_preferences.dat
2009-10-15 02:05 . 2007-11-22 19:55 -------- d-----w- c:\programdata\Microsoft Help
2009-10-15 02:03 . 2007-11-22 20:00 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-03 12:15 . 2009-10-03 12:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-10-01 18:27 . 2008-05-25 22:35 108400 ----a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-01 10:29 . 2009-10-03 01:09 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 20:53 . 2008-11-19 23:28 216277 ----a-w- c:\programdata\nvModes.dat
2009-09-21 18:43 . 2009-02-28 02:07 -------- d-----w- c:\users\Ben\AppData\Roaming\LimeWire
2009-09-17 18:30 . 2009-09-17 18:30 -------- d-----w- c:\users\Ben\AppData\Roaming\PPLive
2009-09-17 18:30 . 2009-09-09 18:37 -------- d-----w- c:\program files\PPLive
2009-09-15 23:26 . 2009-09-15 23:26 -------- d-----w- c:\users\Ben\AppData\Roaming\Logitech
2009-09-15 23:24 . 2009-09-15 23:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-15 23:24 . 2009-09-15 23:24 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-15 23:22 . 2009-09-15 23:21 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-15 23:21 . 2009-09-15 23:21 -------- d-----w- c:\programdata\Logitech
2009-09-15 23:21 . 2009-09-15 23:21 -------- d-----w- c:\program files\Logitech
2009-09-15 23:20 . 2009-09-15 23:20 -------- d-----w- c:\programdata\LogiShrd
2009-09-15 15:04 . 2009-09-15 15:04 -------- d--h--r- c:\users\Ben\AppData\Roaming\SecuROM
2009-09-15 14:38 . 2009-09-15 14:22 -------- d-----w- c:\users\Ben\AppData\Roaming\GetRightToGo
2009-09-13 15:45 . 2009-09-13 15:20 -------- d-----w- c:\program files\Spyware Doctor
2009-09-13 15:21 . 2009-09-13 15:20 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-13 15:20 . 2009-09-13 15:20 -------- d-----w- c:\users\Ben\AppData\Roaming\PC Tools
2009-09-13 15:20 . 2009-09-13 15:20 -------- d-----w- c:\programdata\PC Tools
2009-09-10 02:20 . 2008-12-27 12:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 01:42 . 2009-09-09 18:38 -------- d-----w- c:\programdata\PPLive
2009-08-29 08:35 . 2009-02-25 23:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 08:35 . 2009-02-25 23:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 08:35 . 2009-02-25 23:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-29 00:27 . 2009-09-04 14:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-04 14:06 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 06:09 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 06:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 06:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 06:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-24 13:05 . 2009-09-13 15:21 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-19 10:01 . 2009-09-13 15:21 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 17:34 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 17:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 17:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 17:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 17:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 17:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 17:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 17:34 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 17:34 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 17:34 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 17:34 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-12-12 17:35 . 2008-12-12 17:35 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_12.52.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-22 18:22 . 2009-11-02 17:08 59164 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 22:37 . 2009-11-02 17:08 14944 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3744430451-3571531818-1311759403-1003_UserData.bin
+ 2009-10-31 20:36 . 2009-10-31 20:36 85173 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2009-11-02 00:00 . 2009-11-02 00:00 89101 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-05-25 22:33 . 2009-11-02 18:04 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-25 22:33 . 2009-10-30 18:19 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-25 22:33 . 2009-11-02 18:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-25 22:33 . 2009-10-30 18:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-25 22:33 . 2009-11-02 18:04 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-25 22:33 . 2009-10-30 18:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-31 19:13 . 2009-10-31 19:13 87617 c:\windows\System32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-07-21 08:02 . 2009-07-21 08:02 94208 c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 79488 c:\windows\System32\Adobe\Shockwave 11\gtapi.dll
+ 2009-10-31 19:05 . 2009-10-31 19:05 21504 c:\windows\Installer\142825d.msi
+ 2009-10-31 19:05 . 2009-10-31 19:05 27648 c:\windows\Installer\1428258.msi
+ 2009-07-21 08:04 . 2009-07-21 08:04 9216 c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
- 2009-10-31 12:09 . 2009-10-31 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-02 17:03 . 2009-11-02 17:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-02 17:03 . 2009-11-02 17:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-31 12:09 . 2009-10-31 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-11-02 17:08 104420 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-11-02 17:52 650514 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-31 12:17 650514 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-02 17:52 124742 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-31 12:17 124742 c:\windows\System32\perfc009.dat
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\System32\Macromed\Flash\FlashUtil10c.exe
- 2009-05-03 01:13 . 2009-10-15 02:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-03 01:13 . 2009-11-01 14:16 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-21 06:59 . 2009-07-21 06:59 132472 c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-07-21 08:07 . 2009-07-21 08:07 114688 c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
+ 2009-07-21 08:17 . 2009-07-21 08:17 468408 c:\windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe
+ 2009-07-21 08:07 . 2009-07-21 08:07 446464 c:\windows\System32\Adobe\Shockwave 11\Proj.dll
+ 2009-07-21 08:02 . 2009-07-21 08:02 372736 c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 714752 c:\windows\System32\Adobe\Shockwave 11\gi.dll
+ 2009-07-21 08:04 . 2009-07-21 08:04 614400 c:\windows\System32\Adobe\Shockwave 11\Control.dll
+ 2009-07-21 08:18 . 2009-07-21 08:18 206264 c:\windows\System32\Adobe\Director\SwDir.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 131072 c:\windows\System32\Adobe\Director\np32dsw.dll
+ 2009-07-21 07:07 . 2009-07-21 07:07 1011712 c:\windows\System32\Adobe\Shockwave 11\iml32.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 1886320 c:\windows\System32\Adobe\Shockwave 11\gt.exe
+ 2009-07-21 07:12 . 2009-07-21 07:12 1798144 c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
- 2008-09-26 04:52 . 2009-10-31 12:08 1016008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-09-26 04:52 . 2009-11-01 19:06 1016008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-10-31 19:08 . 2009-10-31 19:08 3940352 c:\windows\Installer\1428262.msi
+ 2009-07-17 20:12 . 2009-07-17 20:12 1962160 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-16 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WindowsSideShow"="c:\users\Ben\AppData\Local\Windows\WindowsSideShow.dll" [2009-05-20 110592]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-12 1833504]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"snp2std"="c:\windows\vsnp2std.exe" [2007-05-10 344064]
"Waiting1690"="c:\windows\stid1690.exe" [2007-06-05 60416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-15 13584928]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-15 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^play2p.lnk]
backup=c:\windows\pss\play2p.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:):6b,08,92,42,76,56,ca,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [13/09/2009 15:21 206256]
R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [21/04/2009 17:27 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25/02/2009 23:27 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25/02/2009 23:27 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25/02/2009 23:25 297752]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [08/01/2008 13:44 233472]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 04:09 11032]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [25/02/2009 19:40 1205760]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [22/11/2007 17:22 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [22/11/2007 17:21 812544]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\System32\drivers\cam1690.sys [08/09/2008 14:55 177280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/08/2008 15:24 99376]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/11/2007 20:03 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [25/01/2007 17:31 42000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [13/09/2009 15:20 348752]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [08/01/2008 13:33 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [08/01/2008 13:33 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [08/01/2008 13:33 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [22/08/2008 17:13 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [28/05/2008 11:27 87328]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 12:25]

2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{A58A08F6-44AC-452E-ABD9-8D529A7737AF}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-vaio.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: doctor-serv.com\livefooty
DPF: {BEED76B7-F5FF-4FBE-99CE-E8529591BC9F} - hxxp://www.rebirth.in.th/startgame/RebirthLauncher.ocx
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\qpfoy6hh.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 18:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3744430451-3571531818-1311759403-1003\Software\SecuROM\License information*]
"datasecu"=hex:97,0b,a4,f3,60,03,03,f0,46,46,3b,0e,e1,c5,f8,09,50,9b,61,2f,f0,
ef,ed,9d,5c,51,29,09,7b,1f,44,c5,92,64,01,76,8e,12,9d,0f,bb,16,42,93,5e,1c,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-02 18:10
ComboFix-quarantined-files.txt 2009-11-02 18:10
ComboFix2.txt 2009-11-01 19:19
ComboFix3.txt 2009-10-31 12:57

Pre-Run: 77,903,597,568 bytes free
Post-Run: 77,894,971,392 bytes free

- - End Of File - - 0129BD3241469F4FE44B6EF15825344A




So far, i've done about 10 searches on google and all are going directly onto the correct website rather than going to another :(

I'll know for sure by the end of tonight because the problems normally pop up when i'm not trying to find them!

Is there anything still left to do?

Thank you very much! :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users